(0Day) ChargePoint Home Flex Bluetooth Low Energy Information Disclosure Vulnerability

This vulnerability allows network-adjacent attackers to disclose sensitive information on affected installations of ChargePoint Home Flex charging devices. User interaction is required to exploit this vulnerability. The specific flaw exists within the Wi-Fi setup logic. By connecting to the devic...

PT-2024-20185 · Pioneers · Pioneer Dmh-Wt7600Nex

Name of the Vulnerable Software and Affected Versions: Pioneer DMH-WT7600NEX affected versions not specified Description: This issue allows network-adjacent attackers to create a denial-of-service condition on affected installations. Authentication is not required to exploit this issue. The...

Dahua Security Cameras Incorrect Default Permissions (CVE-2019-9682)

Dahua devices with Build time before December 2019 use strong security login mode by default, but in order to be compatible with the normal login of early devices, some devices retain the weak security login mode that users can control. If the user uses a weak security login method, an attacker c...

CVE-2024-6895 Insecure Account Profile Management

Insufficient authentication in user account management in Yugabyte Platform allows local network attackers with a compromised user session to change critical security information without re-authentication. An attacker with user session and access to application can modify settings such as passwor...

OpenJDK: Excessive symbol length can lead to infinite loop (8319859)

Vulnerability in the Oracle Java SE, Oracle GraalVM for JDK, Oracle GraalVM Enterprise Edition product of Oracle Java SE component: Hotspot. Supported versions that are affected are Oracle Java SE: 8u411, 8u411-perf, 11.0.23, 17.0.11, 21.0.3, 22.0.1; Oracle GraalVM for JDK: 17.0.11, 21.0.3, 22.0....

OpenJDK: Pack200 increase loading time due to improper header validation (8322106)

Vulnerability in the Oracle Java SE, Oracle GraalVM Enterprise Edition product of Oracle Java SE component: Concurrency. Supported versions that are affected are Oracle Java SE: 8u411, 8u411-perf, 11.0.23; Oracle GraalVM Enterprise Edition: 20.3.14 and 21.3.10. Difficult to exploit vulnerability...

AZL-50511 CVE-2024-21162 affecting package mysql for versions less than 8.0.40-1

Vulnerability in the MySQL Server product of Oracle MySQL component: Server: Optimizer. Supported versions that are affected are 8.0.37 and prior and 8.4.0 and prior. Easily exploitable vulnerability allows high privileged attacker with network access via multiple protocols to compromise MySQL...

AZL-50468 CVE-2024-21130 affecting package mysql for versions less than 8.0.40-1

Vulnerability in the MySQL Server product of Oracle MySQL component: Server: Optimizer. Supported versions that are affected are 8.0.37 and prior and 8.4.0 and prior. Easily exploitable vulnerability allows high privileged attacker with network access via multiple protocols to compromise MySQL...

UBUNTU-CVE-2024-21157

Vulnerability in the MySQL Server product of Oracle MySQL component: InnoDB. Supported versions that are affected are 8.0.36 and prior and 8.4.0 and prior. Easily exploitable vulnerability allows high privileged attacker with network access via multiple protocols to compromise MySQL Server...

CVE-2024-21125

Vulnerability in the MySQL Server product of Oracle MySQL component: Server: FTS. Supported versions that are affected are 8.0.37 and prior and 8.4.0 and prior. Easily exploitable vulnerability allows high privileged attacker with network access via multiple protocols to compromise MySQL Server...

PT-2024-4994 · Oracle · Peoplesoft Enterprise Hcm Shared Components

Name of the Vulnerable Software and Affected Versions: PeopleSoft Enterprise HCM Shared Components version 9.2 Description: The issue is related to insufficient input validation in the Text Catalog component of PeopleSoft Enterprise HCM Shared Components. This easily exploitable vulnerability...

PT-2024-4995 · Oracle · Oracle Retail Xstore Office

Name of the Vulnerable Software and Affected Versions: Oracle Retail Xstore Office versions 19.0.5, 20.0.3, 20.0.4, 22.0.0, and 23.0.1 Description: The issue allows an unauthenticated attacker with network access via HTTP to compromise Oracle Retail Xstore Office, potentially resulting in...

CVE-2024-3799

Insecure handling of POST header parameter body included in requests being sent to an instance of the open-source project Phoniebox allows an attacker to create a website, which – when visited by a user – will send malicious requests to multiple hosts on the local network. If such a request reach...

Juniper SSR Security Bypass (JSA83126)

An Authentication Bypass Using an Alternate Path or Channel vulnerability in Juniper Networks Session Smart Router or conductor running with a redundant peer allows a network based attacker to bypass authentication and take full control of the device. Only routers or conductors that are running i...

CVE-2024-2973 Session Smart Router(SSR): On redundant router deployments API authentication can be bypassed

An Authentication Bypass Using an Alternate Path or Channel vulnerability in Juniper Networks Session Smart Router or conductor running with a redundant peer allows a network based attacker to bypass authentication and take full control of the device. Only routers or conductors that are running i...

CVE-2024-37825

An issue in EnvisionWare Computer Access & Reservation Control SelfCheck v1.0 fixed in OneStop 3.2.0.27184 Hotfix May 2024 allows unauthenticated attackers on the same network to perform a directory traversal...

Server Side Request Forgery

@strapi/strapi is vulnerable to Server Side Request Forgery. The vulnerability is due to improper url parameter validation within the /strapi.io/next/image endpoint, which allows an attacker to send request to internal resources on the network...

PT-2024-20205 · Alpine · Alpine Halo9

Name of the Vulnerable Software and Affected Versions: Alpine Halo9 affected versions not specified Description: This issue allows network-adjacent attackers to execute arbitrary code on affected installations of Alpine Halo9 devices. An attacker must first obtain the ability to pair a malicious...

PT-2024-37480 · Wyze · Wyze Cam V3

Name of the Vulnerable Software and Affected Versions: Wyze Cam v3 affected versions not specified Description: This issue allows network-adjacent attackers to execute arbitrary code on affected installations of Wyze Cam v3 IP cameras. The specific flaw exists within the "run action batch" endpoi...

PT-2024-20522 · Silicon · Gecko Os

Name of the Vulnerable Software and Affected Versions: Silicon Labs Gecko OS affected versions not specified Description: This issue allows network-adjacent attackers to execute arbitrary code on affected installations of Silicon Labs Gecko OS. No authentication is required to exploit this issue...