ReportizFlow
Filtered by vendor
Subscriptions
Total
322438 CVE
| CVE | Vendors | Products | Updated | CVSS v3.1 |
|---|---|---|---|---|
| CVE-2021-27703 | 2024-11-16 | 6.1 Medium | ||
| Sercomm Model Etisalat Model S3- AC2100 is affected by Cross Site Scripting (XSS) via the firmware update page. | ||||
| CVE-2021-27702 | 1 Sercomm | 1 S3-ac2100 Firmware | 2024-11-16 | 7.3 High |
| Sercomm Router Etisalat Model S3- AC2100 is affected by Incorrect Access Control via the diagnostic utility in the router dashboard. | ||||
| CVE-2021-37577 | 2024-11-16 | 6.8 Medium | ||
| Bluetooth LE and BR/EDR Secure Connections pairing and Secure Simple Pairing using the Passkey entry protocol in Bluetooth Core Specifications 2.1 through 5.3 may permit an unauthenticated man-in-the-middle attacker to identify the Passkey used during pairing by reflection of a crafted public key with the same X coordinate as the offered public key and by reflection of the authentication evidence of the initiating device, potentially permitting this attacker to complete authenticated pairing with the responding device using the correct Passkey for the pairing session. This is a related issue to CVE-2020-26558. | ||||
| CVE-2024-48971 | 1 Baxter | 1 Life2000 Ventilator Firmware | 2024-11-16 | 9.3 Critical |
| The Clinician Password and Serial Number Clinician Password are hard-coded into the ventilator in plaintext form. This could allow an attacker to obtain the password off the ventilator and use it to gain unauthorized access to the device, with clinician privileges. | ||||
| CVE-2024-44760 | 1 Sunmochina | 1 Enterprise Management System | 2024-11-15 | 9.1 Critical |
| Incorrect access control in the component /servlet/SnoopServlet of Shenzhou News Union Enterprise Management System v5.0 through v18.8 allows attackers to access sensitive information regarding the server. | ||||
| CVE-2024-40579 | 2024-11-15 | 6.1 Medium | ||
| Cross Site Scripting vulnerability in Virtuozzo Hybrid Server for WHMCS Open Source v.1.7.1 allows a remote attacker to obtain sensitive information via modification of the hostname parameter. | ||||
| CVE-2024-44102 | 1 Siemens | 1 Telecontrol Server Basic | 2024-11-15 | 10 Critical |
| A vulnerability has been identified in PP TeleControl Server Basic 1000 to 5000 V3.1 (6NH9910-0AA31-0AE1) (All versions < V3.1.2.1 with redundancy configured), PP TeleControl Server Basic 256 to 1000 V3.1 (6NH9910-0AA31-0AD1) (All versions < V3.1.2.1 with redundancy configured), PP TeleControl Server Basic 32 to 64 V3.1 (6NH9910-0AA31-0AF1) (All versions < V3.1.2.1 with redundancy configured), PP TeleControl Server Basic 64 to 256 V3.1 (6NH9910-0AA31-0AC1) (All versions < V3.1.2.1 with redundancy configured), PP TeleControl Server Basic 8 to 32 V3.1 (6NH9910-0AA31-0AB1) (All versions < V3.1.2.1 with redundancy configured), TeleControl Server Basic 1000 V3.1 (6NH9910-0AA31-0AD0) (All versions < V3.1.2.1 with redundancy configured), TeleControl Server Basic 256 V3.1 (6NH9910-0AA31-0AC0) (All versions < V3.1.2.1 with redundancy configured), TeleControl Server Basic 32 V3.1 (6NH9910-0AA31-0AF0) (All versions < V3.1.2.1 with redundancy configured), TeleControl Server Basic 5000 V3.1 (6NH9910-0AA31-0AE0) (All versions < V3.1.2.1 with redundancy configured), TeleControl Server Basic 64 V3.1 (6NH9910-0AA31-0AB0) (All versions < V3.1.2.1 with redundancy configured), TeleControl Server Basic 8 V3.1 (6NH9910-0AA31-0AA0) (All versions < V3.1.2.1 with redundancy configured), TeleControl Server Basic Serv Upgr (6NH9910-0AA31-0GA1) (All versions < V3.1.2.1 with redundancy configured), TeleControl Server Basic Upgr V3.1 (6NH9910-0AA31-0GA0) (All versions < V3.1.2.1 with redundancy configured). The affected system allows remote users to send maliciously crafted objects. Due to insecure deserialization of user-supplied content by the affected software, an unauthenticated attacker could exploit this vulnerability by sending a maliciously crafted serialized object. This could allow the attacker to execute arbitrary code on the device with SYSTEM privileges. | ||||
| CVE-2024-21949 | 1 Amd | 1 Ryzen Ai Software | 2024-11-15 | 5.5 Medium |
| Improper validation of user input in the NPU driver could allow an attacker to provide a buffer with unexpected size, potentially leading to system crash. | ||||
