ReportizFlow
Filtered by vendor
Subscriptions
Total
1853 CVE
| CVE | Vendors | Products | Updated | CVSS v3.1 |
|---|---|---|---|---|
| CVE-2024-53941 | 1 Victure | 1 Rx1800 Firmware | 2024-12-03 | 8.8 High |
| An issue was discovered in Victure RX1800 WiFi 6 Router (software EN_V1.0.0_r12_110933, hardware 1.0) devices. A remote attacker (in proximity to a Wi-Fi network) can derive the default Wi-Fi PSK value via the last 4 octets of the BSSID. | ||||
| CVE-2024-53937 | 1 Victure | 1 Rx1800 Firmware | 2024-12-03 | 8.8 High |
| An issue was discovered on Victure RX1800 WiFi 6 Router (software EN_V1.0.0_r12_110933, hardware 1.0) devices. The TELNET service is enabled by default with admin/admin as default credentials and is exposed over the LAN. The allows attackers to execute arbitrary commands with root-level permissions. Device setup does not require this password to be changed during setup in order to utilize the device. (However, the TELNET password is dictated by the current GUI password.) | ||||
| CVE-2023-42860 | 1 Apple | 1 Macos | 2024-12-03 | 7.7 High |
| A permissions issue was addressed with additional restrictions. This issue is fixed in macOS Sonoma 14.1, macOS Monterey 12.7.1, macOS Ventura 13.6.1. An app may be able to modify protected parts of the file system. | ||||
| CVE-2024-50650 | 1 Python Book | 1 Python Book | 2024-12-03 | 7.5 High |
| python_book V1.0 is vulnerable to Incorrect Access Control, which allows attackers to obtain sensitive information of users with different IDs by modifying the ID parameter. | ||||
| CVE-2024-50647 | 1 Python Food Ordering System | 1 Python Food Ordering System | 2024-12-03 | 7.5 High |
| The python_food ordering system V1.0 has an unauthorized vulnerability that leads to the leakage of sensitive user information. Attackers can access it through https://ip:port/api/myapp/index/user/info?id=1 And modify the ID value to obtain sensitive user information beyond authorization. | ||||
| CVE-2024-31695 | 1 Binance | 3 Btc, Crypto, Nfts | 2024-12-03 | 9.8 Critical |
| A misconfiguration in the fingerprint authentication mechanism of Binance: BTC, Crypto and NFTS v2.85.4, allows attackers to bypass authentication when adding a new fingerprint. | ||||
| CVE-2024-52732 | 1 Warehouse Management System Zeqp | 1 Warehouse Management System Zeqp | 2024-12-03 | 9.1 Critical |
| Incorrect access control in wms-Warehouse management system-zeqp v2.20.9.1 due to the token value of the zeqp system being reused. | ||||
| CVE-2024-45106 | 1 Apache | 1 Ozone | 2024-12-03 | 8.1 High |
| Improper authentication of an HTTP endpoint in the S3 Gateway of Apache Ozone 1.4.0 allows any authenticated Kerberos user to revoke and regenerate the S3 secrets of any other user. This is only possible if: * ozone.s3g.secret.http.enabled is set to true. The default value of this configuration is false. * The user configured in ozone.s3g.kerberos.principal is also configured in ozone.s3.administrators or ozone.administrators. Users are recommended to upgrade to Apache Ozone version 1.4.1 which disables the affected endpoint. | ||||
| CVE-2018-0096 | 1 Cisco | 1 Prime Infrastructure | 2024-12-03 | N/A |
| A vulnerability in the role-based access control (RBAC) functionality of Cisco Prime Infrastructure could allow an authenticated, remote attacker to perform a privilege escalation in which one virtual domain user can view and modify another virtual domain configuration. The vulnerability is due to a failure to properly enforce RBAC for virtual domains. An attacker could exploit this vulnerability by sending an authenticated, crafted HTTP request to a targeted application. An exploit could allow the attacker to bypass RBAC policies on the targeted system to modify a virtual domain and access resources that are not normally accessible. Cisco Bug IDs: CSCvg36875. | ||||
| CVE-2018-0110 | 1 Cisco | 1 Webex Meetings Server | 2024-12-03 | N/A |
| A vulnerability in Cisco WebEx Meetings Server could allow an authenticated, remote attacker to access the remote support account even after it has been disabled via the web application. The vulnerability is due to a design flaw in Cisco WebEx Meetings Server, which would not disable access to specifically configured user accounts, even after access had been disabled in the web application. An attacker could exploit this vulnerability by connecting to the remote support account, even after it had been disabled at the web application level. An exploit could allow the attacker to modify server configuration and gain access to customer data. Cisco Bug IDs: CSCvg46741. | ||||
| CVE-2024-47078 | 1 Meshtastic | 2 Firmware, Meshtastic Firmware | 2024-12-02 | 8.1 High |
