Skip to main content
CVE-2024-38510 HIGH This Week

A privilege escalation vulnerability was discovered in the SSH captive command shell interface that could allow an authenticated XCC user with elevated privileges to perform command injection via. Rated high severity (CVSS 7.2), this vulnerability is remotely exploitable, low attack complexity. No vendor patch available.

Privilege Escalation Command Injection
NVD
CVSS 3.1
7.2
EPSS
1.1%
CVE-2024-38509 HIGH This Week

A privilege escalation vulnerability was discovered in XCC that could allow an authenticated XCC user with elevated privileges to execute arbitrary code via a specially crafted IPMI command. Rated high severity (CVSS 7.2), this vulnerability is remotely exploitable, low attack complexity. No vendor patch available.

Privilege Escalation Buffer Overflow Stack Overflow RCE
NVD
CVSS 3.1
7.2
EPSS
0.5%
CVE-2024-38508 HIGH This Week

A privilege escalation vulnerability was discovered in the web interface or SSH captive command shell interface of XCC that could allow an authenticated XCC user with elevated privileges to perform. Rated high severity (CVSS 7.2), this vulnerability is remotely exploitable, low attack complexity. No vendor patch available.

Privilege Escalation Command Injection
NVD
CVSS 3.1
7.2
EPSS
1.0%
CVE-2024-41691 HIGH This Week

This vulnerability exists in SyroTech SY-GPON-1110-WDONT Router due to storing of FTP credentials in plaintext within the SquashFS-root filesystem associated with the router's firmware. Rated high severity (CVSS 7.0), this vulnerability is no authentication required, low attack complexity. No vendor patch available.

Authentication Bypass Sy Gpon 1110 Wdont Firmware
NVD
CVSS 4.0
7.0
EPSS
0.2%
CVE-2024-41690 HIGH This Week

This vulnerability exists in SyroTech SY-GPON-1110-WDONT Router due to storing of default username and password credentials in plaintext within the router's firmware/ database. Rated high severity (CVSS 7.0), this vulnerability is no authentication required, low attack complexity. No vendor patch available.

Authentication Bypass Sy Gpon 1110 Wdont Firmware
NVD
CVSS 4.0
7.0
EPSS
0.2%
CVE-2024-41688 HIGH This Week

This vulnerability exists in SyroTech SY-GPON-1110-WDONT Router due lack of encryption in storing of usernames and passwords within the router's firmware/ database. Rated high severity (CVSS 7.0), this vulnerability is no authentication required, low attack complexity. No vendor patch available.

Authentication Bypass Sy Gpon 1110 Wdont Firmware
NVD
CVSS 4.0
7.0
EPSS
0.1%
CVE-2024-41685 MEDIUM This Month

This vulnerability exists in SyroTech SY-GPON-1110-WDONT Router due to missing HTTPOnly flag for the session cookies associated with the router's web management interface. Rated medium severity (CVSS 6.9), this vulnerability is remotely exploitable, no authentication required, low attack complexity. No vendor patch available.

Information Disclosure Sy Gpon 1110 Wdont Firmware
NVD
CVSS 4.0
6.9
EPSS
0.5%
CVE-2024-41684 MEDIUM This Month

This vulnerability exists in SyroTech SY-GPON-1110-WDONT Router due to missing secure flag for the session cookies associated with the router's web management interface. Rated medium severity (CVSS 6.9), this vulnerability is remotely exploitable, no authentication required, low attack complexity. No vendor patch available.

Information Disclosure Sy Gpon 1110 Wdont Firmware
NVD
CVSS 4.0
6.9
EPSS
0.2%
CVE-2024-41805 MEDIUM This Month

Tracks, a Getting Things Done (GTD) web application, is vulnerable to reflected cross-site scripting in versions prior to 2.7.1. Rated medium severity (CVSS 6.1), this vulnerability is remotely exploitable, no authentication required, low attack complexity. No vendor patch available.

XSS
NVD GitHub
CVSS 3.1
6.1
EPSS
0.4%
CVE-2024-37034 MEDIUM This Month

An issue was discovered in Couchbase Server before 7.2.5 and 7.6.0 before 7.6.1. Rated medium severity (CVSS 5.9), this vulnerability is remotely exploitable, no authentication required. No vendor patch available.

Information Disclosure Couchbase Server
NVD
CVSS 3.1
5.9
EPSS
0.2%
CVE-2024-42007 MEDIUM This Month

SPX (aka php-spx) through 0.4.15 allows SPX_UI_URI Directory Traversal to read arbitrary files. Rated medium severity (CVSS 5.8), this vulnerability is remotely exploitable, no authentication required, low attack complexity. No vendor patch available.

Path Traversal
NVD GitHub
CVSS 3.1
5.8
EPSS
0.6%
CVE-2024-27357 MEDIUM This Month

An issue was discovered in WithSecure Elements Agent through 23.x for macOS, WithSecure Elements Client Security through 23.x for macOS, and WithSecure MDR through 23.x for macOS. Rated medium severity (CVSS 5.8), this vulnerability is low attack complexity. No vendor patch available.

Privilege Escalation Apple
NVD
CVSS 3.1
5.8
EPSS
0.2%
CVE-2024-25090 MEDIUM This Month

Insufficient input validation and sanitation in Profile name & screenname, Bookmark name & description and blogroll name features in all versions of Apache Roller on all platforms allows an. Rated medium severity (CVSS 5.4), this vulnerability is remotely exploitable, low attack complexity. No vendor patch available.

Apache XSS Roller
NVD
CVSS 3.1
5.4
EPSS
0.8%
CVE-2024-7128 MEDIUM This Month

A flaw was found in the OpenShift console. Rated medium severity (CVSS 5.3), this vulnerability is remotely exploitable, no authentication required, low attack complexity. No vendor patch available.

Information Disclosure
NVD
CVSS 3.1
5.3
EPSS
0.4%
CVE-2024-41689 MEDIUM This Month

This vulnerability exists in SyroTech SY-GPON-1110-WDONT Router due to unencrypted storing of WPA/ WPS credentials within the router's firmware/ database. Rated medium severity (CVSS 5.2), this vulnerability is no authentication required, low attack complexity. No vendor patch available.

Authentication Bypass Sy Gpon 1110 Wdont Firmware
NVD
CVSS 4.0
5.2
EPSS
0.2%
CVE-2024-27358 LOW Monitor

An issue was discovered in WithSecure Elements Agent through 23.x for macOS and WithSecure Elements Client Security through 23.x for macOS. Rated low severity (CVSS 3.3), this vulnerability is low attack complexity. No vendor patch available.

Apple Information Disclosure
NVD
CVSS 3.1
3.3
EPSS
0.2%
CVE-2024-4786 LOW Monitor

An improper validation vulnerability was reported in the Lenovo Tab K10 that could allow a specially crafted application to keep the device on. Rated low severity (CVSS 2.8), this vulnerability is low attack complexity. No vendor patch available.

Information Disclosure Lenovo
NVD
CVSS 3.1
2.8
EPSS
0.1%
Prev Page 2 of 2

This site uses cookies essential for authentication and security. No tracking or analytics cookies are used. Privacy Policy