CVE-2024-53457 |
Description: A stored cross-site scripting (XSS) vulnerability in the Device Settings section of LibreNMS v24.9.0 to v24.10.0 allows attackers to execute arbitrary web scripts or HTML via a crafted payload injected into the Display Name parameter.
CVSS: LOW (0.0) EPSS Score: 0.04%
December 6th, 2024 (6 months ago)
|
CVE-2024-53442 |
whapa v1.59 is vulnerable to Command Injection via a crafted filename to the HTML reports component.
Description: whapa v1.59 is vulnerable to Command Injection via a crafted filename to the HTML reports component.
CVSS: LOW (0.0) EPSS Score: 0.04%
December 6th, 2024 (6 months ago)
|
CVE-2024-52943 |
Description: An issue was discovered in Veritas Enterprise Vault before 15.1 UPD882911, ZDI-CAN-24697. It allows an authenticated remote attacker to inject a parameter into an HTTP request, allowing for Cross-Site Scripting (XSS) while viewing archived content. This could reflect back to an authenticated user without sanitization if executed by that user.
CVSS: MEDIUM (5.4) EPSS Score: 0.04%
December 6th, 2024 (6 months ago)
|
CVE-2024-52276 |
Description: User Interface (UI) Misrepresentation of Critical Information vulnerability in DocuSign allows Content Spoofing.
1. Displayed version does not show the layer flattened version, which is provided when the "Print" option is used.
2. Displayed version does not show the layer flattened version, which is provided when the combined download option is used.
3. Displayed version does not show the layer flattened version, which is also the provided version when downloading the result in the uncombined option.
Once download, If printed (e.g. via Google Chrome -> Examine the print preview): Will render the vulnerability only, not all layers are flattened.
This issue affects DocuSign: through 2024-12-04.
CVSS: HIGH (8.2) EPSS Score: 0.05%
December 6th, 2024 (6 months ago)
|
CVE-2024-52271 |
Description: User Interface (UI) Misrepresentation of Critical Information vulnerability in Documenso allows Content Spoofing.Displayed version does not show the layer flattened version, once download, If printed (e.g. via Google Chrome -> Examine the print preview): Will render the vulnerability only, not all layers are flattened.
This issue affects Documenso: through 1.8.0, >1.8.0 and Documenso SaaS (Hosted) as of 2024-12-05.
CVSS: HIGH (8.2) EPSS Score: 0.05%
December 6th, 2024 (6 months ago)
|
CVE-2024-52270 |
Description: User Interface (UI) Misrepresentation of Critical Information vulnerability in DropBox Sign(HelloSign) allows Content Spoofing.
Displayed version does not show the layer flattened version, once download, If printed (e.g. via Google Chrome -> Examine the print preview): Will render the vulnerability only, not all layers are flattened.
This issue affects DropBox Sign(HelloSign): through 2024-12-04.
CVSS: HIGH (8.2) EPSS Score: 0.04%
December 6th, 2024 (6 months ago)
|
CVE-2024-51555 |
Description: Default Credentail vulnerabilities allows access to an Aspect device using publicly available default credentials since the system does not require the installer to change default credentials.
Affected products:
ABB ASPECT - Enterprise v3.07.02;
NEXUS Series v3.07.02;
MATRIX Series v3.07.02
CVSS: CRITICAL (9.3) EPSS Score: 0.04%
December 6th, 2024 (6 months ago)
|
CVE-2024-51554 |
Description: Default Credentail vulnerabilities in ASPECT on Linux allows access to the product using publicly available default credentials.
Affected products:
ABB ASPECT - Enterprise v3.08.02;
NEXUS Series v3.08.02;
MATRIX Series v3.08.02
CVSS: HIGH (8.8) EPSS Score: 0.04%
December 6th, 2024 (6 months ago)
|
CVE-2024-51551 |
Description: Default Credentail vulnerabilities in ASPECT on Linux allows access to the product using publicly available default credentials.
Affected products:
ABB ASPECT - Enterprise v3.07.02;
NEXUS Series v3.07.02;
MATRIX Series v3.07.02
CVSS: CRITICAL (10.0) EPSS Score: 0.04%
December 6th, 2024 (6 months ago)
|
CVE-2024-51550 |
Description: Data Validation / Data Sanitization vulnerabilities in Linux allows unvalidated and unsanitized data to be injected in an Aspect device.
Affected products:
ABB ASPECT - Enterprise v3.08.02;
NEXUS Series v3.08.02;
MATRIX Series v3.08.02
CVSS: CRITICAL (9.3) EPSS Score: 0.04%
December 6th, 2024 (6 months ago)
|