Vulnerabilities (CVE)

Total 271657 CVE
CVE Vendors Products Updated CVSS v2 CVSS v3
CVE-2024-43032 2024-08-23 N/A 4.3 MEDIUM
autMan v2.9.6 allows attackers to bypass authentication via a crafted web request.
CVE-2024-43031 2024-08-23 N/A 4.3 MEDIUM
autMan v2.9.6 was discovered to contain an access control issue.
CVE-2024-20450 1 Cisco 22 Spa 301 1 Line Ip Phone, Spa 301 Firmware, Spa 303 3 Line Ip Phone and 19 more 2024-08-23 N/A 9.8 CRITICAL
Multiple vulnerabilities in the web-based management interface of Cisco Small Business SPA300 Series IP Phones and Cisco Small Business SPA500 Series IP Phones could allow an unauthenticated, remote attacker to execute arbitrary commands on the underlying operating system with root privileges. These vulnerabilities exist because incoming HTTP packets are not properly checked for errors, which could result in a buffer overflow. An attacker could exploit this vulnerability by sending a crafted HTTP request to an affected device. A successful exploit could allow the attacker to overflow an internal buffer and execute arbitrary commands at the root privilege level.
CVE-2024-20451 1 Cisco 22 Spa 301 1 Line Ip Phone, Spa 301 Firmware, Spa 303 3 Line Ip Phone and 19 more 2024-08-23 N/A 7.5 HIGH
Multiple vulnerabilities in the web-based management interface of Cisco Small Business SPA300 Series IP Phones and Cisco Small Business SPA500 Series IP Phones could allow an unauthenticated, remote attacker to cause an affected device to reload unexpectedly. These vulnerabilities exist because HTTP packets are not properly checked for errors. An attacker could exploit this vulnerability by sending a crafted HTTP packet to the remote interface of an affected device. A successful exploit could allow the attacker to cause a DoS condition on the device.
CVE-2024-20454 1 Cisco 22 Spa 301 1 Line Ip Phone, Spa 301 Firmware, Spa 303 3 Line Ip Phone and 19 more 2024-08-23 N/A 9.8 CRITICAL
Multiple vulnerabilities in the web-based management interface of Cisco Small Business SPA300 Series IP Phones and Cisco Small Business SPA500 Series IP Phones could allow an unauthenticated, remote attacker to execute arbitrary commands on the underlying operating system with root privileges. These vulnerabilities exist because incoming HTTP packets are not properly checked for errors, which could result in a buffer overflow. An attacker could exploit this vulnerability by sending a crafted HTTP request to an affected device. A successful exploit could allow the attacker to overflow an internal buffer and execute arbitrary commands at the root privilege level.
CVE-2024-21877 1 Enphase 2 Iq Gateway, Iq Gateway Firmware 2024-08-23 N/A 6.5 MEDIUM
Improper Limitation of a Pathname to a Restricted Directory ('Path Traversal') vulnerability through a url parameter in Enphase IQ Gateway (formerly known as Envoy) allows File Manipulation. The endpoint requires authentication.This issue affects Envoy: from 4.x to 8.0 and < 8.2.4225.
CVE-2024-21876 1 Enphase 2 Iq Gateway, Iq Gateway Firmware 2024-08-23 N/A 9.1 CRITICAL
Improper Limitation of a Pathname to a Restricted Directory ('Path Traversal') vulnerability via a URL parameter in Enphase IQ Gateway (formerly known as Envoy) allows an unautheticated attacker to access or create arbitratry files.This issue affects Envoy: from 4.x to 8.x and < 8.2.4225.
CVE-2024-21878 1 Enphase 2 Iq Gateway, Iq Gateway Firmware 2024-08-23 N/A 9.8 CRITICAL
Improper Neutralization of Special Elements used in a Command ('Command Injection') vulnerability in Enphase IQ Gateway (formerly known as Envoy) allows OS Command Injection. This vulnerability is present in an internal script.This issue affects Envoy: from 4.x up to and including 8.x and is currently unpatched.
