Total
25 CVE
| CVE | Vendors | Products | Updated | CVSS v3.1 |
|---|---|---|---|---|
| CVE-2024-49579 | 1 Jetbrains | 1 Youtrack | 2024-11-14 | 8.1 High |
| In JetBrains YouTrack before 2024.3.47197 insecure plugin iframe allowed arbitrary JavaScript execution and unauthorized API requests | ||||
| CVE-2024-10460 | 2 Mozilla, Redhat | 8 Firefox, Thunderbird, Enterprise Linux and 5 more | 2024-10-31 | 5.4 Medium |
| The origin of an external protocol handler prompt could have been obscured using a data: URL within an `iframe`. This vulnerability affects Firefox < 132, Firefox ESR < 128.4, Thunderbird < 128.4, and Thunderbird < 132. | ||||
| CVE-2024-49214 | 2024-10-29 | 5.3 Medium | ||
| QUIC in HAProxy 3.1.x before 3.1-dev7, 3.0.x before 3.0.5, and 2.9.x before 2.9.11 allows opening a 0-RTT session with a spoofed IP address. This can bypass the IP allow/block list functionality. | ||||
| CVE-2023-51440 | 1 Siemens | 8 Cp 343-1, Cp 343-1 Firmware, Cp 343-1 Lean and 5 more | 2024-10-18 | 7.5 High |
| A vulnerability has been identified in SIMATIC CP 343-1 (6GK7343-1EX30-0XE0) (All versions), SIMATIC CP 343-1 Lean (6GK7343-1CX10-0XE0) (All versions), SIPLUS NET CP 343-1 (6AG1343-1EX30-7XE0) (All versions), SIPLUS NET CP 343-1 Lean (6AG1343-1CX10-2XE0) (All versions). Affected products incorrectly validate TCP sequence numbers. This could allow an unauthenticated remote attacker to create a denial of service condition by injecting spoofed TCP RST packets. | ||||
| CVE-2023-48387 | 1 Twca | 1 Jcicsecuritytool | 2024-10-14 | 8.8 High |
| TAIWAN-CA(TWCA) JCICSecurityTool fails to check the source website and access locations when executing multiple Registry-related functions. In the scenario where a user is using the JCICSecurityTool and has completed identity verification, if the user browses a malicious webpage created by an attacker, the attacker can exploit this vulnerability to read or modify any registry file under HKEY_CURRENT_USER, thereby achieving remote code execution. | ||||
| CVE-2023-41355 | 1 Nokia | 2 G-040w-q, G-040w-q Firmware | 2024-10-14 | 9.8 Critical |
| Chunghwa Telecom NOKIA G-040W-Q Firewall function has a vulnerability of input validation for ICMP redirect messages. An unauthenticated remote attacker can exploit this vulnerability by sending a crafted package to modify the network routing table, resulting in a denial of service or sensitive information leaking. | ||||
| CVE-2024-20390 | 1 Cisco | 2 Ios Xr, Ios Xr Software | 2024-10-07 | 5.3 Medium |
| A vulnerability in the Dedicated XML Agent feature of Cisco IOS XR Software could allow an unauthenticated, remote attacker to cause a denial of service (DoS) on XML TCP listen port 38751. This vulnerability is due to a lack of proper error validation of ingress XML packets. An attacker could exploit this vulnerability by sending a sustained, crafted stream of XML traffic to a targeted device. A successful exploit could allow the attacker to cause XML TCP port 38751 to become unreachable while the attack traffic persists. | ||||
| CVE-2024-47176 | 2 Openprinting, Redhat | 7 Cups, Enterprise Linux, Rhel Aus and 4 more | 2024-10-02 | 5.3 Medium |
| CUPS is a standards-based, open-source printing system, and `cups-browsed` contains network printing functionality including, but not limited to, auto-discovering print services and shared printers. `cups-browsed` binds to `INADDR_ANY:631`, causing it to trust any packet from any source, and can cause the `Get-Printer-Attributes` IPP request to an attacker controlled URL. When combined with other vulnerabilities, such as CVE-2024-47076, CVE-2024-47175, and CVE-2024-47177, an attacker can execute arbitrary commands remotely on the target machine without authentication when a malicious printer is printed to. | ||||
