Total
271657 CVE
CVE | Vendors | Products | Updated | CVSS v2 | CVSS v3 |
---|---|---|---|---|---|
CVE-2024-43032 | 2024-08-23 | N/A | 4.3 MEDIUM | ||
autMan v2.9.6 allows attackers to bypass authentication via a crafted web request. | |||||
CVE-2024-43031 | 2024-08-23 | N/A | 4.3 MEDIUM | ||
autMan v2.9.6 was discovered to contain an access control issue. | |||||
CVE-2024-20450 | 1 Cisco | 22 Spa 301 1 Line Ip Phone, Spa 301 Firmware, Spa 303 3 Line Ip Phone and 19 more | 2024-08-23 | N/A | 9.8 CRITICAL |
Multiple vulnerabilities in the web-based management interface of Cisco Small Business SPA300 Series IP Phones and Cisco Small Business SPA500 Series IP Phones could allow an unauthenticated, remote attacker to execute arbitrary commands on the underlying operating system with root privileges. These vulnerabilities exist because incoming HTTP packets are not properly checked for errors, which could result in a buffer overflow. An attacker could exploit this vulnerability by sending a crafted HTTP request to an affected device. A successful exploit could allow the attacker to overflow an internal buffer and execute arbitrary commands at the root privilege level. | |||||
CVE-2024-20451 | 1 Cisco | 22 Spa 301 1 Line Ip Phone, Spa 301 Firmware, Spa 303 3 Line Ip Phone and 19 more | 2024-08-23 | N/A | 7.5 HIGH |
Multiple vulnerabilities in the web-based management interface of Cisco Small Business SPA300 Series IP Phones and Cisco Small Business SPA500 Series IP Phones could allow an unauthenticated, remote attacker to cause an affected device to reload unexpectedly. These vulnerabilities exist because HTTP packets are not properly checked for errors. An attacker could exploit this vulnerability by sending a crafted HTTP packet to the remote interface of an affected device. A successful exploit could allow the attacker to cause a DoS condition on the device. | |||||
CVE-2024-20454 | 1 Cisco | 22 Spa 301 1 Line Ip Phone, Spa 301 Firmware, Spa 303 3 Line Ip Phone and 19 more | 2024-08-23 | N/A | 9.8 CRITICAL |
Multiple vulnerabilities in the web-based management interface of Cisco Small Business SPA300 Series IP Phones and Cisco Small Business SPA500 Series IP Phones could allow an unauthenticated, remote attacker to execute arbitrary commands on the underlying operating system with root privileges. These vulnerabilities exist because incoming HTTP packets are not properly checked for errors, which could result in a buffer overflow. An attacker could exploit this vulnerability by sending a crafted HTTP request to an affected device. A successful exploit could allow the attacker to overflow an internal buffer and execute arbitrary commands at the root privilege level. | |||||
CVE-2024-21877 | 1 Enphase | 2 Iq Gateway, Iq Gateway Firmware | 2024-08-23 | N/A | 6.5 MEDIUM |
Improper Limitation of a Pathname to a Restricted Directory ('Path Traversal') vulnerability through a url parameter in Enphase IQ Gateway (formerly known as Envoy) allows File Manipulation. The endpoint requires authentication.This issue affects Envoy: from 4.x to 8.0 and < 8.2.4225. | |||||
CVE-2024-21876 | 1 Enphase | 2 Iq Gateway, Iq Gateway Firmware | 2024-08-23 | N/A | 9.1 CRITICAL |
Improper Limitation of a Pathname to a Restricted Directory ('Path Traversal') vulnerability via a URL parameter in Enphase IQ Gateway (formerly known as Envoy) allows an unautheticated attacker to access or create arbitratry files.This issue affects Envoy: from 4.x to 8.x and < 8.2.4225. | |||||
CVE-2024-21878 | 1 Enphase | 2 Iq Gateway, Iq Gateway Firmware | 2024-08-23 | N/A | 9.8 CRITICAL |
Improper Neutralization of Special Elements used in a Command ('Command Injection') vulnerability in Enphase IQ Gateway (formerly known as Envoy) allows OS Command Injection. This vulnerability is present in an internal script.This issue affects Envoy: from 4.x up to and including 8.x and is currently unpatched. | |||||
CVE-2024-21879 | 1 Enphase | 2 Iq Gateway, Iq Gateway Firmware | 2024-08-23 | N/A | 8.8 HIGH |
