Total
271627 CVE
| CVE | Vendors | Products | Updated | CVSS v3.1 |
|---|---|---|---|---|
| CVE-2021-38119 | 2024-11-26 | 6.1 Medium | ||
| Possible Reflected Cross-Site Scripting (XSS) Vulnerability in iManager has been discovered in OpenText™ iManager 3.2.4.0000. | ||||
| CVE-2021-38118 | 2024-11-26 | 5.5 Medium | ||
| Possible improper input validation Vulnerability in iManager has been discovered in OpenText™ iManager 3.2.4.0000. | ||||
| CVE-2024-50358 | 2024-11-26 | 7.2 High | ||
| A CWE-15 "External Control of System or Configuration Setting" was discovered affecting the following devices manufactured by Advantech: EKI-6333AC-2G (<= 1.6.3), EKI-6333AC-2GD (<= v1.6.3) and EKI-6333AC-1GPO (<= v1.2.1). The vulnerability can be exploited by authenticated users by restoring a tampered configuration backup. | ||||
| CVE-2024-50359 | 1 Advantech | 3 Eki-6333ac-1gpo Firmware, Eki-6333ac-2g Firmware, Eki-6333ac-2gd Firmware | 2024-11-26 | 7.2 High |
| A CWE-78 "Improper Neutralization of Special Elements used in an OS Command ('OS Command Injection')" was discovered affecting the following devices manufactured by Advantech: EKI-6333AC-2G (<= 1.6.3), EKI-6333AC-2GD (<= v1.6.3) and EKI-6333AC-1GPO (<= v1.2.1). The source of the vulnerability relies on multiple parameters belonging to the "scan_ap" API which are not properly sanitized before being concatenated to OS level commands. | ||||
| CVE-2024-50360 | 1 Advantech | 3 Eki-6333ac-1gpo Firmware, Eki-6333ac-2g Firmware, Eki-6333ac-2gd Firmware | 2024-11-26 | 7.2 High |
| A CWE-78 "Improper Neutralization of Special Elements used in an OS Command ('OS Command Injection')" was discovered affecting the following devices manufactured by Advantech: EKI-6333AC-2G (<= 1.6.3), EKI-6333AC-2GD (<= v1.6.3) and EKI-6333AC-1GPO (<= v1.2.1). The source of the vulnerability relies on multiple parameters belonging to the "snmp_apply" API which are not properly sanitized before being concatenated to OS level commands. | ||||
| CVE-2024-50366 | 1 Advantech | 3 Eki-6333ac-1gpo Firmware, Eki-6333ac-2g Firmware, Eki-6333ac-2gd Firmware | 2024-11-26 | 7.2 High |
| A CWE-78 "Improper Neutralization of Special Elements used in an OS Command ('OS Command Injection')" was discovered affecting the following devices manufactured by Advantech: EKI-6333AC-2G (<= 1.6.3), EKI-6333AC-2GD (<= v1.6.3) and EKI-6333AC-1GPO (<= v1.2.1). The source of the vulnerability relies on multiple parameters belonging to the "applications_apply" API which are not properly sanitized before being concatenated to OS level commands. | ||||
| CVE-2024-50368 | 2024-11-26 | 7.2 High | ||
| A CWE-78 "Improper Neutralization of Special Elements used in an OS Command ('OS Command Injection')" was discovered affecting the following devices manufactured by Advantech: EKI-6333AC-2G (<= 1.6.3), EKI-6333AC-2GD (<= v1.6.3) and EKI-6333AC-1GPO (<= v1.2.1). The source of the vulnerability relies on multiple parameters belonging to the "basic_htm" API which are not properly sanitized before being concatenated to OS level commands. | ||||
| CVE-2024-50369 | 2024-11-26 | 7.2 High | ||
| A CWE-78 "Improper Neutralization of Special Elements used in an OS Command ('OS Command Injection')" was discovered affecting the following devices manufactured by Advantech: EKI-6333AC-2G (<= 1.6.3), EKI-6333AC-2GD (<= v1.6.3) and EKI-6333AC-1GPO (<= v1.2.1). The source of the vulnerability relies on multiple parameters belonging to the "multiple_ssid_htm" API which are not properly sanitized before being concatenated to OS level commands. | ||||
| CVE-2024-50370 | 2024-11-26 | 9.8 Critical | ||
| A CWE-78 "Improper Neutralization of Special Elements used in an OS Command ('OS Command Injection')" was discovered affecting the following devices manufactured by Advantech: EKI-6333AC-2G (<= 1.6.3), EKI-6333AC-2GD (<= v1.6.3) and EKI-6333AC-1GPO (<= v1.2.1). The vulnerability can be exploited by remote unauthenticated users capable of interacting with the default "edgserver" service enabled on the access point and malicious commands are executed with root privileges. No authentication is enabled on the service and the source of the vulnerability resides in processing code associated to the "cfg_cmd_set_eth_conf" operation. | ||||
| CVE-2024-50371 | 1 Advantech | 3 Eki-6333ac-1gpo Firmware, Eki-6333ac-2g Firmware, Eki-6333ac-2gd Firmware | 2024-11-26 | 9.8 Critical |
| A CWE-78 "Improper Neutralization of Special Elements used in an OS Command ('OS Command Injection')" was discovered affecting the following devices manufactured by Advantech: EKI-6333AC-2G (<= 1.6.3), EKI-6333AC-2GD (<= v1.6.3) and EKI-6333AC-1GPO (<= v1.2.1). The vulnerability can be exploited by remote unauthenticated users capable of interacting with the default "edgserver" service enabled on the access point and malicious commands are executed with root privileges. No authentication is enabled on the service and the source of the vulnerability resides in processing code associated to the "wlan_scan" operation. | ||||
