|
310071
|
6.5 |
MEDIUM
Adjacent
|
zyxel
|
gs1900-48hpv2_firmware
gs1900-48_firmware
gs1900-24hpv2_firmware
gs1900-24ep_firmware
gs1900-24e_firmware
gs1900-24_firmware
gs1900-16_firmware
gs1900-10hp_firmware
gs1900-8hp…
|
An insufficient entropy vulnerability caused by the improper use of a randomness function with low entropy for web authentication tokens generation exists in the Zyxel GS1900-10HP firmware version V2…
|
CWE-331
Insufficient Entropy
|
CVE-2024-38270
|
2024-09-19 03:23 |
2024-09-10 |
Show
|
GitHub
Exploit DB
Packet Storm
|
|
|
|
310072
|
6.5 |
MEDIUM
Network
|
reedos
|
aim-star
|
This vulnerability exists in Reedos aiM-Star version 2.0.1 due to transmission of sensitive information in plain text in certain API endpoints. An authenticated remote attacker could exploit this vul…
|
NVD-CWE-Other
|
CVE-2024-45787
|
2024-09-19 03:15 |
2024-09-11 |
Show
|
GitHub
Exploit DB
Packet Storm
|
|
|
|
310073
|
5.3 |
MEDIUM
Network
|
bplugins
|
html5_video_player
|
The HTML5 Video Player – mp4 Video Player Plugin and Block plugin for WordPress is vulnerable to unauthorized access of data due to a missing capability check on multiple functions called via the 'h5…
|
CWE-862
Missing Authorization
|
CVE-2024-7727
|
2024-09-19 03:07 |
2024-09-11 |
Show
|
GitHub
Exploit DB
Packet Storm
|
|
|
|
310074
|
9.8 |
CRITICAL
Network
|
spip
|
spip
|
SPIP before 4.3.2, 4.2.16, and
4.1.18 is vulnerable to a command injection issue. A
remote and unauthenticated attacker can execute arbitrary operating system commands by sending a crafted multipar…
|
NVD-CWE-Other
|
CVE-2024-8517
|
2024-09-19 03:05 |
2024-09-7 |
Show
|
GitHub
Exploit DB
Packet Storm
|
|
|
|
310075
|
4.3 |
MEDIUM
Network
|
bplugins
|
html5_video_player
|
The HTML5 Video Player – mp4 Video Player Plugin and Block plugin for WordPress is vulnerable to unauthorized modification of data due to a missing capability check on the 'save_password' function in…
|
CWE-862
Missing Authorization
|
CVE-2024-7721
|
2024-09-19 03:01 |
2024-09-11 |
Show
|
GitHub
Exploit DB
Packet Storm
|
|
|
|
310076
|
7.8 |
HIGH
Local
|
ivanti
|
workspace_control
|
An authentication bypass weakness in the message broker service of Ivanti Workspace Control version 10.18.0.0 and below allows a local authenticated attacker to escalate their privileges.
|
CWE-306
Missing Authentication for Critical Function
|
CVE-2024-8012
|
2024-09-19 02:53 |
2024-09-11 |
Show
|
GitHub
Exploit DB
Packet Storm
|
|
|
|
310077
|
7.8 |
HIGH
Local
|
ivanti
|
workspace_control
|
DLL hijacking in the management console of Ivanti Workspace Control version 10.18.0.0 and below allows a local authenticated attacker to escalate their privileges and achieve arbitrary code execution.
|
CWE-427
Uncontrolled Search Path Element
|
CVE-2024-44107
|
2024-09-19 02:52 |
2024-09-11 |
Show
|
GitHub
Exploit DB
Packet Storm
|
|
|
|
310078
|
7.8 |
HIGH
Local
|
ivanti
|
workspace_control
|
Insufficient server-side controls in the management console of Ivanti Workspace Control version 10.18.0.0 and below allows a local authenticated attacker to escalate their privileges.
|
NVD-CWE-Other
|
CVE-2024-44106
|
2024-09-19 02:50 |
2024-09-11 |
Show
|
GitHub
Exploit DB
Packet Storm
|
|
|
|
310079
|
7.8 |
HIGH
Local
|
ivanti
|
workspace_control
|
Cleartext transmission of sensitive information in the management console of Ivanti Workspace Control version 10.18.0.0 and below allows a local authenticated attacker to obtain OS credentials.
|
CWE-319
Cleartext Transmission of Sensitive Information
|
CVE-2024-44105
|
2024-09-19 02:48 |
2024-09-11 |
Show
|
GitHub
Exploit DB
Packet Storm
|
|
|
|
310080
|
7.8 |
HIGH
Local
|
ivanti
|
workspace_control
|
An incorrectly implemented authentication scheme that is subjected to a spoofing attack in the management console of Ivanti Workspace Control version 10.18.0.0 and below allows a local authenticated …
|
CWE-290
Authentication Bypass by Spoofing
|
CVE-2024-44104
|
2024-09-19 02:33 |
2024-09-11 |
Show
|
GitHub
Exploit DB
Packet Storm
|
|
|
