5.3
CVE-2024-31164 - NULL Pointer Dereference in libfluid_msg library
Unchecked Return Value to NULL Pointer Dereference vulnerability in Open Networking Foundation (ONF) libfluid (libfluid_msg module). This vulnerability is associated with program routines fluid_msg::ActionList::unpack13. This issue affects libfluid: 0.1.0.
5.3
CVE-2024-23916 - NULL Pointer Dereference in libfluid_msg library
Unchecked Return Value to NULL Pointer Dereference vulnerability in Open Networking Foundation (ONF) libfluid (libfluid_msg module). This vulnerability is associated with program routines fluid_msg::ActionSet::unpack. This issue affects libfluid: 0.1.0.
5.3
CVE-2024-23915 - NULL Pointer Dereference in libfluid_msg library
Unchecked Return Value to NULL Pointer Dereference vulnerability in Open Networking Foundation (ONF) libfluid (libfluid_msg module). This vulnerability is associated with program routines fluid_msg::of13::InstructionSet::unpack. This issue affects libfluid: 0.1.0.
5.3
CVE-2024-8891 - Exposure of Private Personal Information to an Unauthorized Actor vulnerability on CIRCUTOR Q-SMT
An attacker with no knowledge of the current users in the web application, could build a dictionary of potential users and check the server responses as it indicates whether or not the user is present in CIRCUTOR Q-SMT in its firmware version 1.0.4.
8
CVE-2024-8890 - Insertion of Sensitive Information Into Sent Data vulnerability on CIRCUTOR Q-SMT
An attacker with access to the network where the CIRCUTOR Q-SMT is located in its firmware version 1.0.4, could obtain legitimate credentials or steal sessions due to the fact that the device only implements the HTTP protocol. This fact prevents a secure communication channel from being established.
5.3
CVE-2024-8892 - Uncontrolled Resource Consumption vulnerability on CIRCUTOR TCP2RS+
Vulnerability in CIRCUTOR TCP2RS+ firmware version 1.3b, which could allow an attacker to modify any configuration value, even if the device has the user/password authentication option enabled, without authentication by sending packets through the UDP protocol and port 2000, deconfiguring the devicβ¦
9.3
CVE-2024-8889 - Improper Input Validation vulnerability on CIRCUTOR TCP2RS+
Vulnerability in CIRCUTOR TCP2RS+ firmware version 1.3b, which could allow an attacker to modify any configuration value, even if the device has the user/password authentication option enabled, without authentication by sending packets through the UDP protocol and port 2000, deconfiguring the devicβ¦
10
CVE-2024-8888 - Insufficient Session Expiration vulnerability on CIRCUTOR Q-SMT
An attacker with access to the network where CIRCUTOR Q-SMT is located in its firmware version 1.0.4, could steal the tokens used on the web, since these have no expiration date to access the web application without restrictions. Token theft can originate from different methods such as network captβ¦
6.9
CVE-2024-5682 - User Enumeration in Yordam Information Technology's Yordam Library Automation System
Improper Restriction of Excessive Authentication Attempts vulnerability in Yordam Information Technology Yordam Library Automation System allows Interface Manipulation.This issue affects Yordam Library Automation System: before 20.1.
8.5
CVE-2024-6406 - Sensetive Data Exposure in Yordam Information Technology's Mobile Library Application
Missing Authentication for Critical Function, Missing Authorization vulnerability in Yordam Information Technology Mobile Library Application allows Retrieve Embedded Sensitive Data.This issue affects Mobile Library Application: before 5.0.