CVE-2024-23970

CVE-2024-23970 affects ChargePoint Home Flex devices. The flaw is in the TLS certificate validation via the CURLOPT_SSL_VERIFYHOST setting, with improper validation of the server’s certificate. This enables network-adjacent attackers to compromise transport security and, per reported details, cou...

CVE-2024-23969

ChargePoint Home Flex devices are affected by CVE-2024-23969 due to an out-of-bounds write in the wlanchnllst function caused by improper validation of user-supplied data. This vulnerability can allow network-adjacent attackers to execute arbitrary code with root privileges, and authentication is...

CVE-2024-11944 iXsystems TrueNAS CORE tarfile.extractall Directory Traversal Remote Code Execution Vulnerability

iXsystems TrueNAS CORE tarfile.extractall Directory Traversal Remote Code Execution Vulnerability. This vulnerability allows network-adjacent attackers to execute arbitrary code on affected installations of iXsystems TrueNAS devices. Authentication is not required to exploit this vulnerability. T...

The vulnerability of the DeviceManager component in the Visteon Infotainment automotive application platform allows a hacker to execute arbitrary SQL code within the root context.

The vulnerability of the DeviceManager component in the Visteon Infotainment automotive application platform relates to the lack of protective measures for the SQL query structure. Exploiting this vulnerability allows an attacker to execute arbitrary SQL code within the root context...

CVE-2024-8808

Cohesive Networks VNS3 Command Injection Remote Code Execution Vulnerability. This vulnerability allows remote attackers to execute arbitrary code on affected installations of Cohesive Networks VNS3. Authentication is required to exploit this vulnerability. The specific flaw exists within the web...

CVE-2024-8809 Cohesive Networks VNS3 Command Injection Remote Code Execution Vulnerability

Cohesive Networks VNS3 Command Injection Remote Code Execution Vulnerability. This vulnerability allows remote attackers to execute arbitrary code on affected installations of Cohesive Networks VNS3. Authentication is required to exploit this vulnerability. The specific flaw exists within the web...

CVE-2024-6249

Wyze Cam v3 TCP Traffic Handling Stack-Based Buffer Overflow Remote Code Execution Vulnerability. This vulnerability allows network-adjacent attackers to execute arbitrary code on affected installations of Wyze Cam v3 IP cameras. Authentication is not required to exploit this vulnerability. The...

CVE-2024-5720

Logsign Unified SecOps Platform Command Injection Remote Code Execution Vulnerability. This vulnerability allows remote attackers to execute arbitrary code on affected installations of Logsign Unified SecOps Platform. Although authentication is required to exploit this vulnerability, the existing...

CVE-2023-51635

NETGEAR RAX30 fingdil Stack-based Buffer Overflow Remote Code Execution Vulnerability. This vulnerability allows network-adjacent attackers to execute arbitrary code on affected installations of NETGEAR RAX30 routers. Authentication is not required to exploit this vulnerability. The specific flaw...

CVE-2024-5720 Logsign Unified SecOps Platform Command Injection Remote Code Execution Vulnerability

Logsign Unified SecOps Platform Command Injection Remote Code Execution Vulnerability. This vulnerability allows remote attackers to execute arbitrary code on affected installations of Logsign Unified SecOps Platform. Although authentication is required to exploit this vulnerability, the existing...

CVE-2024-5717 Logsign Unified SecOps Platform Command Injection Remote Code Execution Vulnerability

Logsign Unified SecOps Platform Command Injection Remote Code Execution Vulnerability. This vulnerability allows remote attackers to execute arbitrary code on affected installations of Logsign Unified SecOps Platform. Although authentication is required to exploit this vulnerability, the existing...

Cisco Small Business多款产品 安全漏洞

Cisco Small Business Routers is a router device from Cisco. A security vulnerability exists in the Cisco Small Business WEB interface, which can be exploited by an authenticated remote attacker with WEB administrative privileges to submit a special request that can be used in a root context to...

CVE-2024-23924

Alpine Halo9 UPDMwemCmdCreatSHA256Hash Command Injection Remote Code Execution Vulnerability. This vulnerability allows physically present attackers to execute arbitrary code on affected installations of Alpine Halo9 devices. Authentication is not required to exploit this vulnerability. The...

CVE-2024-23923

Alpine Halo9 prhl2sardataind Use-After-Free Remote Code Execution Vulnerability. This vulnerability allows network-adjacent attackers to execute arbitrary code on affected installations of Alpine Halo9 devices. Authentication is not required to exploit this vulnerability. The specific flaw exists...

CVE-2024-23924 Alpine Halo9 UPDM_wemCmdCreatSHA256Hash Command Injection Remote Code Execution Vulnerability

Alpine Halo9 UPDMwemCmdCreatSHA256Hash Command Injection Remote Code Execution Vulnerability. This vulnerability allows physically present attackers to execute arbitrary code on affected installations of Alpine Halo9 devices. Authentication is not required to exploit this vulnerability. The...

GHSA-7GQ2-VWQ9-W8VW Eclipse Glassfish URL redirection vulnerability

In Eclipse Glassfish versions prior to 7.0.10, a URL redirection vulnerability to untrusted sites existed. This vulnerability is caused by the vulnerability CVE-2023-41080 in the Apache code included in GlassFish. This vulnerability only affects applications that are explicitly deployed to the ro...

Eclipse Glassfish URL redirection vulnerability

In Eclipse Glassfish versions prior to 7.0.10, a URL redirection vulnerability to untrusted sites existed. This vulnerability is caused by the vulnerability CVE-2023-41080 in the Apache code included in GlassFish. This vulnerability only affects applications that are explicitly deployed to the ro...

CVE-2024-8646

In Eclipse Glassfish versions prior to 7.0.10, a URL redirection vulnerability to untrusted sites existed. This vulnerability is caused by the vulnerability CVE-2023-41080 in the Apache code included in GlassFish. This vulnerability only affects applications that are explicitly deployed to the ro...

CVE-2024-8646

CVE-2024-8646 — Eclipse GlassFish prior to 7.0.10 suffers a URL redirection vulnerability to untrusted sites. The flaw stems from CVE-2023-41080 embedded in the Apache code used by GlassFish and only affects applications deployed to the root context ‘/’. Public details in the connected documents ...

CVE-2024-8646 Eclipse Glassfish: URL redirection vulnerability to untrusted sites

In Eclipse Glassfish versions prior to 7.0.10, a URL redirection vulnerability to untrusted sites existed. This vulnerability is caused by the vulnerability CVE-2023-41080 in the Apache code included in GlassFish. This vulnerability only affects applications that are explicitly deployed to the ro...