|
313411
|
- |
|
-
|
-
|
The Bare Metal Operator (BMO) implements a Kubernetes API for managing bare metal hosts in Metal3. The `BareMetalHost` (BMH) CRD allows the `userData`, `metaData`, and `networkData` for the provision…
|
-
|
CVE-2024-43803
|
2024-09-4 04:40 |
2024-09-4 |
Show
|
GitHub
Exploit DB
Packet Storm
|
|
|
|
313412
|
7.5 |
HIGH
Network
|
barix
|
sip_client_firmware
|
Barix – CWE-200 Exposure of Sensitive Information to an Unauthorized Actor
|
CWE-200
Information Exposure
|
CVE-2024-41700
|
2024-09-4 04:37 |
2024-08-20 |
Show
|
GitHub
Exploit DB
Packet Storm
|
|
|
|
313413
|
7.5 |
HIGH
Network
|
tenda
|
fh1201_firmware
|
Tenda FH1201 v1.2.0.14 (408) was discovered to contain a stack overflow via the wanmode parameter in the fromAdvSetWan function. This vulnerability allows attackers to cause a Denial of Service (DoS)…
|
CWE-787
Out-of-bounds Write
|
CVE-2024-42941
|
2024-09-4 04:35 |
2024-08-16 |
Show
|
GitHub
Exploit DB
Packet Storm
|
|
|
|
313414
|
7.5 |
HIGH
Network
|
tenda
|
fh1201_firmware
|
Tenda FH1201 v1.2.0.14 (408) was discovered to contain a stack overflow via the page parameter in the fromP2pListFilter function. This vulnerability allows attackers to cause a Denial of Service (DoS…
|
CWE-787
Out-of-bounds Write
|
CVE-2024-42940
|
2024-09-4 04:35 |
2024-08-16 |
Show
|
GitHub
Exploit DB
Packet Storm
|
|
|
|
313415
|
5.4 |
MEDIUM
Network
|
mayurik
|
best_house_rental_management_system
|
A Stored Cross Site Scripting (XSS) vulnerability was found in "manage_houses.php" in SourceCodester Best House Rental Management System v1.0. It allows remote attackers to execute arbitrary code via…
|
CWE-79
Cross-site Scripting
|
CVE-2024-40473
|
2024-09-4 04:35 |
2024-08-12 |
Show
|
GitHub
Exploit DB
Packet Storm
|
|
|
|
313416
|
6.1 |
MEDIUM
Network
|
lopalopa
|
responsive_school_management_system
|
A Reflected Cross Site Scripting (XSS) vulnerability was found in " /smsa/admin_login.php" in Kashipara Responsive School Management System v3.2.0, which allows remote attackers to execute arbitrary …
|
CWE-79
Cross-site Scripting
|
CVE-2024-41241
|
2024-09-4 04:35 |
2024-08-8 |
Show
|
GitHub
Exploit DB
Packet Storm
|
|
|
|
313417
|
7.5 |
HIGH
Network
|
hms-networks
|
ewon_cosy\+_firmware
|
Insecure Permissions vulnerability in Cosy+ devices running a firmware 21.x below 21.2s10 or a firmware 22.x below 22.1s3 are susceptible to leaking information through cookies. This is fixed in vers…
|
CWE-312
Cleartext Storage of Sensitive Information
|
CVE-2024-33892
|
2024-09-4 04:18 |
2024-08-3 |
Show
|
GitHub
Exploit DB
Packet Storm
|
|
|
|
313418
|
7.2 |
HIGH
Network
|
hms-networks
|
ewon_cosy\+_firmware
|
Cosy+ devices running a firmware 21.x below 21.2s10 or a firmware 22.x below 22.1s3 are vulnerable to code injection due to improper parameter blacklisting. This is fixed in version 21.2s10 and 22.1s…
|
CWE-78
OS Command
|
CVE-2024-33896
|
2024-09-4 04:02 |
2024-08-3 |
Show
|
GitHub
Exploit DB
Packet Storm
|
|
|
|
313419
|
6.6 |
MEDIUM
Physics
|
hms-networks
|
ewon_cosy\+_firmware
|
Cosy+ devices running a firmware 21.x below 21.2s10 or a firmware 22.x below 22.1s3 use a unique key to encrypt the configuration parameters. This is fixed in version 21.2s10 and 22.1s3, the key is n…
|
CWE-798
Use of Hard-coded Credentials
|
CVE-2024-33895
|
2024-09-4 04:02 |
2024-08-3 |
Show
|
GitHub
Exploit DB
Packet Storm
|
|
|
|
313420
|
9.8 |
CRITICAL
Network
|
arajajyothibabu
|
school_management_system
|
School Management System commit bae5aa was discovered to contain a SQL injection vulnerability via the transport parameter at vehicle.php.
|
CWE-89
SQL Injection
|
CVE-2024-42568
|
2024-09-4 03:35 |
2024-08-20 |
Show
|
GitHub
Exploit DB
Packet Storm
|
|
|
