CVE-2024-31863 |
Description: Authentication Bypass by Spoofing vulnerability by replacing to exsiting notes in Apache Zeppelin.This issue affects Apache Zeppelin: from 0.10.1 before 0.11.0.
Users are recommended to upgrade to version 0.11.0, which fixes the issue.
EPSS Score: 0.26%
February 14th, 2025 (5 months ago)
|
CVE-2024-31862 |
Description: Improper Input Validation vulnerability in Apache Zeppelin when creating a new note from Zeppelin's UI.This issue affects Apache Zeppelin: from 0.10.1 before 0.11.0.
Users are recommended to upgrade to version 0.11.0, which fixes the issue.
EPSS Score: 0.05%
February 14th, 2025 (5 months ago)
|
CVE-2024-31860 |
Description: Improper Input Validation vulnerability in Apache Zeppelin.
By adding relative path indicators(E.g ..), attackers can see the contents for any files in the filesystem that the server account can access.
This issue affects Apache Zeppelin: from 0.9.0 before 0.11.0.
Users are recommended to upgrade to version 0.11.0, which fixes the issue.
EPSS Score: 0.05%
February 14th, 2025 (5 months ago)
|
CVE-2024-31847 |
Description: An issue was discovered in Italtel Embrace 1.6.4. A stored cross-site scripting (XSS) vulnerability allows authenticated and unauthenticated remote attackers to inject arbitrary web script or HTML into a GET parameter. This reflects/stores the user input without sanitization.
EPSS Score: 0.05%
February 14th, 2025 (5 months ago)
|
CVE-2024-31845 |
Description: An issue was discovered in Italtel Embrace 1.6.4. The product does not neutralize or incorrectly neutralizes output that is written to logs. The web application writes logs using a GET query string parameter. This parameter can be modified by an attacker, so that every action he performs is attributed to a different user. This can be exploited without authentication.
EPSS Score: 0.04%
February 14th, 2025 (5 months ago)
|
CVE-2024-31844 |
Description: An issue was discovered in Italtel Embrace 1.6.4. The server does not properly handle application errors. In some cases, this leads to a disclosure of information about the server. An unauthenticated user is able craft specific requests in order to make the application generate an error. Inside an error message, some information about the server is revealed, such as the absolute path of the source code of the application. This kind of information can help an attacker to perform other attacks against the system. This can be exploited without authentication.
EPSS Score: 0.05%
February 14th, 2025 (5 months ago)
|
CVE-2024-31843 |
Description: An issue was discovered in Italtel Embrace 1.6.4. The Web application does not properly check the parameters sent as input before they are processed on the server side. This allows authenticated users to execute commands on the Operating System.
EPSS Score: 0.04%
February 14th, 2025 (5 months ago)
|
CVE-2024-31840 |
Description: An issue was discovered in Italtel Embrace 1.6.4. The web application inserts cleartext passwords in the HTML source code. An authenticated user is able to edit the configuration of the email server. Once the user access the edit function, the web application fills the edit form with the current credentials for the email account, including the cleartext password.
EPSS Score: 0.05%
February 14th, 2025 (5 months ago)
|
CVE-2024-31810 |
Description: TOTOLINK EX200 V4.0.3c.7646_B20201211 was discovered to contain a hardcoded password for root at /etc/shadow.sample.
EPSS Score: 0.04%
February 14th, 2025 (5 months ago)
|
CVE-2024-31803 |
Description: Buffer Overflow vulnerability in emp-ot v.0.2.4 allows a remote attacker to execute arbitrary code via the FerretCOT::read_pre_data128_from_file function.
EPSS Score: 0.04%
February 14th, 2025 (5 months ago)
|