Total
170 CVE
| CVE | Vendors | Products | Updated | CVSS v3.1 |
|---|---|---|---|---|
| CVE-2018-13789 | 1 Descor | 1 Infocad Fm | 2024-11-21 | N/A |
| An issue was discovered in Descor Infocad FM before 3.1.0.0. An unauthenticated web service allows the retrieval of files on the web server and on reachable SMB servers. | ||||
| CVE-2017-5251 | 1 Insteon | 2 Insteon Hub, Insteon Hub Firmware | 2024-11-21 | N/A |
| In version 1012 and prior of Insteon's Insteon Hub, the radio transmissions used for communication between the hub and connected devices are not encrypted. | ||||
| CVE-2013-1351 | 1 Veraxsystems | 1 Network Management System | 2024-11-21 | 5.9 Medium |
| Verax NMS prior to 2.10 allows authentication via the encrypted password without knowing the cleartext password. | ||||
| CVE-2024-36250 | 1 Mattermost | 1 Mattermost Server | 2024-11-14 | 3.1 Low |
| Mattermost versions 9.11.x <= 9.11.2, and 9.5.x <= 9.5.10 fail to protect the mfa code against replay attacks, which allows an attacker to reuse the MFA code within ~30 seconds | ||||
| CVE-2024-22066 | 1 Zte | 8 Zxr10 160, Zxr10 160 Firmware, Zxr10 1800-2s and 5 more | 2024-11-08 | 7.5 High |
| There is a privilege escalation vulnerability in ZTE ZXR10 ZSR V2 intelligent multi service router . An authenticated attacker could use the vulnerability to obtain sensitive information about the device. | ||||
| CVE-2024-45244 | 1 Hyperledger | 1 Fabric | 2024-10-30 | 5.3 Medium |
| Hyperledger Fabric through 2.5.9 does not verify that a request has a timestamp within the expected time window. | ||||
| CVE-2024-3982 | 2 Hitachi, Hitachienergy | 2 Microscada X Sys600, Microscada X Sys600 | 2024-10-30 | 8.2 High |
| An attacker with local access to machine where MicroSCADA X SYS600 is installed, could enable the session logging supporting the product and try to exploit a session hijacking of an already established session. By default, the session logging level is not enabled and only users with administrator rights can enable it. | ||||
| CVE-2024-46041 | 1 Iothaat | 1 Smart Plug Ih In 16a S | 2024-10-07 | 8.8 High |
| IoT Haat Smart Plug IH-IN-16A-S v5.16.1 is vulnerable to Authentication Bypass by Capture-replay. | ||||
| CVE-2024-8260 | 3 Microsoft, Openpolicyagent, Redhat | 3 Windows, Open Policy Agent, Openshift Distributed Tracing | 2024-09-19 | 6.1 Medium |
| A SMB force-authentication vulnerability exists in all versions of OPA for Windows prior to v0.68.0. The vulnerability exists because of improper input validation, allowing a user to pass an arbitrary SMB share instead of a Rego file as an argument to OPA CLI or to one of the OPA Go library’s functions. | ||||
| CVE-2024-43099 | 1 Automationdirect | 1 H2-dm1e Firmware | 2024-09-14 | 8.8 High |
| The session hijacking attack targets the application layer's control mechanism, which manages authenticated sessions between a host PC and a PLC. During such sessions, a session key is utilized to maintain security. However, if an attacker captures this session key, they can inject traffic into an ongoing authenticated session. To successfully achieve this, the attacker also needs to spoof both the IP address and MAC address of the originating host which is typical of a session-based attack. | ||||