Improper Neutralization of Special Elements used in a Command ('Command Injection') vulnerability through an url parameter of an authenticated enpoint in Enphase IQ Gateway (formerly known as Envoy) allows OS Command Injection.This issue affects Envoy: from 4.x to 8.x and < 8.2.4225. | |||||
CVE-2024-21880 | 1 Enphase | 2 Iq Gateway, Iq Gateway Firmware | 2024-08-23 | N/A | 7.2 HIGH |
Improper Neutralization of Special Elements used in a Command ('Command Injection') vulnerability via the url parameter of an authenticated enpoint in Enphase IQ Gateway (formerly known as Enphase) allows OS Command Injection.This issue affects Envoy: 4.x <= 7.x | |||||
CVE-2024-42763 | 2024-08-23 | N/A | 5.4 MEDIUM | ||
A Reflected Cross Site Scripting (XSS) vulnerability was found in the "/schedule.php" page of the Kashipara Bus Ticket Reservation System v1.0, which allows remote attackers to execute arbitrary code via the "bookingdate" parameter. | |||||
CVE-2024-40453 | 1 Squirrelly | 1 Squirrelly | 2024-08-23 | N/A | 9.8 CRITICAL |
squirrellyjs squirrelly v9.0.0 and fixed in v.9.0.1 was discovered to contain a code injection vulnerability via the component options.varName. | |||||
CVE-2024-41675 | 1 Okfn | 1 Ckan | 2024-08-23 | N/A | 6.1 MEDIUM |
CKAN is an open-source data management system for powering data hubs and data portals. The Datatables view plugin did not properly escape record data coming from the DataStore, leading to a potential XSS vector. Sites running CKAN >= 2.7.0 with the datatables_view plugin activated. This is a plugin included in CKAN core, that not activated by default but it is widely used to preview tabular data. This vulnerability has been fixed in CKAN 2.10.5 and 2.11.0. | |||||
CVE-2024-41674 | 1 Okfn | 1 Ckan | 2024-08-23 | N/A | 5.3 MEDIUM |
CKAN is an open-source data management system for powering data hubs and data portals. If there were connection issues with the Solr server, the internal Solr URL (potentially including credentials) could be leaked to package_search calls as part of the returned error message. This has been patched in CKAN 2.10.5 and 2.11.0. | |||||
CVE-2020-11847 | 1 Microfocus | 1 Netiq Privileged Access Manager | 2024-08-23 | N/A | 7.8 HIGH |
SSH authenticated user when access the PAM server can execute an OS command to gain the full system access using bash. This issue affects Privileged Access Manager before 3.7.0.1. | |||||
CVE-2020-11846 | 1 Microfocus | 1 Netiq Privileged Access Manager | 2024-08-23 | N/A | 7.5 HIGH |
A vulnerability found in OpenText Privileged Access Manager that issues a token. on successful issuance of the token, a cookie gets set that allows unrestricted access to all the application resources. This issue affects Privileged Access Manager before 3.7.0.1. | |||||
CVE-2020-11850 | 1 Microfocus | 1 Netiq Self Service Password Reset | 2024-08-23 | N/A | 6.1 MEDIUM |
Improper Input Validation vulnerability in OpenText Self Service Password Reset allows Cross-Site Scripting (XSS). This issue affects Self Service Password Reset before 4.5.0.2 and 4.4.0.6 | |||||
CVE-2024-6329 | 1 Gitlab | 1 Gitlab | 2024-08-23 | N/A | 7.5 HIGH |
An issue was discovered in GitLab CE/EE affecting all versions starting from 8.16 prior to 17.0.6, starting from 17.1 prior to 17.1.4, and starting from 17.2 prior to 17.2.2, which causes the web interface to fail to render the diff correctly when the path is encoded. | |||||
CVE-2024-4784 | 1 Gitlab | 1 Gitlab | 2024-08-23 | N/A | 5.4 MEDIUM |
An issue was discovered in GitLab EE starting from version 16.7 before 17.0.6, version 17.1 before 17.1.4 and 17.2 before 17.2.2 that allowed bypassing the password re-entry requirement to approve a policy. | |||||
CVE-2024-28972 | 1 Dell | 1 Insightiq | 2024-08-23 | N/A | 7.5 HIGH |
Dell InsightIQ, Verion 5.0.0, contains a use of a broken or risky cryptographic algorithm vulnerability. An unauthenticated remote attacker could potentially exploit this vulnerability, leading to information disclosure. |