ReportizFlow
Filtered by vendor
Subscriptions
Total
322798 CVE
| CVE | Vendors | Products | Updated | CVSS v3.1 |
|---|---|---|---|---|
| CVE-2024-47592 | 1 Sap | 1 Netweaver Application Server Java | 2024-11-12 | 5.3 Medium |
| SAP NetWeaver AS Java allows an unauthenticated attacker to brute force the login functionality in order to identify the legitimate user IDs. This has an impact on confidentiality but not on integrity or availability. | ||||
| CVE-2024-42372 | 1 Sap | 1 Netweaver System Landscape Directory | 2024-11-12 | 6.5 Medium |
| Due to missing authorization check in SAP NetWeaver AS Java (System Landscape Directory) an unauthorized user can read and modify some restricted global SLD configurations causing low impact on confidentiality and integrity of the application. | ||||
| CVE-2024-51575 | 2024-11-12 | 6.5 Medium | ||
| Improper Neutralization of Input During Web Page Generation (XSS or 'Cross-site Scripting') vulnerability in Abdullah Extender All In One For Elementor allows Stored XSS.This issue affects Extender All In One For Elementor: from n/a through 1.0.3. | ||||
| CVE-2024-10790 | 2024-11-12 | 5.4 Medium | ||
| The Admin and Site Enhancements (ASE) plugin for WordPress is vulnerable to Stored Cross-Site Scripting via SVG File uploads in all versions up to, and including, 7.5.1 due to insufficient input sanitization and output escaping. This makes it possible for authenticated attackers, with custom-level access and above, to inject arbitrary web scripts in pages that will execute whenever a user accesses the SVG file. This feature must be enabled, and for specific roles in order to be exploitable. | ||||
| CVE-2024-51571 | 2024-11-12 | 6.5 Medium | ||
| Improper Neutralization of Input During Web Page Generation (XSS or 'Cross-site Scripting') vulnerability in MasterBip MasterBip para Elementor allows DOM-Based XSS.This issue affects MasterBip para Elementor: from n/a through 1.6.3. | ||||
| CVE-2024-51747 | 1 Kanboard | 1 Kanboard | 2024-11-12 | 9.1 Critical |
| Kanboard is project management software that focuses on the Kanban methodology. An authenticated Kanboard admin can read and delete arbitrary files from the server. File attachments, that are viewable or downloadable in Kanboard are resolved through its `path` entry in the `project_has_files` SQLite db. Thus, an attacker who can upload a modified sqlite.db through the dedicated feature, can set arbitrary file links, by abusing path traversals. Once the modified db is uploaded and the project page is accessed, a file download can be triggered and all files, readable in the context of the Kanboard application permissions, can be downloaded. This issue has been addressed in version 1.2.42 and all users are advised to upgrade. There are no known workarounds for this vulnerability. | ||||
| CVE-2024-9998 | 2024-11-12 | N/A | ||
| The vulnerability has no impact, so it has been deprecated. | ||||
| CVE-2024-10694 | 2024-11-12 | N/A | ||
| ** REJECT ** DO NOT USE THIS CANDIDATE NUMBER. ConsultIDs: CVE-2024-9542. Reason: This candidate is a reservation duplicate of CVE-2024-9542. Notes: All CVE users should reference CVE-2024-9542 instead of this candidate. All references and descriptions in this candidate have been removed to prevent accidental usage. | ||||
| CVE-2024-50219 | 1 Redhat | 1 Enterprise Linux | 2024-11-11 | 5.5 Medium |
| This CVE ID has been rejected or withdrawn by its CVE Numbering Authority. | ||||
| CVE-2024-49617 | 1 Bhaskardhote | 1 Back Link Tracker | 2024-11-11 | 8.2 High |
| Cross-Site Request Forgery (CSRF) vulnerability in Bhaskar Dhote Back Link Tracker allows Blind SQL Injection.This issue affects Back Link Tracker: from n/a through 1.0.0. | ||||
| CVE-2024-47295 | 1 Seiko Epson Corporation | 1 Web Config | 2024-11-11 | 8.1 High |
| Insecure initial password configuration issue in SEIKO EPSON Web Config allows a remote unauthenticated attacker to set an arbitrary password and operate the device with an administrative privilege. As for the details of the affected versions, see the information provided by the vendor under [References]. | ||||
| CVE-2024-49993 | 1 Redhat | 1 Enterprise Linux | 2024-11-10 | 5.5 Medium |
| This CVE ID has been rejected or withdrawn by its CVE Numbering Authority. | ||||
| CVE-2024-7059 | 1 Genetec | 1 Security Center | 2024-11-10 | 8 High |
| A high-severity vulnerability that can lead to arbitrary code execution on the system hosting the Web SDK role was found in the Genetec Security Center product line. | ||||
| CVE-2024-44952 | 1 Redhat | 1 Enterprise Linux | 2024-11-09 | 5.5 Medium |
| This CVE ID has been rejected or withdrawn by its CVE Numbering Authority. | ||||
| CVE-2024-47463 | 1 Arubanetworks | 2 Arubaos, Instant | 2024-11-09 | 7.2 High |
| An arbitrary file creation vulnerability exists in the Instant AOS-8 and AOS-10 command line interface. Successful exploitation of this vulnerability could allow an authenticated remote attacker to create arbitrary files, which could lead to a remote command execution (RCE) on the underlying operating system. | ||||
| CVE-2024-47462 | 1 Arubanetworks | 2 Arubaos, Instant | 2024-11-09 | 7.2 High |
| An arbitrary file creation vulnerability exists in the Instant AOS-8 and AOS-10 command line interface. Successful exploitation of this vulnerability could allow an authenticated remote attacker to create arbitrary files, which could lead to a remote command execution (RCE) on the underlying operating system. | ||||
| CVE-2024-47461 | 1 Arubanetworks | 2 Arubaos, Instant | 2024-11-09 | 7.2 High |
| An authenticated command injection vulnerability exists in the Instant AOS-8 and AOS-10 command line interface. A successful exploitation of this vulnerability results in the ability to execute arbitrary commands as a privileged user on the underlying operating system. This allows an attacker to fully compromise the underlying host operating system. | ||||
| CVE-2024-47460 | 1 Arubanetworks | 2 Arubaos, Instant | 2024-11-09 | 9 Critical |
| Command injection vulnerability in the underlying CLI service could lead to unauthenticated remote code execution by sending specially crafted packets destined to the PAPI (Aruba's Access Point management protocol) UDP port (8211). Successful exploitation of this vulnerability results in the ability to execute arbitrary code as a privileged user on the underlying operating system. | ||||
| CVE-2024-42509 | 1 Arubanetworks | 2 Arubaos, Instant | 2024-11-09 | 9.8 Critical |
| Command injection vulnerability in the underlying CLI service could lead to unauthenticated remote code execution by sending specially crafted packets destined to the PAPI (Aruba's Access Point management protocol) UDP port (8211). Successful exploitation of this vulnerability results in the ability to execute arbitrary code as a privileged user on the underlying operating system. | ||||
| CVE-2024-9180 | 1 Hashicorp | 1 Vault | 2024-11-09 | 7.2 High |
| A privileged Vault operator with write permissions to the root namespace’s identity endpoint could escalate their own or another user’s privileges to Vault’s root policy. Fixed in Vault Community Edition 1.18.0 and Vault Enterprise 1.18.0, 1.17.7, 1.16.11, and 1.15.16. | ||||