4.8
CVE-2024-22247 -
VMware SD-WAN Edge contains a missing authentication and protection mechanism vulnerability. A malicious actor with physical access to the SD-WAN Edge appliance during activation can potentially exploit this vulnerability to access the BIOS configuration. In addition, the malicious actor may be β¦
7.4
CVE-2024-22246 -
VMware SD-WAN Edge contains an unauthenticated command injection vulnerability potentially leading to remote code execution. A malicious actor with local access to the Edge Router UI during activation may be able to perform a command injection attack that could lead to full control of the routerβ¦
7.7
CVE-2024-30248 - Piccolo Admin's raw SVG loading may lead to complete data compromise from admin page
Piccolo Admin is an admin interface/content management system for Python, built on top of Piccolo. Piccolo's admin panel allows media files to be uploaded. As a default, SVG is an allowed file type for upload. An attacker can upload an SVG which when loaded can allow arbitrary access to the admin pβ¦
5.3
CVE-2023-50313 - IBM WebSphere Application Server information disclosure
IBM WebSphere Application Server 8.5 and 9.0 could provide weaker than expected security for outbound TLS connections caused by a failure to honor user configuration. IBM X-Force ID: 274812.
10
CVE-2024-2389 - Flowmon Unauthenticated Command Injection Vulnerability
In Flowmon versions prior to 11.1.14 and 12.3.5, an operating system command injection vulnerability has been identified.Β An unauthenticated userΒ can gain entry to the system via the Flowmon management interface, allowing for the execution of arbitrary system commands.
7.2
CVE-2024-29949 -
There is a command injection vulnerability in some Hikvision NVRs. This could allow an authenticated user with administrative rights to execute arbitrary commands.
3.8
CVE-2024-29948 -
There is an out-of-bounds read vulnerability in some Hikvision NVRs. An authenticated attacker could exploit this vulnerability by sending specially crafted messages to a vulnerable device, causing a service abnormality.
2.7
CVE-2024-29947 -
There is a NULL dereference pointer vulnerability in some Hikvision NVRs. Due to an insufficient validation of a parameter in a message, an attacker may send specially crafted messages to an affected product, causing a process abnormality.
6.8
CVE-2023-51456 -
A Improper Input Validation issue affecting the v2_sdk_service running on a set of DJI drone devices on the port 10000 could allow an attacker to trigger an out-of-bound read/write into the process memory through a crafted payload due to a missing input sanity check in the v2_pack_array_to_msg funcβ¦
6.8
CVE-2023-51455 -
A Improper Validation of Array Index issue affecting the v2_sdk_service running on a set of DJI drone devices on the port 10000 could allow an attacker to corrupt a controlled memory location due to a missing input validation in the on_receive_session_packet_ack function implemented in the libv2_sdβ¦