CyberAlerts

CVE-2024-5422

Description: An uncontrolled resource consumption of file descriptors in SEH Computertechnik utnserver Pro, SEH Computertechnik utnserver ProMAX, SEH Computertechnik INU-100 allows DoS via HTTP.This issue affects utnserver Pro, utnserver ProMAX, INU-100 version 20.1.22 and below.

CVSS: HIGH (7.1)

EPSS Score: 0.04%

Source: CVE

February 14th, 2025 (5 months ago)

CVE-2024-5421

Authenticated Command Injection

Description: Missing input validation and OS command integration of the input in the utnserver Pro, utnserver ProMAX, INU-100 web-interface allows authenticated command injection.This issue affects utnserver Pro, utnserver ProMAX, INU-100 version 20.1.22 and below.

CVSS: HIGH (8.7)

EPSS Score: 1.94%

Source: CVE

February 14th, 2025 (5 months ago)

CVE-2024-5420

Stored Cross-Site Scripting in SEH Computertechnik utnserver Pro

Description: Missing input validation in the SEH Computertechnik utnserver Pro, SEH Computertechnik utnserver ProMAX, SEH Computertechnik INU-100 web-interface allows stored Cross-Site Scripting (XSS)..This issue affects utnserver Pro, utnserver ProMAX, INU-100 version 20.1.22 and below.

CVSS: HIGH (8.3)

EPSS Score: 0.06%

Source: CVE

February 14th, 2025 (5 months ago)

CVE-2024-5411

Command Injection

Description: Missing input validation and OS command integration of the input in the ORing IAP-420 web-interface allows authenticated command injection.This issue affects IAP-420 version 2.01e and below.

CVSS: HIGH (8.7)

EPSS Score: 0.04%

Source: CVE

February 14th, 2025 (5 months ago)

CVE-2024-5410

Stored Cross-Site Scripting

Description: Missing input validation in the ORing IAP-420 web-interface allows stored Cross-Site Scripting (XSS).This issue affects IAP-420 version 2.01e and below.

CVSS: HIGH (8.3)

EPSS Score: 0.04%

Source: CVE

February 14th, 2025 (5 months ago)

CVE-2024-4453

GStreamer EXIF Metadata Parsing Integer Overflow Remote Code Execution Vulnerability

Description: GStreamer EXIF Metadata Parsing Integer Overflow Remote Code Execution Vulnerability. This vulnerability allows remote attackers to execute arbitrary code on affected installations of GStreamer. Interaction with this library is required to exploit this vulnerability but attack vectors may vary depending on the implementation. The specific flaw exists within the parsing of EXIF metadata. The issue results from the lack of proper validation of user-supplied data, which can result in an integer overflow before allocating a buffer. An attacker can leverage this vulnerability to execute code in the context of the current process. . Was ZDI-CAN-23896.

CVSS: HIGH (7.8)

EPSS Score: 0.05%

Source: CVE

February 14th, 2025 (5 months ago)

CVE-2024-4299

HGiga iSherlock - Command Injection

Description: The system configuration interface of HGiga iSherlock (including MailSherlock, SpamSherock, AuditSherlock) fails to filter special characters in certain function parameters, allowing remote attackers with administrative privileges to exploit this vulnerability for Command Injection attacks, enabling execution of arbitrary system commands.

CVSS: HIGH (7.2)

EPSS Score: 0.05%

Source: CVE

February 14th, 2025 (5 months ago)

CVE-2024-4298

HGiga iSherlock - Command Injection

Description: The email search interface of HGiga iSherlock (including MailSherlock, SpamSherock, AuditSherlock) fails to filter special characters in certain function parameters, allowing remote attackers with administrative privileges to exploit this vulnerability for Command Injection attacks, enabling execution of arbitrary system commands.

CVSS: HIGH (7.2)

EPSS Score: 0.05%

Source: CVE

February 14th, 2025 (5 months ago)

CVE-2024-4216

XSS vulnerability in /settings/store API response json payload in pgAdmin 4

Description: pgAdmin <= 8.5 is affected by XSS vulnerability in /settings/store API response json payload. This vulnerability allows attackers to execute malicious script at the client end.

CVSS: HIGH (7.4)

EPSS Score: 0.04%

Source: CVE

February 14th, 2025 (5 months ago)

CVE-2024-4215

The Multi Factor Authentication bypass vulnerability in pgAdmin 4

Description: pgAdmin <= 8.5 is affected by a multi-factor authentication bypass vulnerability. This vulnerability allows an attacker with knowledge of a legitimate account’s username and password may authenticate to the application and perform sensitive actions within the application, such as managing files and executing SQL queries, regardless of the account’s MFA enrollment status.

