5.4
CVE-2024-21990 - Default Privileged Account Credentials Vulnerability in ONTAP Select Deploy administration utility
ONTAP Select Deploy administration utility versions 9.12.1.x, 9.13.1.x and 9.14.1.x contain hard-coded credentials that could allow an attacker to view Deploy configuration information and modify the account credentials.
8.1
CVE-2024-21989 - Privilege Escalation Vulnerability in ONTAP Select Deploy administration utility
ONTAP Select Deploy administration utility versions 9.12.1.x, 9.13.1.x and 9.14.1.x are susceptible to a vulnerability which when successfully exploited could allow a read-only user to escalate their privileges.
5.7
CVE-2024-29951 - Brocade SANnav has weak encryption in internal SSH ports
Brocade SANnav before v2.3.1 and v2.3.0a uses the SHA-1 hash in internal SSH ports that are not open to remote connection.
8.3
CVE-2024-3323 - Reflected Cross Site Scripting (XSS) vulnerability
Cross Site Scripting in UI Request/Response Validation in TIBCO JasperReports Server 8.0.4 and 8.2.0 allows allows for the injection of malicious executable scripts into the code of a trusted application that may lead to stealing the user's active session cookieΒ via sending malicious link, entiβ¦
7.5
CVE-2024-29950 - Brocade SANnav before v2.3.1, v2.3.0a uses weak encryption
The class FileTransfer implemented in Brocade SANnav before v2.3.1, v2.3.0a, uses the ssh-rsa signature scheme, which has a SHA-1 hash. The vulnerability could allow a remote, unauthenticated attacker to perform a man-in-the-middle attack.
8.8
CVE-2024-3914 -
Use after free in V8 in Google Chrome prior to 124.0.6367.60 allowed a remote attacker to potentially exploit heap corruption via a crafted HTML page. (Chromium security severity: High)
8.4
CVE-2024-28073 - SolarWinds Serv-U Directory Traversal Remote Code Execution Vulnerability
SolarWinds Serv-U was found to be susceptible to a Directory Traversal Remote Code Vulnerability. This vulnerability requires a highly privileged account to be exploited.
5.9
CVE-2023-5407 -
Controller denial of service due to improper handling of a specially crafted message received by the controller. See Honeywell Security Notification for recommendations on upgrading and versioning.
5.9
CVE-2023-5406 -
Server communication with a controller can lead to remote code execution using a specially crafted message from the controller.Β See Honeywell Security Notification for recommendations on upgrading and versioning.
5.9
CVE-2023-5405 -
Server information leak for the CDA Server process memory can occur when an error is generated in response to a specially crafted message.Β See Honeywell Security Notification for recommendations on upgrading and versioning.