11652 matches found
CVE-2024-7755
The EWON FLEXY 202 transmits credentials using a weak encoding method base64. An attacker who is present in the network can sniff the traffic and decode the credentials...
CVE-2024-7755 HMS Networks EWON FLEXY 202 Insufficiently Protected Credentials
The EWON FLEXY 202 transmits credentials using a weak encoding method base64. An attacker who is present in the network can sniff the traffic and decode the credentials...
CVE-2024-48180
ClassCMS =4.8 is vulnerable to file inclusion in the nowView method in/class/cms/cms.php, which can include a file uploaded to the/class/template directory to execute PHP code...
CVE-2024-20280
A vulnerability in the backup feature of Cisco UCS Central Software could allow an attacker with access to a backup file to learn sensitive information that is stored in the full state and configuration backup files. This vulnerability is due to a weakness in the encryption method that is used fo...
CVE-2024-20280 Cisco UCS Central Software Configuration Backup Static Key Vulnerability
A vulnerability in the backup feature of Cisco UCS Central Software could allow an attacker with access to a backup file to learn sensitive information that is stored in the full state and configuration backup files. This vulnerability is due to a weakness in the encryption method that is used fo...
Cisco UCS Central Software Configuration Backup Information Disclosure Vulnerability
A vulnerability in the backup feature of Cisco UCS Central Software could allow an attacker with access to a backup file to learn sensitive information that is stored in the full state and configuration backup files. This vulnerability is due to a weakness in the encryption method that is used fo...
CVE-2024-48180
CVE-2024-48180 affects ClassCMS versions ≤ 4.8. The issue is a file inclusion in the nowView method of /class/cms/cms.php, which can include a file uploaded to /class/template, allowing PHP code execution. Documented impact indicates high confidentiality, integrity, and availability impact with a...
CVE-2024-48180
ClassCMS =4.8 is vulnerable to file inclusion in the nowView method in/class/cms/cms.php, which can include a file uploaded to the/class/template directory to execute PHP code...
CVE-2024-47080
matrix-js-sdk is the Matrix Client-Server SDK for JavaScript and TypeScript. In matrix-js-sdk versions versions 9.11.0 through 34.7.0, the method MatrixClient.sendSharedHistoryKeys is vulnerable to interception by malicious homeservers. The method was introduced by MSC3061 and is commonly used to...
Microarchitectural Cache Side-Channel Attacks
Bulletin ID: AMD-SB-7025 Potential Impact: N/A Severity: N/A Summary Researchers from Azure® Research, Microsoft® have provided to AMD a paper titled “Principled Microarchitectural Isolation on Cloud CPUs.” In their paper, the researchers describe a potential side-channel vulnerability on AMD CPU...
PT-2024-10192 · Laravel · Laravel Pulse
Name of the Vulnerable Software and Affected Versions: Laravel Pulse versions prior to 1.3.1 Description: Laravel Pulse is a real-time application performance monitoring tool and dashboard for Laravel applications. A vulnerability exists in the public remember method within the...
Siemens Simcenter Nastran Heap Buffer Overflow Vulnerability
Simcenter Nastran is a finite element method solver with computational performance, accuracy and reliability. A heap buffer overflow vulnerability exists in Siemens Simcenter Nastran, which can be exploited by an attacker to execute code in the context of the current process...
Siemens Simcenter Nastran Memory Corruption Vulnerability
Simcenter Nastran is a finite element method solver with computational performance, accuracy and reliability. A memory corruption vulnerability exists in Siemens Simcenter Nastran, which can be exploited by an attacker to execute code in the context of the current process...
MAL-2024-9195 Malicious code in updated-script-rainbow-six-siege-renown-method-unlimited-undetected-updated-2023-aaseax (npm)
--- -= Per source details. Do not edit below this line.=- Source: ghsa-malware e1e38a8e46fd7a50a4aa74b0c1f46075a329295be810eb70a479185500004b03 Any computer that has this package installed or running should be considered fully compromised. All secrets and keys stored on that computer should be...
CVE-2024-25286
...
CVE-2024-25284
...
CVE-2024-25284
CVE-2024-25284 concerns RedSys 3DSecure 2.0, specifically the 3DS Authorization Method. The vulnerability is a reflected Cross‑Site Scripting (XSS) in the threeDSMethod.jsp endpoint, caused by lack of sanitization of the threeDSMethodData parameter. This allows an attacker to inject arbitrary scr...
CVE-2024-25286
...
October 8, 2024—KB5044288 (OS Build 25398.1189)
October 8, 2024—KB5044288 OS Build 25398.1189 For information about Windows update terminology, see the article about the types of Windows updates and the monthly quality update types. For an overview of Windows Server, version 23H2, see its update history page. Improvements This security update...
GHSA-62CX-5XJ4-WFM4 ggit is vulnerable to Command Injection via the fetchTags(branch) API
All versions of the package ggit are vulnerable to Command Injection via the fetchTagsbranch API, which allows user input to specify the branch to be fetched and then concatenates this string along with a git command which is then passed to the unsafe exec Node.js child process API...