CVSS: HIGH (7.4)

EPSS Score: 0.04%

Source: CVE

February 14th, 2025 (5 months ago)

Threat and Vulnerability Intelligence Database

Example Searches:

CVE-2024-5422	Denial of Service Description: An uncontrolled resource consumption of file descriptors in SEH Computertechnik utnserver Pro, SEH Computertechnik utnserver ProMAX, SEH Computertechnik INU-100 allows DoS via HTTP.This issue affects utnserver Pro, utnserver ProMAX, INU-100 version 20.1.22 and below. CVSS: HIGH (7.1) EPSS Score: 0.04% Source: CVE February 14th, 2025 (5 months ago)
CVE-2024-5421	Authenticated Command Injection Description: Missing input validation and OS command integration of the input in the utnserver Pro, utnserver ProMAX, INU-100 web-interface allows authenticated command injection.This issue affects utnserver Pro, utnserver ProMAX, INU-100 version 20.1.22 and below. CVSS: HIGH (8.7) EPSS Score: 1.94% Source: CVE February 14th, 2025 (5 months ago)
CVE-2024-5420	Stored Cross-Site Scripting in SEH Computertechnik utnserver Pro Description: Missing input validation in the SEH Computertechnik utnserver Pro, SEH Computertechnik utnserver ProMAX, SEH Computertechnik INU-100 web-interface allows stored Cross-Site Scripting (XSS)..This issue affects utnserver Pro, utnserver ProMAX, INU-100 version 20.1.22 and below. CVSS: HIGH (8.3) EPSS Score: 0.06% Source: CVE February 14th, 2025 (5 months ago)
CVE-2024-5411	Command Injection Description: Missing input validation and OS command integration of the input in the ORing IAP-420 web-interface allows authenticated command injection.This issue affects IAP-420 version 2.01e and below. CVSS: HIGH (8.7) EPSS Score: 0.04% Source: CVE February 14th, 2025 (5 months ago)
CVE-2024-5410	Stored Cross-Site Scripting Description: Missing input validation in the ORing IAP-420 web-interface allows stored Cross-Site Scripting (XSS).This issue affects IAP-420 version 2.01e and below. CVSS: HIGH (8.3) EPSS Score: 0.04% Source: CVE February 14th, 2025 (5 months ago)
CVE-2024-4453	GStreamer EXIF Metadata Parsing Integer Overflow Remote Code Execution Vulnerability Description: GStreamer EXIF Metadata Parsing Integer Overflow Remote Code Execution Vulnerability. This vulnerability allows remote attackers to execute arbitrary code on affected installations of GStreamer. Interaction with this library is required to exploit this vulnerability but attack vectors may vary depending on the implementation. The specific flaw exists within the parsing of EXIF metadata. The issue results from the lack of proper validation of user-supplied data, which can result in an integer overflow before allocating a buffer. An attacker can leverage this vulnerability to execute code in the context of the current process. . Was ZDI-CAN-23896. CVSS: HIGH (7.8) EPSS Score: 0.05% Source: CVE February 14th, 2025 (5 months ago)
CVE-2024-4299	HGiga iSherlock - Command Injection Description: The system configuration interface of HGiga iSherlock (including MailSherlock, SpamSherock, AuditSherlock) fails to filter special characters in certain function parameters, allowing remote attackers with administrative privileges to exploit this vulnerability for Command Injection attacks, enabling execution of arbitrary system commands. CVSS: HIGH (7.2) EPSS Score: 0.05% Source: CVE February 14th, 2025 (5 months ago)
CVE-2024-4298	HGiga iSherlock - Command Injection Description: The email search interface of HGiga iSherlock (including MailSherlock, SpamSherock, AuditSherlock) fails to filter special characters in certain function parameters, allowing remote attackers with administrative privileges to exploit this vulnerability for Command Injection attacks, enabling execution of arbitrary system commands. CVSS: HIGH (7.2) EPSS Score: 0.05% Source: CVE February 14th, 2025 (5 months ago)
CVE-2024-4216	XSS vulnerability in /settings/store API response json payload in pgAdmin 4 Description: pgAdmin <= 8.5 is affected by XSS vulnerability in /settings/store API response json payload. This vulnerability allows attackers to execute malicious script at the client end. CVSS: HIGH (7.4) EPSS Score: 0.04% Source: CVE February 14th, 2025 (5 months ago)
CVE-2024-4215	The Multi Factor Authentication bypass vulnerability in pgAdmin 4 Description: pgAdmin <= 8.5 is affected by a multi-factor authentication bypass vulnerability. This vulnerability allows an attacker with knowledge of a legitimate account’s username and password may authenticate to the application and perform sensitive actions within the application, such as managing files and executing SQL queries, regardless of the account’s MFA enrollment status. CVSS: HIGH (7.4) EPSS Score: 0.04% Source: CVE February 14th, 2025 (5 months ago)