Vulnerabilities

DATE CVE VULNERABILITY TITLE RISK
2024-12-31 CVE-2024-12105 Path Traversal vulnerability in Progress Whatsup Gold
In WhatsUp Gold versions released before 2024.0.2, an authenticated user can use a specially crafted HTTP request that can lead to information disclosure.
network
low complexity
progress CWE-22
6.5
6.5
2024-12-31 CVE-2024-12106 Missing Authentication for Critical Function vulnerability in Progress Whatsup Gold
In WhatsUp Gold versions released before 2024.0.2, an unauthenticated attacker can configure LDAP settings.
network
low complexity
progress CWE-306
7.5
7.5
2024-12-31 CVE-2024-12108 Authentication Bypass by Spoofing vulnerability in Progress Whatsup Gold
In WhatsUp Gold versions released before 2024.0.2, an attacker can gain access to the WhatsUp Gold server via the public API.
network
low complexity
progress CWE-290
critical
 9.6
9.6
2024-12-31 CVE-2024-45497 A flaw was found in the OpenShift build process, where the docker-build container is configured with a hostPath volume mount that maps the node's /var/lib/kubelet/config.json file into the build pod.
network
low complexity
CWE-732
7.6
7.6
2024-12-31 CVE-2024-12838 The passwordless login mechanism in CGFIDO from Changing Information Technology has an Authentication Bypass vulnerability, allowing remote attackers with regular privileges to send a crafted request to switch to the identity of any user, including administrators.
network
low complexity
CWE-302
8.8
8.8
2024-12-31 CVE-2024-12839 The login mechanism via device authentication of CGFIDO from Changing Information Technology has an Authentication Bypass vulnerability.
network
low complexity
CWE-294
8.8
8.8
2024-12-31 CVE-2024-13040 The QOCA aim from Quanta Computer has an Authorization Bypass Through User-Controlled Key vulnerability.
network
low complexity
CWE-639
8.8
8.8
2024-12-30 CVE-2024-13043 Link Following vulnerability in Watchguard Panda Dome 22.02.01
Panda Security Dome Link Following Local Privilege Escalation Vulnerability.
local
low complexity
watchguard CWE-59
7.8
7.8
2024-12-30 CVE-2024-13044 Out-of-bounds Write vulnerability in Ashlar Cobalt 1204.90
Ashlar-Vellum Cobalt AR File Parsing Out-Of-Bounds Write Remote Code Execution Vulnerability.
local
low complexity
ashlar CWE-787
7.8
7.8
2024-12-30 CVE-2024-13045 Out-of-bounds Write vulnerability in Ashlar Cobalt 1204.90
Ashlar-Vellum Cobalt AR File Parsing Stack-based Buffer Overflow Remote Code Execution Vulnerability.
local
low complexity
ashlar CWE-787
7.8
7.8