7.2

CVSS3.1

CVE-2024-8278 -

A privilege escalation vulnerability was discovered in XCC that could allow a valid, authenticated XCC user with elevated privileges to perform command injection via specially crafted IPMI commands.

πŸ“… Published: Sept. 13, 2024, 5:27 p.m. πŸ”„ Last Modified: April 15, 2026, 12:35 a.m.

4.3

CVSS3.1

CVE-2024-8059 -

IPMI credentials may be captured in XCC audit log entries when the account username length is 16 characters.

πŸ“… Published: Sept. 13, 2024, 5:27 p.m. πŸ”„ Last Modified: April 15, 2026, 12:35 a.m.

6.8

CVSS3.1

CVE-2024-7756 -

A potential vulnerability was reported in the ThinkPad L390 Yoga and 10w Notebook that could allow a local attacker to escalate privileges by accessing an embedded UEFI shell.

πŸ“… Published: Sept. 13, 2024, 5:26 p.m. πŸ”„ Last Modified: April 15, 2026, 12:35 a.m.

6.7

CVSS3.1

CVE-2024-4550 -

A potential buffer overflow vulnerability was reported in some Lenovo ThinkSystemΒ and ThinkStation products that could allow a local attacker with elevated privileges to execute arbitrary code.

πŸ“… Published: Sept. 13, 2024, 5:26 p.m. πŸ”„ Last Modified: April 15, 2026, 12:35 a.m.

6.7

CVSS3.1

CVE-2024-3100 -

A potential buffer overflow vulnerability was reported in some Lenovo Notebook products that could allow a local attacker with elevated privileges to execute arbitrary code.

πŸ“… Published: Sept. 13, 2024, 5:26 p.m. πŸ”„ Last Modified: April 15, 2026, 12:35 a.m.

5.6

CVSS3.1

CVE-2024-31416 -

The Eaton Foreseer software provides multiple customizable input fields for the users to configure parameters in the tool like alarms, reports, etc. Some of these input fields were not checking the length and bounds of the entered value. The exploit of this security flaw by a bad actor may result i…

πŸ“… Published: Sept. 13, 2024, 4:48 p.m. πŸ”„ Last Modified: Aug. 26, 2025, 11:15 a.m.

6.3

CVSS3.1

CVE-2024-31415 -

The Eaton Foreseer software provides the feasibility for the user to configure external servers for multiple purposes such as network management, user management, etc. The software uses encryption to store these configurations securely on the host machine. However, the keys used for this encryption…

πŸ“… Published: Sept. 13, 2024, 4:48 p.m. πŸ”„ Last Modified: Aug. 26, 2025, 11:15 a.m.

6.7

CVSS3.1

CVE-2024-31414 -

The Eaton Foreseer software provides users the capability to customize the dashboard in WebView pages. However, the input fields for this feature in the Eaton Foreseer software lacked proper input sanitization on the server-side, which could lead to injection and execution of malicious scripts when…

πŸ“… Published: Sept. 13, 2024, 4:46 p.m. πŸ”„ Last Modified: Sept. 19, 2024, 6:48 p.m.

8.7

CVSS4.0

CVE-2024-45368 - AutomationDirect DirectLogic H2-DM1E Session Fixation

The H2-DM1E PLC's authentication protocol appears to utilize either a custom encoding scheme or a challenge-response protocol. However, there's an observed anomaly in the H2-DM1E PLC's protocol execution, namely its acceptance of multiple distinct packets as valid authentication responses. This beh…

πŸ“… Published: Sept. 13, 2024, 4:36 p.m. πŸ”„ Last Modified: April 15, 2026, 12:35 a.m.

8.7

CVSS4.0

CVE-2024-43099 - AutomationDirect DirectLogic H2-DM1E Authentication Bypass by Capture-replay

The session hijacking attack targets the application layer's control mechanism, which manages authenticated sessions between a host PC and a PLC. During such sessions, a session key is utilized to maintain security. However, if an attacker captures this session key, they can inject traffic into an …

πŸ“… Published: Sept. 13, 2024, 4:33 p.m. πŸ”„ Last Modified: April 15, 2026, 12:35 a.m.
Total resulsts: 349182
Page 8568 of 34,919
Β« previous page Β» next page
Filters