| Meshtastic is an open source, off-grid, decentralized, mesh network. Meshtastic uses MQTT to communicate over an internet connection to a shared or private MQTT Server. Nodes can communicate directly via an internet connection or proxied through a connected phone (i.e., via bluetooth). Prior to version 2.5.1, multiple weaknesses in the MQTT implementation allow for authentication and authorization bypasses resulting in unauthorized control of MQTT-connected nodes. Version 2.5.1 contains a patch. | ||||
| CVE-2023-49239 | 1 Huawei | 2 Emui, Harmonyos | 2024-12-02 | 7.5 High |
| Unauthorized access vulnerability in the card management module. Successful exploitation of this vulnerability may affect service confidentiality. | ||||
| CVE-2024-54124 | 1 Clickstudios | 1 Passwordstate | 2024-11-29 | 8.8 High |
| In Click Studios Passwordstate before build 9920, there is a potential permission escalation on the edit folder screen. | ||||
| CVE-2024-21287 | 1 Oracle | 2 Agile Plm Framework, Agile Product Lifecycle Management | 2024-11-29 | 7.5 High |
| Vulnerability in the Oracle Agile PLM Framework product of Oracle Supply Chain (component: Software Development Kit, Process Extension). The supported version that is affected is 9.3.6. Easily exploitable vulnerability allows unauthenticated attacker with network access via HTTP to compromise Oracle Agile PLM Framework. Successful attacks of this vulnerability can result in unauthorized access to critical data or complete access to all Oracle Agile PLM Framework accessible data. CVSS 3.1 Base Score 7.5 (Confidentiality impacts). CVSS Vector: (CVSS:3.1/AV:N/AC:L/PR:N/UI:N/S:U/C:H/I:N/A:N). | ||||
| CVE-2018-0269 | 1 Cisco | 1 Digital Network Architecture Center | 2024-11-29 | 4.3 Medium |
| A vulnerability in the web framework of the Cisco Digital Network Architecture Center (DNA Center) could allow an unauthenticated, remote attacker to communicate with the Kong API server without restriction. The vulnerability is due to an overly permissive Cross Origin Resource Sharing (CORS) policy. An attacker could exploit this vulnerability by convincing a user to follow a malicious link. An exploit could allow the attacker to communicate with the API and exfiltrate sensitive information. Cisco Bug IDs: CSCvh99208. | ||||
| CVE-2018-0278 | 1 Cisco | 1 Secure Firewall Management Center | 2024-11-29 | 6.5 Medium |
| A vulnerability in the management console of Cisco Firepower System Software could allow an unauthenticated, remote attacker to access sensitive data about the system. The vulnerability is due to improper cross-origin domain protections for the WebSocket protocol. An attacker could exploit this vulnerability by convincing a user to visit a malicious website designed to send requests to the affected application while the user is logged into the application with an active session cookie. A successful exploit could allow the attacker to retrieve policy or configuration information from the affected software and to perform another attack against the management console. Cisco Bug IDs: CSCvh68311. | ||||
| CVE-2018-0338 | 1 Cisco | 1 Unified Computing System | 2024-11-29 | 7.8 High |
| A vulnerability in the role-based access-checking mechanisms of Cisco Unified Computing System (UCS) Software could allow an authenticated, local attacker to execute arbitrary commands on an affected system. The vulnerability exists because the affected software lacks proper input and validation checks for certain file systems. An attacker could exploit this vulnerability by issuing crafted commands in the CLI of an affected system. A successful exploit could allow the attacker to cause other users to execute unwanted arbitrary commands on the affected system. Cisco Bug IDs: CSCvf52994. | ||||
| CVE-2018-0337 | 1 Cisco | 15 Nexus 5000, Nexus 5010, Nexus 5020 and 12 more | 2024-11-29 | 7.8 High |
| A vulnerability in the role-based access-checking mechanisms of Cisco NX-OS Software could allow an authenticated, local attacker to execute arbitrary commands on an affected device. The vulnerability exists because the affected software lacks proper input and validation checks for certain file systems. An attacker could exploit this vulnerability by issuing crafted commands in the CLI of an affected device. A successful exploit could allow the attacker to cause other users to execute unwanted, arbitrary commands on the affected device. Cisco Bug IDs: CSCvd06339, CSCvd15698, CSCvd36108, CSCvf52921, CSCvf52930, CSCvf52953, CSCvf52976. | ||||
| CVE-2023-37300 | 1 Mediawiki | 1 Mediawiki | 2024-11-27 | 5.3 Medium |
| An issue was discovered in the CheckUserLog API in the CheckUser extension for MediaWiki through 1.39.3. There is incorrect access control for visibility of hidden users. | ||||
| CVE-2024-36037 | 2 Manageengine, Zohocorp | 2 Adaudit Plus, Manageengine Adaudit Plus | 2024-11-27 | 5.5 Medium |
| Zoho ManageEngine ADAudit Plus versions 7260 and below allows unauthorized local agent machine users to view the session recordings. | ||||