CVE-2024-21879 1 Enphase 2 Iq Gateway, Iq Gateway Firmware 2024-08-23 N/A 8.8 HIGH
Improper Neutralization of Special Elements used in a Command ('Command Injection') vulnerability through an url parameter of an authenticated enpoint in Enphase IQ Gateway (formerly known as Envoy) allows OS Command Injection.This issue affects Envoy: from 4.x to 8.x and < 8.2.4225.
CVE-2024-21880 1 Enphase 2 Iq Gateway, Iq Gateway Firmware 2024-08-23 N/A 7.2 HIGH
Improper Neutralization of Special Elements used in a Command ('Command Injection') vulnerability via the url parameter of an authenticated enpoint in Enphase IQ Gateway (formerly known as Enphase) allows OS Command Injection.This issue affects Envoy: 4.x <= 7.x
CVE-2024-42763 2024-08-23 N/A 5.4 MEDIUM
A Reflected Cross Site Scripting (XSS) vulnerability was found in the "/schedule.php" page of the Kashipara Bus Ticket Reservation System v1.0, which allows remote attackers to execute arbitrary code via the "bookingdate" parameter.
CVE-2024-40453 1 Squirrelly 1 Squirrelly 2024-08-23 N/A 9.8 CRITICAL
squirrellyjs squirrelly v9.0.0 and fixed in v.9.0.1 was discovered to contain a code injection vulnerability via the component options.varName.
CVE-2024-41675 1 Okfn 1 Ckan 2024-08-23 N/A 6.1 MEDIUM
CKAN is an open-source data management system for powering data hubs and data portals. The Datatables view plugin did not properly escape record data coming from the DataStore, leading to a potential XSS vector. Sites running CKAN >= 2.7.0 with the datatables_view plugin activated. This is a plugin included in CKAN core, that not activated by default but it is widely used to preview tabular data. This vulnerability has been fixed in CKAN 2.10.5 and 2.11.0.
CVE-2024-41674 1 Okfn 1 Ckan 2024-08-23 N/A 5.3 MEDIUM
CKAN is an open-source data management system for powering data hubs and data portals. If there were connection issues with the Solr server, the internal Solr URL (potentially including credentials) could be leaked to package_search calls as part of the returned error message. This has been patched in CKAN 2.10.5 and 2.11.0.
CVE-2020-11847 1 Microfocus 1 Netiq Privileged Access Manager 2024-08-23 N/A 7.8 HIGH
SSH authenticated user when access the PAM server can execute an OS command to gain the full system access using bash. This issue affects Privileged Access Manager before 3.7.0.1.
CVE-2020-11846 1 Microfocus 1 Netiq Privileged Access Manager 2024-08-23 N/A 7.5 HIGH
A vulnerability found in OpenText Privileged Access Manager that issues a token. on successful issuance of the token, a cookie gets set that allows unrestricted access to all the application resources. This issue affects Privileged Access Manager before 3.7.0.1.
CVE-2020-11850 1 Microfocus 1 Netiq Self Service Password Reset 2024-08-23 N/A 6.1 MEDIUM
Improper Input Validation vulnerability in OpenText Self Service Password Reset allows Cross-Site Scripting (XSS). This issue affects Self Service Password Reset before 4.5.0.2 and 4.4.0.6
CVE-2024-6329 1 Gitlab 1 Gitlab 2024-08-23 N/A 7.5 HIGH
An issue was discovered in GitLab CE/EE affecting all versions starting from 8.16 prior to 17.0.6, starting from 17.1 prior to 17.1.4, and starting from 17.2 prior to 17.2.2, which causes the web interface to fail to render the diff correctly when the path is encoded.
CVE-2024-4784 1 Gitlab 1 Gitlab 2024-08-23 N/A 5.4 MEDIUM
An issue was discovered in GitLab EE starting from version 16.7 before 17.0.6, version 17.1 before 17.1.4 and 17.2 before 17.2.2 that allowed bypassing the password re-entry requirement to approve a policy.
CVE-2024-28972 1 Dell 1 Insightiq 2024-08-23 N/A 7.5 HIGH
Dell InsightIQ, Verion 5.0.0, contains a use of a broken or risky cryptographic algorithm vulnerability. An unauthenticated remote attacker could potentially exploit this vulnerability, leading to information disclosure.