| CVE-2024-50372 | 1 Advantech | 3 Eki-6333ac-1gpo Firmware, Eki-6333ac-2g Firmware, Eki-6333ac-2gd Firmware | 2024-11-26 | 9.8 Critical |
| A CWE-78 "Improper Neutralization of Special Elements used in an OS Command ('OS Command Injection')" was discovered affecting the following devices manufactured by Advantech: EKI-6333AC-2G (<= 1.6.3), EKI-6333AC-2GD (<= v1.6.3) and EKI-6333AC-1GPO (<= v1.2.1). The vulnerability can be exploited by remote unauthenticated users capable of interacting with the default "edgserver" service enabled on the access point and malicious commands are executed with root privileges. No authentication is enabled on the service and the source of the vulnerability resides in processing code associated to the "backup_config_to_utility" operation. | ||||
| CVE-2024-50373 | 1 Advantech | 3 Eki-6333ac-1gpo Firmware, Eki-6333ac-2g Firmware, Eki-6333ac-2gd Firmware | 2024-11-26 | 9.8 Critical |
| A CWE-78 "Improper Neutralization of Special Elements used in an OS Command ('OS Command Injection')" was discovered affecting the following devices manufactured by Advantech: EKI-6333AC-2G (<= 1.6.3), EKI-6333AC-2GD (<= v1.6.3) and EKI-6333AC-1GPO (<= v1.2.1). The vulnerability can be exploited by remote unauthenticated users capable of interacting with the default "edgserver" service enabled on the access point and malicious commands are executed with root privileges. No authentication is enabled on the service and the source of the vulnerability resides in processing code associated to the "restore_config_from_utility" operation. | ||||
| CVE-2024-50374 | 1 Advantech | 3 Eki-6333ac-1gpo Firmware, Eki-6333ac-2g Firmware, Eki-6333ac-2gd Firmware | 2024-11-26 | 9.8 Critical |
| A CWE-78 "Improper Neutralization of Special Elements used in an OS Command ('OS Command Injection')" was discovered affecting the following devices manufactured by Advantech: EKI-6333AC-2G (<= 1.6.3), EKI-6333AC-2GD (<= v1.6.3) and EKI-6333AC-1GPO (<= v1.2.1). The vulnerability can be exploited by remote unauthenticated users capable of interacting with the default "edgserver" service enabled on the access point and malicious commands are executed with root privileges. No authentication is enabled on the service and the source of the vulnerability resides in processing code associated to the "capture_packages" operation. | ||||
| CVE-2024-50375 | 1 Advantech | 3 Eki-6333ac-1gpo Firmware, Eki-6333ac-2g Firmware, Eki-6333ac-2gd Firmware | 2024-11-26 | 9.8 Critical |
| A CWE-306 "Missing Authentication for Critical Function" was discovered affecting the following devices manufactured by Advantech: EKI-6333AC-2G (<= 1.6.3), EKI-6333AC-2GD (<= v1.6.3) and EKI-6333AC-1GPO (<= v1.2.1). The vulnerability can be exploited by remote unauthenticated users capable of interacting with the default "edgserver" service enabled on the access point. | ||||
| CVE-2024-50377 | 1 Advantech | 3 Eki-6333ac-1gpo Firmware, Eki-6333ac-2g Firmware, Eki-6333ac-2gd Firmware | 2024-11-26 | 6.5 Medium |
| A CWE-798 "Use of Hard-coded Credentials" was discovered affecting the following devices manufactured by Advantech: EKI-6333AC-2G (<= 1.6.3), EKI-6333AC-2GD (<= v1.6.3) and EKI-6333AC-1GPO (<= v1.2.1). The vulnerability is associated to the backup configuration functionality that by default encrypts the archives using a static password. | ||||
| CVE-2024-10863 | 2024-11-26 | N/A | ||
| : Insufficient Logging vulnerability in OpenText Secure Content Manager on Windows allows Audit Log Manipulation.This issue affects Secure Content Manager: from 10.1 before <24.4. End-users can potentially exploit the vulnerability to exclude audit trails from being recorded on the client side. | ||||
| CVE-2024-39576 | 1 Dell | 1 Power Manager | 2024-11-26 | 8.8 High |
| Dell Power Manager (DPM), versions 3.15.0 and prior, contains an Incorrect Privilege Assignment vulnerability. A low privileged attacker with local access could potentially exploit this vulnerability, leading to Code execution and Elevation of privileges. | ||||
| CVE-2024-52793 | 2024-11-26 | N/A | ||
| The Deno Standard Library provides APIs for Deno and the Web. Prior to version 1.0.11, `http/file-server`'s `serveDir` with `showDirListing: true` option is vulnerable to cross-site scripting when the attacker is a user who can control file names in the source directory on systems with POSIX file names. Exploitation might also be possible on other systems but less trivial due to e.g. lack of file name support for `<>` in Windows. Version 1.0.11 fixes the issue. | ||||
| CVE-2024-10344 | 1 Perforce | 1 Helix Core | 2024-11-26 | N/A |
| In Helix Core versions prior to 2024.2, an unauthenticated remote Denial of Service (DoS) via the refuse function was identified. Reported by Karol Więsek. | ||||
| CVE-2024-6606 | 1 Mozilla | 1 Firefox | 2024-11-26 | 9.8 Critical |
| Clipboard code failed to check the index on an array access. This could have led to an out-of-bounds read. This vulnerability affects Firefox < 128 and Thunderbird < 128. | ||||