Search Results (362966 CVEs found)

CVE Vendors Products Updated CVSS v3.1
CVE-2024-28798 1 Ibm 1 Infosphere Information Server 2024-11-21 7.2 High
IBM InfoSphere Information Server 11.7 is vulnerable to stored cross-site scripting. This vulnerability allows users to embed arbitrary JavaScript code in the Web UI thus altering the intended functionality potentially leading to credentials disclosure within a trusted session. IBM X-Force ID: 287172.
CVE-2024-28797 1 Ibm 1 Infosphere Information Server 2024-11-21 6.4 Medium
IBM InfoSphere Information Server 11.7 is vulnerable stored to cross-site scripting. This vulnerability allows users to embed arbitrary JavaScript code in the Web UI thus altering the intended functionality potentially leading to credentials disclosure within a trusted session. IBM X-Force ID: 287136.
CVE-2024-28796 1 Ibm 1 Rational Clearquest 2024-11-21 6.4 Medium
IBM ClearQuest (CQ) 9.1 through 9.1.0.6 is vulnerable to stored cross-site scripting. This vulnerability allows users to embed arbitrary JavaScript code in the Web UI thus altering the intended functionality potentially leading to credentials disclosure within a trusted session. IBM X-Force ID: 286833.
CVE-2024-28795 1 Ibm 1 Infosphere Information Server 2024-11-21 5.4 Medium
IBM InfoSphere Information Server 11.7 is vulnerable to cross-site scripting. This vulnerability allows users to embed arbitrary JavaScript code in the Web UI thus altering the intended functionality potentially leading to credentials disclosure within a trusted session. IBM X-Force ID: 286832.
CVE-2024-28794 1 Ibm 1 Infosphere Information Server 2024-11-21 5.4 Medium
IBM InfoSphere Information Server 11.7 is vulnerable to cross-site scripting. This vulnerability allows users to embed arbitrary JavaScript code in the Web UI thus altering the intended functionality potentially leading to credentials disclosure within a trusted session. IBM X-Force ID: 286831.
CVE-2024-28772 1 Ibm 4 Security Directory Integrator, Security Directory Server, Security Verify Access and 1 more 2024-11-21 6.8 Medium
IBM Security Directory Integrator 7.2.0 and IBM Security Verify Directory Integrator 10.0.0 is vulnerable to stored cross-site scripting. This vulnerability allows users to embed arbitrary JavaScript code in the Web UI thus altering the intended functionality potentially leading to credentials disclosure within a trusted session. IBM X-Force ID: 285645.
CVE-2024-28553 1 Tenda 1 Ac18 Firmware 2024-11-21 9.8 Critical
Tenda AC18 V15.03.05.05 has a stack overflow vulnerability in the entrys parameter fromAddressNat function.
CVE-2024-28535 1 Tenda 1 Ac18 Firmware 2024-11-21 8 High
Tenda AC18 V15.03.05.05 has a stack overflow vulnerability in the mitInterface parameter of fromAddressNat function.
CVE-2024-28200 1 N-able 1 N-central 2024-11-21 9.1 Critical
The N-central server is vulnerable to an authentication bypass of the user interface. This vulnerability is present in all deployments of N-central prior to 2024.2. This vulnerability was discovered through internal N-central source code review and N-able has not observed any exploitation in the wild.
CVE-2024-28164 1 Sap 1 Netweaver Application Server Java 2024-11-21 5.3 Medium
SAP NetWeaver AS Java (CAF - Guided Procedures) allows an unauthenticated user to access non-sensitive information about the server which would otherwise be restricted causing low impact on confidentiality of the application.
CVE-2024-28120 2024-11-21 6.5 Medium
codeium-chrome is an open source code completion plugin for the chrome web browser. The service worker of the codeium-chrome extension doesn't check the sender when receiving an external message. This allows an attacker to host a website that will steal the user's Codeium api-key, and thus impersonate the user on the backend autocomplete server. This issue has not been addressed. Users are advised to monitor the usage of their API key.
CVE-2024-28115 1 Amazon 1 Freertos 2024-11-21 8.8 High
FreeRTOS is a real-time operating system for microcontrollers. FreeRTOS Kernel versions through 10.6.1 do not sufficiently protect against local privilege escalation via Return Oriented Programming techniques should a vulnerability exist that allows code injection and execution. These issues affect ARMv7-M MPU ports, and ARMv8-M ports with Memory Protected Unit (MPU) support enabled (i.e. `configENABLE_MPU` set to 1). These issues are fixed in version 10.6.2 with a new MPU wrapper.
CVE-2024-28074 1 Solarwinds 1 Access Rights Manager 2024-11-21 9.6 Critical
It was discovered that a previous vulnerability was not completely fixed with SolarWinds Access Rights Manager. While some controls were implemented the researcher was able to bypass these and use a different method to exploit the vulnerability.
CVE-2024-28067 1 Samsung 2 Exynos Modem 5300, Exynos Modem 5300 Firmware 2024-11-21 5.3 Medium
A vulnerability in Samsung Exynos Modem 5300 allows a Man-in-the-Middle (MITM) attacker to downgrade the security mode of packets going to the victim, enabling the attacker to send messages to the victim in plaintext.
CVE-2024-28052 2 Level1, Levelone 3 Wbr-6012, Wbr-6012 Firmware, Wbr-6012 2024-11-21 5.3 Medium
The WBR-6012 is a wireless SOHO router. It is a low-cost device which functions as an internet gateway for homes and small offices while aiming to be easy to configure and operate. In addition to providing a WiFi access point, the device serves as a 4-port wired router and implements a variety of common SOHO router capabilities such as port forwarding, quality-of-service, web-based administration, a DHCP server, a basic DMZ, and UPnP capabilities.
CVE-2024-28029 1 Deltaww 1 Diaenergie 2024-11-21 8.8 High
Privileges are not fully verified server-side, which can be abused by a user with limited privileges to bypass authorization and access privileged functionality.
CVE-2024-28024 2 Hitachi Energy, Hitachienergy 4 Foxman-un, Unem, Foxman-un and 1 more 2024-11-21 4.1 Medium
A vulnerability exists in the FOXMAN-UN/UNEM in which sensitive information is stored in cleartext within a resource that might be accessible to another control sphere.
CVE-2024-28021 1 Hitachienergy 3 Foxman-un, Foxman Un, Unem 2024-11-21 7.4 High
A vulnerability exists in the FOXMAN-UN/UNEM server that affects the message queueing mechanism’s certificate validation. If exploited an attacker could spoof a trusted entity causing a loss of confidentiality and integrity.
CVE-2024-28020 1 Hitachienergy 2 Foxman-un, Unem 2024-11-21 8 High
A user/password reuse vulnerability exists in the FOXMAN-UN/UNEM application and server management. If exploited a malicious high-privileged user could use the passwords and login information through complex routines to extend access on the server and other services.
CVE-2024-27903 1 Openvpn 1 Openvpn 2024-11-21 9.8 Critical
OpenVPN plug-ins on Windows with OpenVPN 2.6.9 and earlier could be loaded from any directory, which allows an attacker to load an arbitrary plug-in which can be used to interact with the privileged OpenVPN interactive service.