Search Results (2556 CVEs found)

CVE Vendors Products Updated CVSS v3.1
CVE-2024-8630 1 Alisonic 2 Sibylla, Sibylla Firmware 2024-10-16 9.4 Critical
Alisonic Sibylla devices are vulnerable to SQL injection attacks, which could allow complete access to the database.
CVE-2024-47832 1 Ssoready 1 Ssoready 2024-10-11 N/A
ssoready is a single sign on provider implemented via docker. Affected versions are vulnerable to XML signature bypass attacks. An attacker can carry out signature bypass if you have access to certain IDP-signed messages. The underlying mechanism exploits differential behavior between XML parsers. Users of https://ssoready.com, the public hosted instance of SSOReady, are unaffected. We advise folks who self-host SSOReady to upgrade to 7f92a06 or later. Do so by updating your SSOReady Docker images from sha-... to sha-7f92a06. There are no known workarounds for this vulnerability.
CVE-2024-43699 1 Deltaww 1 Diaenergie 2024-10-08 9.8 Critical
Delta Electronics DIAEnergie is vulnerable to an SQL injection in the script AM_RegReport.aspx. An unauthenticated attacker may be able to exploit this issue to obtain records contained in the targeted product.
CVE-2024-45823 1 Rockwellautomation 1 Factorytalk Batch View 2024-10-02 8.1 High
CVE-2024-45823 IMPACT An authentication bypass vulnerability exists in the affected product. The vulnerability exists due to shared secrets across accounts and could allow a threat actor to impersonate a user if the threat actor is able to enumerate additional information required during authentication.
CVE-2024-43693 1 Doverfuelingsolutions 6 Maglink Lx4 Console, Maglink Lx Console, Progauge Maglink Lx4 Console and 3 more 2024-10-01 10 Critical
A specially crafted POST request to the ProGauge MAGLINK LX CONSOLE UTILITY sub-menu can allow a remote attacker to inject arbitrary commands.
CVE-2024-43692 1 Doverfuelingsolutions 6 Maglink Lx4 Console, Maglink Lx Console, Progauge Maglink Lx4 Console and 3 more 2024-10-01 9.8 Critical
An attacker can directly request the ProGauge MAGLINK LX CONSOLE resource sub page with full privileges by requesting the URL directly.
CVE-2024-45066 1 Doverfuelingsolutions 6 Maglink Lx4 Console, Maglink Lx Console, Progauge Maglink Lx4 Console and 3 more 2024-10-01 10 Critical
A specially crafted POST request to the ProGauge MAGLINK LX CONSOLE IP sub-menu can allow a remote attacker to inject arbitrary commands.
CVE-2024-43423 1 Doverfuelingsolutions 6 Maglink Lx4 Console, Maglink Lx Console, Progauge Maglink Lx4 Console and 3 more 2024-10-01 9.8 Critical
The web application for ProGauge MAGLINK LX4 CONSOLE contains an administrative-level user account with a password that cannot be changed.
CVE-2024-45861 2 Kastle, Kastlesystems 3 Access Control System, Access Control System Firmware, Access Control System Firmware 2024-09-30 7.5 High
Kastle Systems firmware prior to May 1, 2024, contained a hard-coded credential, which if accessed may allow an attacker to access sensitive information.
CVE-2024-6800 1 Github 1 Enterprise Server 2024-09-30 9.8 Critical
An XML signature wrapping vulnerability was present in GitHub Enterprise Server (GHES) when using SAML authentication with specific identity providers utilizing publicly exposed signed federation metadata XML. This vulnerability allowed an attacker with direct network access to GitHub Enterprise Server to forge a SAML response to provision and/or gain access to a user with site administrator privileges. Exploitation of this vulnerability would allow unauthorized access to the instance without requiring prior authentication. This vulnerability affected all versions of GitHub Enterprise Server prior to 3.14 and was fixed in versions 3.13.3, 3.12.8, 3.11.14, and 3.10.16. This vulnerability was reported via the GitHub Bug Bounty program.
CVE-2024-8606 1 Checkmk 1 Checkmk 2024-09-30 8.8 High
Bypass of two factor authentication in RestAPI in Checkmk < 2.3.0p16 and < 2.2.0p34 allows authenticated users to bypass two factor authentication
CVE-2024-47088 1 Apexsoftcell 2 Ld Dp Back Office, Ld Geo 2024-09-26 9.8 Critical
This vulnerability exists in Apex Softcell LD Geo due to missing restrictions for excessive failed authentication attempts on its API based login. A remote attacker could exploit this vulnerability by conducting a brute force attack on login OTP, which could lead to gain unauthorized access to other user accounts.
CVE-2024-8752 3 Beijerelectronics, Microsoft, Smart-hmi 3 Webiq, Windows, Webiq 2024-09-20 7.5 High
The Windows version of WebIQ 2.15.9 is affected by a directory traversal vulnerability that allows remote attackers to read any file on the system.
CVE-2024-45790 1 Reedos 1 Aim-star 2024-09-18 9.8 Critical
This vulnerability exists in Reedos aiM-Star version 2.0.1 due to missing restrictions for excessive failed authentication attempts on its API based login. A remote attacker could exploit this vulnerability by conducting a brute force attack against legitimate user passwords, which could lead to gain unauthorized access and compromise other user accounts.
CVE-2024-8695 1 Docker 2 Desktop, Docker Desktop 2024-09-13 9.8 Critical
A remote code execution (RCE) vulnerability via crafted extension description/changelog could be abused by a malicious extension in Docker Desktop before 4.34.2.
CVE-2024-23497 1 Intel 2 Ethernet 800 Series Controllers Driver, Ethernet Complete Driver Pack 2024-09-12 8.8 High
Out-of-bounds write in Linux kernel mode driver for some Intel(R) Ethernet Network Controllers and Adapters before version 28.3 may allow an authenticated user to potentially enable escalation of privilege via local access.
CVE-2024-8580 1 Totolink 3 Ac1200 T8 Firmware, T8, T8 Firmware 2024-09-10 8.1 High
A vulnerability classified as critical was found in TOTOLINK AC1200 T8 4.1.5cu.861_B20230220. This vulnerability affects unknown code of the file /etc/shadow.sample. The manipulation leads to use of hard-coded password. The attack can be initiated remotely. The complexity of an attack is rather high. The exploitation appears to be difficult. The exploit has been disclosed to the public and may be used. The vendor was contacted early about this disclosure but did not respond in any way.
CVE-2024-5991 1 Wolfssl 1 Wolfssl 2024-09-06 7.5 High
In function MatchDomainName(), input param str is treated as a NULL terminated string despite being user provided and unchecked. Specifically, the function X509_check_host() takes in a pointer and length to check against, with no requirements that it be NULL terminated. If a caller was attempting to do a name check on a non-NULL terminated buffer, the code would read beyond the bounds of the input array until it found a NULL terminator.This issue affects wolfSSL: through 5.7.0.
CVE-2024-23981 1 Intel 2 Ethernet 800 Series Controllers Driver, Ethernet Complete Driver Pack 2024-09-06 8.8 High
Wrap-around error in Linux kernel mode driver for some Intel(R) Ethernet Network Controllers and Adapters before version 28.3 may allow an authenticated user to potentially enable escalation of privilege via local access.
CVE-2024-24986 1 Intel 2 Ethernet 800 Series Controllers Driver, Ethernet Complete Driver Pack 2024-09-06 8.8 High
Improper access control in Linux kernel mode driver for some Intel(R) Ethernet Network Controllers and Adapters before version 28.3 may allow an authenticated user to potentially enable escalation of privilege via local access.