ReportizFlow
Filtered by vendor
Subscriptions
Total
9 CVE
| CVE | Vendors | Products | Updated | CVSS v3.1 |
|---|---|---|---|---|
| CVE-2024-21421 | 1 Microsoft | 1 Azure Software Development Kit | 2024-12-31 | 7.5 High |
| Azure SDK Spoofing Vulnerability | ||||
| CVE-2024-11948 | 1 Gfi | 1 Archiver | 2024-12-13 | 9.8 Critical |
| GFI Archiver Telerik Web UI Remote Code Execution Vulnerability. This vulnerability allows remote attackers to execute arbitrary code on affected installations of GFI Archiver. Authentication is not required to exploit this vulnerability. The specific flaw exists within the product installer. The issue results from the use of a vulnerable version of Telerik Web UI. An attacker can leverage this vulnerability to execute code in the context of NETWORK SERVICE. Was ZDI-CAN-24041. | ||||
| CVE-2024-6121 | 1 Ni | 2 Flexlogger, Systemlink | 2024-11-21 | 7.8 High |
| An out-of-date version of Redis shipped with NI SystemLink Server is susceptible to multiple vulnerabilities, including CVE-2022-24834. This affects NI SystemLink Server 2024 Q1 and prior versions. It also affects NI FlexLogger 2023 Q2 and prior versions which installed this shared service. | ||||
| CVE-2024-5246 | 2024-11-21 | 8.8 High | ||
| NETGEAR ProSAFE Network Management System Tomcat Remote Code Execution Vulnerability. This vulnerability allows remote attackers to execute arbitrary code on affected installations of NETGEAR ProSAFE Network Management System. Authentication is required to exploit this vulnerability. The specific flaw exists within the product installer. The issue results from the use of a vulnerable version of Apache Tomcat. An attacker can leverage this vulnerability to execute code in the context of SYSTEM. Was ZDI-CAN-22868. | ||||
| CVE-2024-38526 | 2024-11-21 | 0 Low | ||
| pdoc provides API Documentation for Python Projects. Documentation generated with `pdoc --math` linked to JavaScript files from polyfill.io. The polyfill.io CDN has been sold and now serves malicious code. This issue has been fixed in pdoc 14.5.1. | ||||
| CVE-2024-32753 | 2024-11-21 | N/A | ||
| Under certain circumstances the camera may be susceptible to known vulnerabilities associated with the JQuery versions prior to 3.5.0 third-party component | ||||
| CVE-2024-0552 | 1 Intumit | 2 Smartrobot, Smartrobot Firmware | 2024-11-21 | 9.8 Critical |
| Intumit inc. SmartRobot's web framwork has a remote code execution vulnerability. An unauthorized remote attacker can exploit this vulnerability to execute arbitrary commands on the remote server. | ||||
| CVE-2023-5332 | 2 Gitlab, Hashicorp | 2 Gitlab, Consul | 2024-11-21 | 5.9 Medium |
| Patch in third party library Consul requires 'enable-script-checks' to be set to False. This was required to enable a patch by the vendor. Without this setting the patch could be bypassed. This only affects GitLab-EE. | ||||
| CVE-2024-45399 | 1 Cern | 1 Indico | 2024-09-24 | 4.3 Medium |
| Indico is an event management system that uses Flask-Multipass, a multi-backend authentication system for Flask. In Indico prior to version 3.3.4, corresponding to Flask-Multipass prior to version 0.5.5, there is a Cross-Site-Scripting vulnerability during account creation when redirecting to the `next` URL. Exploitation requires initiating the account creation process with a maliciously crafted link, and then finalizing the signup process. Because of this, it can only target newly created (and thus unprivileged) Indico users. Indico 3.3.4 upgrades the dependency on Flask-Multipass to version 0.5.5, which fixes the issue. Those who build the Indico package themselves and cannot upgrade can update the `flask-multipass` dependency to `>=0.5.5` which fixes the vulnerability. Otherwise one could configure one's web server to disallow requests containing a query string with a `next` parameter that starts with `javascript:`. | ||||
Page 1 of 1.