| CVE-2023-3663 | 1 Codesys | 1 Development System | 2024-10-02 | 8.8 High |
| In CODESYS Development System versions from 3.5.11.20 and before 3.5.19.20 a missing integrity check might allow an unauthenticated remote attacker to manipulate the content of notifications received via HTTP by the CODESYS notification server. | ||||
| CVE-2023-41094 | 1 Silabs | 1 Emberznet | 2024-09-26 | 10 Critical |
| TouchLink packets processed after timeout or out of range due to Operation on a Resource after Expiration and Missing Release of Resource after Effective Lifetime may allow a device to be added outside of valid TouchLink range or pairing duration This issue affects Ember ZNet 7.1.x from 7.1.3 through 7.1.5; 7.2.x from 7.2.0 through 7.2.3; Version 7.3 and later are unaffected | ||||
| CVE-2024-1621 | 1 Nt-ware | 3 Uniflow Online, Uniflow Online Print \& Scan, Uniflow Smartclient | 2024-09-17 | 7.5 High |
| The registration process of uniFLOW Online (NT-ware product) apps, prior to and including version 2024.1.0, can be compromised when email login is enabled on the tenant. Those tenants utilising email login in combination with Microsoft Safe Links or similar are impacted. This vulnerability may allow the attacker to register themselves against a genuine user in the system and allow malicious users with similar access and capabilities via the app to the existing genuine user. | ||||
| CVE-2024-38886 | 1 Horizoncloud | 1 Caterease | 2024-09-10 | 9.8 Critical |
| An issue in Horizon Business Services Inc. Caterease 16.0.1.1663 through 24.0.1.2405 and possibly later versions, allows a remote attacker to perform a Traffic Injection attack due to improper verification of the source of a communication channel. | ||||
| CVE-2023-7004 | 2024-08-26 | 6.5 Medium | ||
| The TTLock App does not employ proper verification procedures to ensure that it is communicating with the expected device, allowing for connection to a device that spoofs the MAC address of a lock, which compromises the legitimate locks integrity. | ||||
| CVE-2024-37662 | 2024-08-14 | 6.3 Medium | ||
| TP-LINK TL-7DR5130 v1.0.23 is vulnerable to TCP DoS or hijacking attacks. An attacker in the same WLAN as the victim can disconnect or hijack the traffic between the victim and any remote server by sending out forged TCP RST messages to evict NAT mappings in the router. | ||||
| CVE-2021-41038 | 1 Eclipse | 1 Theia | 2024-08-04 | 6.1 Medium |
| In versions of the @theia/plugin-ext component of Eclipse Theia prior to 1.18.0, Webview contents can be hijacked via postMessage(). | ||||
| CVE-2022-4848 | 1 Usememos | 1 Memos | 2024-08-03 | 5.7 Medium |
| Improper Verification of Source of a Communication Channel in GitHub repository usememos/memos prior to 0.9.1. | ||||
| CVE-2022-4800 | 1 Usememos | 1 Memos | 2024-08-03 | 6.5 Medium |
| Improper Verification of Source of a Communication Channel in GitHub repository usememos/memos prior to 0.9.1. | ||||
| CVE-2024-40515 | 1 Tendacn | 1 Ax2 Pro | 2024-08-02 | 9.8 Critical |
| An issue in SHENZHEN TENDA TECHNOLOGY CO.,LTD Tenda AX2pro V16.03.29.48_cn allows a remote attacker to execute arbitrary code via the Routing functionality. | ||||
| CVE-2024-40516 | 1 H3c | 1 Rc3000 Firmware | 2024-08-02 | 8.8 High |
| An issue in H3C Technologies Co., Limited H3C Magic RC3000 RC3000V100R009 allows a remote attacker to execute arbitrary code via the Routing functionality. | ||||
| CVE-2024-40503 | 1 Tenda | 1 Ax12 Firmware | 2024-08-02 | 6.5 Medium |
| An issue in Tenda AX12 v.16.03.49.18_cn+ allows a remote attacker to cause a denial of service via the Routing functionality and ICMP packet handling. | ||||