CWE:
 

Nic nie znaleziono w bazie WLB2


Common Weakness Enumeration (CWE)

CVE
Szczegóły
Opis
2024-06-11
Waiting for details
CVE-2024-35209

Updating...
 

 
A vulnerability has been identified in SINEC Traffic Analyzer (6GK8822-1BG01-0BA0) (All versions < V1.2). The affected web server is allowing HTTP methods like PUT and Delete. This could allow an attacker to modify unauthorized files.

 
2024-06-06
Waiting for details
CVE-2024-1873

Updating...
 

 
parisneo/lollms-webui is vulnerable to path traversal and denial of service attacks due to an exposed `/select_database` endpoint in version a9d16b0. The endpoint improperly handles file paths, allowing attackers to specify absolute paths when interacting with the `DiscussionsDB` instance. This flaw enables attackers to create directories anywhere on the system where the application has permissions, potentially leading to denial of service by creating directories with names of critical files, such as HTTPS certificate files, causing server startup failures. Additionally, attackers can manipulate the database path, resulting in the loss of client data by constantly changing the file location to an attacker-controlled location, scattering the data across the filesystem and making recovery difficult.

 
2024-04-26
Waiting for details
CVE-2024-32764

Updating...
 

 
A missing authentication for critical function vulnerability has been reported to affect myQNAPcloud Link. If exploited, the vulnerability could allow users with the privilege level of some functionality via a network. We have already fixed the vulnerability in the following version: myQNAPcloud Link 2.4.51 and later

 
2024-04-12
Waiting for details
CVE-2024-27261

Updating...
 

 
IBM Storage Defender - Resiliency Service 2.0.0 through 2.0.2 could allow a privileged user to install a potentially dangerous tar file, which could give them access to subsequent systems where the package was installed. IBM X-Force ID: 283986.

 
2024-04-09
Waiting for details
CVE-2023-49074

Updating...
 

 
A denial of service vulnerability exists in the TDDP functionality of Tp-Link AC1350 Wireless MU-MIMO Gigabit Access Point (EAP225 V3) v5.1.0 Build 20220926. A specially crafted series of network requests can lead to reset to factory settings. An attacker can send a sequence of unauthenticated packets to trigger this vulnerability.

 
2023-10-25
Waiting for details
CVE-2023-42494

Updating...
 

 
EisBaer Scada - CWE-749: Exposed Dangerous Method or Function

 
2023-09-13
Waiting for details
CVE-2023-23845

Updating...
 

 
The SolarWinds Platform was susceptible to the Incorrect Comparison Vulnerability. This vulnerability allows users with administrative access to SolarWinds Web Console to execute arbitrary commands with NETWORK SERVICE privileges.

 
Waiting for details
CVE-2023-23840

Updating...
 

 
The SolarWinds Platform was susceptible to the Incorrect Comparison Vulnerability. This vulnerability allows users with administrative access to SolarWinds Web Console to execute arbitrary commands with NETWORK SERVICE privileges.

 
2023-09-11
Waiting for details
CVE-2023-40150

Updating...
 

 
?The affected product does not perform an authentication check and performs some dangerous functionality, which could result in unauthenticated remote code execution.0

 
2023-07-19
Waiting for details
CVE-2023-36853

Updating...
 

 
?In Keysight Geolocation Server v2.4.2 and prior, a low privileged attacker could create a local ZIP file containing a malicious script in any location. The attacker could abuse this to load a DLL with SYSTEM privileges.

 

 


Copyright 2024, cxsecurity.com

 

Back to Top