| CVE-2024-21974 | 1 Amd | 1 Ryzen Ai Software | 2024-11-15 | 8.8 High |
| Improper input validation in the NPU driver could allow an attacker to supply a specially crafted pointer potentially leading to arbitrary code execution. | ||||
| CVE-2024-21975 | 1 Amd | 1 Ryzen Ai Software | 2024-11-15 | 8.8 High |
| Improper input validation in the NPU driver could allow an attacker to supply a specially crafted pointer potentially leading to arbitrary code execution. | ||||
| CVE-2024-11065 | 1 Dlink | 2 Dsl6740c, Dsl6740c Firmware | 2024-11-15 | 7.2 High |
| The D-Link DSL6740C modem has an OS Command Injection vulnerability, allowing remote attackers with administrator privileges to inject and execute arbitrary system commands through a specific functionality provided by SSH and Telnet. | ||||
| CVE-2024-11064 | 1 Dlink | 2 Dsl6740c, Dsl6740c Firmware | 2024-11-15 | 7.2 High |
| The D-Link DSL6740C modem has an OS Command Injection vulnerability, allowing remote attackers with administrator privileges to inject and execute arbitrary system commands through a specific functionality provided by SSH and Telnet. | ||||
| CVE-2024-11063 | 1 Dlink | 2 Dsl6740c, Dsl6740c Firmware | 2024-11-15 | 7.2 High |
| The D-Link DSL6740C modem has an OS Command Injection vulnerability, allowing remote attackers with administrator privileges to inject and execute arbitrary system commands through a specific functionality provided by SSH and Telnet. | ||||
| CVE-2024-11062 | 1 Dlink | 2 Dsl6740c, Dsl6740c Firmware | 2024-11-15 | 7.2 High |
| The D-Link DSL6740C modem has an OS Command Injection vulnerability, allowing remote attackers with administrator privileges to inject and execute arbitrary system commands through a specific functionality provided by SSH and Telnet. | ||||
| CVE-2024-47178 | 1 Expressjs | 1 Basic-auth-connect | 2024-11-15 | 5.3 Medium |
| basic-auth-connect is Connect's Basic Auth middleware in its own module. basic-auth-connect < 1.1.0 uses a timing-unsafe equality comparison that can leak timing information. This issue has been fixed in basic-auth-connect 1.1.0. | ||||
| CVE-2024-47530 | 1 Clinical-genomics | 1 Scout | 2024-11-15 | 5.4 Medium |
| Scout is a web-based visualizer for VCF-files. Open redirect vulnerability allows performing phishing attacks on users by redirecting them to malicious page. /login API endpoint is vulnerable to open redirect attack via next parameter due to absence of sanitization logic. Additionally, due to lack of scheme validation, HTTPS Downgrade Attack can be performed on the users. This vulnerability is fixed in 4.89. | ||||
| CVE-2024-47531 | 1 Clinical-genomics | 1 Scout | 2024-11-15 | 4.6 Medium |
| Scout is a web-based visualizer for VCF-files. Due to the lack of sanitization in the filename, it is possible bypass intended file extension and make users download malicious files with any extension. With malicious content injected inside the file data and users unknowingly downloading it and opening may lead to the compromise of users' devices or data. This vulnerability is fixed in 4.89. | ||||
| CVE-2024-47532 | 1 Zope | 1 Restrictedpython | 2024-11-15 | 6.5 Medium |
| RestrictedPython is a restricted execution environment for Python to run untrusted code. A user can gain access to protected (and potentially sensible) information indirectly via AttributeError.obj and the string module. The problem will be fixed in version 7.3. As a workaround, If the application does not require access to the module string, it can remove it from RestrictedPython.Utilities.utility_builtins or otherwise do not make it available in the restricted execution environment. | ||||
| CVE-2024-11130 | 1 Zzcms | 1 Zzcms | 2024-11-15 | 2.4 Low |
| A vulnerability was found in ZZCMS up to 2023. It has been rated as problematic. Affected by this issue is some unknown functionality of the file /admin/msg.php. The manipulation of the argument keyword leads to cross site scripting. The attack may be launched remotely. The exploit has been disclosed to the public and may be used. | ||||
| CVE-2024-52355 | 1 Hyumika | 1 Openstreetmap | 2024-11-15 | 6.5 Medium |
| Improper Neutralization of Input During Web Page Generation (XSS or 'Cross-site Scripting') vulnerability in Hyumika OSM – OpenStreetMap allows Stored XSS.This issue affects OSM – OpenStreetMap: from n/a through 6.1.2. | ||||