Total
8 CVE
CVE | Vendors | Products | Updated | CVSS v3.1 |
---|---|---|---|---|
CVE-2014-8119 | 3 Fedoraproject, Netcf Project, Redhat | 3 Fedora, Netcf, Enterprise Linux | 2024-08-06 | N/A |
The find_ifcfg_path function in netcf before 0.2.7 might allow attackers to cause a denial of service (application crash) via vectors involving augeas path expressions. | ||||
CVE-2020-25162 | 1 Bbraun | 2 Datamodule Compactplus, Spacecom | 2024-08-04 | 7.5 High |
A XPath injection vulnerability in the B. Braun Melsungen AG SpaceCom Version L81/U61 and earlier, and the Data module compactplus Versions A10 and A11 allows unauthenticated remote attackers to access sensitive information and escalate privileges. | ||||
CVE-2023-36429 | 1 Microsoft | 1 Dynamics 365 | 2024-08-02 | 6.5 Medium |
Microsoft Dynamics 365 (On-Premises) Information Disclosure Vulnerability | ||||
CVE-2023-36433 | 1 Microsoft | 1 Dynamics 365 | 2024-08-02 | 6.5 Medium |
Microsoft Dynamics 365 (On-Premises) Information Disclosure Vulnerability | ||||
CVE-2023-24922 | 1 Microsoft | 1 Dynamics 365 | 2024-08-02 | 6.5 Medium |
Microsoft Dynamics 365 (On-Premises) Information Disclosure Vulnerability | ||||
CVE-2024-39565 | 1 Juniper | 1 Junos Os | 2024-08-02 | 8.8 High |
An Improper Neutralization of Data within XPath Expressions ('XPath Injection') vulnerability in J-Web shipped with Juniper Networks Junos OS allows an unauthenticated, network-based attacker to execute remote commands on the target device. While an administrator is logged into a J-Web session or has previously logged in and subsequently logged out of their J-Web session, the attacker can arbitrarily execute commands on the target device with the other user's credentials. In the worst case, the attacker will have full control over the device. This issue affects Junos OS: * All versions before 21.2R3-S8, * from 21.4 before 21.4R3-S7, * from 22.2 before 22.2R3-S4, * from 22.3 before 22.3R3-S3, * from 22.4 before 22.4R3-S2, * from 23.2 before 23.2R2, * from 23.4 before 23.4R1-S1, 23.4R2. | ||||
CVE-2024-2648 | 2024-08-01 | 4.3 Medium | ||
A vulnerability, which was classified as problematic, was found in Netentsec NS-ASG Application Security Gateway 6.3. Affected is an unknown function of the file /nac/naccheck.php. The manipulation of the argument username leads to improper neutralization of data within xpath expressions. It is possible to launch the attack remotely. The exploit has been disclosed to the public and may be used. VDB-257286 is the identifier assigned to this vulnerability. NOTE: The vendor was contacted early about this disclosure but did not respond in any way. | ||||
CVE-2024-2645 | 2024-08-01 | 4.3 Medium | ||
A vulnerability classified as problematic has been found in Netentsec NS-ASG Application Security Gateway 6.3. This affects an unknown part of the file /vpnweb/resetpwd/resetpwd.php. The manipulation of the argument UserId leads to improper neutralization of data within xpath expressions. It is possible to initiate the attack remotely. The exploit has been disclosed to the public and may be used. The associated identifier of this vulnerability is VDB-257283. NOTE: The vendor was contacted early about this disclosure but did not respond in any way. |
Page 1 of 1.