5.7
CVE-2024-46049 -
Tenda O6 V3.0 firmware V1.0.0.7(2054) contains a stack overflow vulnerability in the formexeCommand function.
7.8
CVE-2024-46713 - perf/aux: Fix AUX buffer serialization
In the Linux kernel, the following vulnerability has been resolved: perf/aux: Fix AUX buffer serialization Ole reported that event->mmap_mutex is strictly insufficient to serialize the AUX buffer, add a per RB mutex to fully serialize it. Note that in the lock order comment the perf_event::mmap_โฆ
7.5
CVE-2024-8751 - Vulnerability in SICK MSC800
A vulnerability in the MSC800 allows an unauthenticated attacker to modify the productโs IP address over Sopas ET. This can lead to Denial of Service. Users are recommended to upgrade both MSC800 and MSC800 LFT to version V4.26 and S2.93.20 respectively which fixes this issue.
8.6
CVE-2024-7961 - Rockwell Automation Path Traversal Vulnerability in Pavilion8ยฎ
A path traversal vulnerability exists in the Rockwell Automation affected product. If exploited, the threat actor could upload arbitrary files to the server that could result in a remote code execution.
8.8
CVE-2024-7960 - Rockwell Automation Incorrect Privileges and Path Traversal Vulnerability in Pavilion8ยฎ
The Rockwell Automation affected product contains a vulnerability that allows a threat actor to view sensitive information and change settings. The vulnerability exists due to having an incorrect privilege matrix that allows users to have access to functions they should not.
7.7
CVE-2024-8533 - Rockwell Automation OptixPanelโข Privilege Escalation Vulnerability via File Permissions
A privilege escalation vulnerability exists in the Rockwell Automation affected products. The vulnerability occurs due to improper default file permissions allowing users to exfiltrate credentials and escalate privileges.
8.7
CVE-2024-6077 - Rockwell Automation ControlLogix/GuardLogix 5580 and CompactLogix/Compact GuardLogixยฎ 5380 Vulnerabโฆ
A denial-of-service vulnerability exists in the Rockwell Automation affected products when specially crafted packets are sent to the CIP Security Object. If exploited the device will become unavailable and require a factory reset to recover.
5.8
CVE-2024-45607 - whatsapp-api-js fails to validate message's signature
whatsapp-api-js is a TypeScript server agnostic Whatsapp's Official API framework. It's possible to check the payload validation using the WhatsAppAPI.verifyRequestSignature and expect false when the signature is valid. Incorrect Access Control, anyone using the post or verifyRequestSignature methoโฆ
7.3
CVE-2024-20430 - Cisco Meraki Systems Manager Agent for Windows Privilege Escalation Vulnerability
A vulnerability in Cisco Meraki Systems Manager (SM) Agent for Windows could allow an authenticated, local attacker to execute arbitrary code with elevated privileges. This vulnerability is due to incorrect handling of directory search paths at runtime. A low-privileged attacker could explโฆ
6.5
CVE-2024-8311 - Improper Protection of Alternate Path in GitLab
An issue was discovered with pipeline execution policies in GitLab EE affecting all versions from 17.2 prior to 17.2.5, 17.3 prior to 17.3.2 which allows authenticated users to bypass variable overwrite protection via inclusion of a CI/CD template.