6.8

CVSS3.1

CVE-2024-41711 -

A vulnerability in the Mitel 6800 Series, 6900 Series, and 6900w Series SIP Phones, including the 6970 Conference Unit, through R6.4.0.HF1 (R6.4.0.136) could allow an unauthenticated attacker with physical access to the phone to conduct an argument injection attack, due to insufficient parameter saโ€ฆ

๐Ÿ“… Published: Aug. 13, 2024, midnight ๐Ÿ”„ Last Modified: April 15, 2026, 12:35 a.m.

7.8

CVSS3.1

CVE-2024-42736 -

In TOTOLINK X5000r v9.1.0cu.2350_b20230313, the file /cgi-bin/cstecgi.cgi contains an OS command injection vulnerability in addBlacklist. Authenticated Attackers can send malicious packet to execute arbitrary commands.

๐Ÿ“… Published: Aug. 13, 2024, midnight ๐Ÿ”„ Last Modified: April 4, 2025, 2:35 p.m.

6.5

CVSS3.1

CVE-2024-42368 - open-telemetry has an Observable Timing Discrepancy

OpenTelemetry, also known as OTel, is a vendor-neutral open source Observability framework for instrumenting, generating, collecting, and exporting telemetry data such as traces, metrics, and logs. The bearertokenauth extension's server authenticator performs a simple, non-constant time string compโ€ฆ

๐Ÿ“… Published: Aug. 13, 2024, midnight ๐Ÿ”„ Last Modified: April 15, 2026, 12:35 a.m.

6.8

CVSS3.1

CVE-2024-42740 -

In TOTOLINK X5000r v9.1.0cu.2350_b20230313, the file /cgi-bin/cstecgi.cgi contains an OS command injection vulnerability in setLedCfg. Authenticated Attackers can send malicious packet to execute arbitrary commands.

๐Ÿ“… Published: Aug. 13, 2024, midnight ๐Ÿ”„ Last Modified: April 4, 2025, 2:35 p.m.

4.8

CVSS3.1

CVE-2024-41614 -

symphonycms <=2.7.10 is vulnerable to Cross Site Scripting (XSS) in the Comment component for articles.

๐Ÿ“… Published: Aug. 13, 2024, midnight ๐Ÿ”„ Last Modified: March 18, 2025, 8:15 p.m.

9.8

CVSS3.1

CVE-2024-42737 -

In TOTOLINK X5000r v9.1.0cu.2350_b20230313, the file /cgi-bin/cstecgi.cgi contains an OS command injection vulnerability in delBlacklist. Authenticated Attackers can send malicious packet to execute arbitrary commands.

๐Ÿ“… Published: Aug. 13, 2024, midnight ๐Ÿ”„ Last Modified: Aug. 13, 2024, 6:35 p.m.

8.8

CVSS3.1

CVE-2024-42739 -

In TOTOLINK X5000r v9.1.0cu.2350_b20230313, the file /cgi-bin/cstecgi.cgi contains an OS command injection vulnerability in setAccessDeviceCfg. Authenticated Attackers can send malicious packet to execute arbitrary commands.

๐Ÿ“… Published: Aug. 13, 2024, midnight ๐Ÿ”„ Last Modified: Aug. 14, 2024, 3:35 p.m.

8.8

CVSS3.1

CVE-2024-36446 -

The provisioning manager component of Mitel MiVoice MX-ONE through 7.6 SP1 could allow an authenticated attacker to conduct an authentication bypass attack due to improper access control. A successful exploit could allow an attacker to bypass the authorization schema.

๐Ÿ“… Published: Aug. 13, 2024, midnight ๐Ÿ”„ Last Modified: March 25, 2025, 5:15 p.m.

8.8

CVSS3.1

CVE-2024-42738 -

In TOTOLINK X5000r v9.1.0cu.2350_b20230313, the file /cgi-bin/cstecgi.cgi contains an OS command injection vulnerability in setDmzCfg. Authenticated Attackers can send malicious packet to execute arbitrary commands.

๐Ÿ“… Published: Aug. 13, 2024, midnight ๐Ÿ”„ Last Modified: Aug. 14, 2024, 4:35 p.m.

6.1

CVSS3.1

CVE-2024-41613 -

A Cross Site Scripting (XSS) vulnerability in Symphony CMS 2.7.10 allows remote attackers to inject arbitrary web script or HTML by editing note.

๐Ÿ“… Published: Aug. 13, 2024, midnight ๐Ÿ”„ Last Modified: Aug. 14, 2024, 6:13 p.m.
Total resulsts: 349182
Page 8888 of 34,919
ยซ previous page ยป next page
Filters