7.8

CVSS3.1

CVE-2024-2747 -

CWE-428: Unquoted search path or element vulnerability exists in Easergy Studio, which could cause privilege escalation when a valid user replaces a trusted file name on the system and reboots the machine.

๐Ÿ“… Published: June 12, 2024, 5:12 p.m. ๐Ÿ”„ Last Modified: Nov. 21, 2024, 9:10 a.m.

0.0

CVE-2024-2230 -

This CVE ID has been rejected or withdrawn by its CVE Numbering Authority.

๐Ÿ“… Published: June 12, 2024, 5:03 p.m. ๐Ÿ”„ Last Modified: June 12, 2024, 6:15 p.m.

5.4

CVSS3.1

CVE-2024-37040 -

CWE-120: Buffer Copy without Checking Size of Input (โ€˜Classic Buffer Overflowโ€™) vulnerability exists that could allow a user with access to the deviceโ€™s web interface to cause a fault on the device when sending a malformed HTTP request.

๐Ÿ“… Published: June 12, 2024, 4:56 p.m. ๐Ÿ”„ Last Modified: Nov. 21, 2024, 9:23 a.m.

5.9

CVSS3.1

CVE-2024-37039 -

CWE-252: Unchecked Return Value vulnerability exists that could cause denial of service of the device when an attacker sends a specially crafted HTTP request.

๐Ÿ“… Published: June 12, 2024, 4:54 p.m. ๐Ÿ”„ Last Modified: Nov. 21, 2024, 9:23 a.m.

7.5

CVSS3.1

CVE-2024-37038 -

CWE-276: Incorrect Default Permissions vulnerability exists that could allow an authenticated user with access to the deviceโ€™s web interface to perform unauthorized file and firmware uploads when crafting custom web requests.

๐Ÿ“… Published: June 12, 2024, 4:51 p.m. ๐Ÿ”„ Last Modified: Nov. 21, 2024, 9:23 a.m.

8.1

CVSS3.1

CVE-2024-37037 -

CWE-22: Improper Limitation of a Pathname to a Restricted Directory (โ€˜Path Traversalโ€™) vulnerability exists that could allow an authenticated user with access to the deviceโ€™s web interface to corrupt files and impact device functionality when sending a crafted HTTP request.

๐Ÿ“… Published: June 12, 2024, 4:50 p.m. ๐Ÿ”„ Last Modified: Nov. 21, 2024, 9:23 a.m.

9.8

CVSS3.1

CVE-2024-37036 -

CWE-787: Out-of-bounds Write vulnerability exists that could result in an authentication bypass when sending a malformed POST request and particular configuration parameters are set.

๐Ÿ“… Published: June 12, 2024, 4:48 p.m. ๐Ÿ”„ Last Modified: Nov. 21, 2024, 9:23 a.m.

5.3

CVSS3.1

CVE-2024-5560 -

CWE-125: Out-of-bounds Read vulnerability exists that could cause denial of service of the deviceโ€™s web interface when an attacker sends a specially crafted HTTP request.

๐Ÿ“… Published: June 12, 2024, 4:45 p.m. ๐Ÿ”„ Last Modified: Nov. 21, 2024, 9:47 a.m.

5.3

CVSS4.0

CVE-2024-5898 - itsourcecode Payroll Management System print_payroll.php sql injection

A vulnerability was found in itsourcecode Payroll Management System 1.0 and classified as critical. Affected by this issue is some unknown functionality of the file print_payroll.php. The manipulation of the argument id leads to sql injection. The attack may be launched remotely. The exploit has beโ€ฆ

๐Ÿ“… Published: June 12, 2024, 4:31 p.m. ๐Ÿ”„ Last Modified: Nov. 21, 2024, 9:48 a.m.

6.8

CVSS4.0

CVE-2024-5909 - Cortex XDR Agent: Local Windows User Can Disable the Agent

A problem with a protection mechanism in the Palo Alto Networks Cortex XDR agent on Windows devices allows a low privileged local Windows user to disable the agent. This issue may be leveraged by malware to disable the Cortex XDR agent and then to perform malicious activity.

๐Ÿ“… Published: June 12, 2024, 4:29 p.m. ๐Ÿ”„ Last Modified: Nov. 21, 2024, 9:48 a.m.
Total resulsts: 349182
Page 9481 of 34,919
ยซ previous page ยป next page
Filters