Vulnerabilities
DATE | CVE | VULNERABILITY TITLE | RISK |
---|---|---|---|
2024-11-06 | CVE-2024-10318 | Session Fixation vulnerability in F5 products A session fixation issue was discovered in the NGINX OpenID Connect reference implementation, where a nonce was not checked at login time. | 5.4 |
2024-11-06 | CVE-2024-20525 | Cross-site Scripting vulnerability in Cisco Identity Services Engine A vulnerability in the web-based management interface of Cisco ISE could allow an unauthenticated, remote attacker to conduct an XSS attack against a user of the interface. This vulnerability exists because the web-based management interface does not properly validate user-supplied input. | 6.1 |
2024-11-06 | CVE-2024-20530 | Cross-site Scripting vulnerability in Cisco Identity Services Engine A vulnerability in the web-based management interface of Cisco ISE could allow an unauthenticated, remote attacker to conduct an XSS attack against a user of the interface. This vulnerability exists because the web-based management interface does not properly validate user-supplied input. | 6.1 |
2024-11-06 | CVE-2024-20531 | Server-Side Request Forgery (SSRF) vulnerability in Cisco Identity Services Engine A vulnerability in the API of Cisco ISE could allow an authenticated, remote attacker to read arbitrary files on the underlying operating system of an affected device and conduct a server-side request forgery (SSRF) attack through an affected device. | 6.5 |
2024-11-06 | CVE-2024-20537 | Incorrect Authorization vulnerability in Cisco Identity Services Engine A vulnerability in the web-based management interface of Cisco ISE could allow an authenticated, remote attacker to bypass the authorization mechanisms for specific administrative functions. This vulnerability is due to a lack of server-side validation of Administrator permissions. | 6.5 |
2024-11-06 | CVE-2024-20538 | Cross-site Scripting vulnerability in Cisco Identity Services Engine A vulnerability in the web-based management interface of Cisco ISE could allow an unauthenticated, remote attacker to conduct an XSS attack against a user of the interface. This vulnerability exists because the web-based management interface does not sufficiently validate user-supplied input. | 6.1 |
2024-11-06 | CVE-2024-20539 | Cross-site Scripting vulnerability in Cisco Identity Services Engine A vulnerability in the web-based management interface of Cisco ISE could allow an authenticated, remote attacker to conduct a stored XSS attack against a user of the interface. This vulnerability exists because the web-based management interface does not sufficiently validate user-supplied input. | 4.8 |
2024-11-06 | CVE-2024-10919 | OS Command Injection vulnerability in Didi Super-Jacoco 1.0 A vulnerability has been found in didi Super-Jacoco 1.0 and classified as critical. | 9.8 |
2024-11-06 | CVE-2024-10920 | Use of Hard-coded Credentials vulnerability in Mariazevedo88 Travels-Java-Api A vulnerability was found in mariazevedo88 travels-java-api up to 5.0.1 and classified as problematic. | 3.7 |
2024-11-06 | CVE-2024-10916 | Unspecified vulnerability in Dlink products A vulnerability classified as problematic has been found in D-Link DNS-320, DNS-320LW, DNS-325 and DNS-340L up to 20241028. | 5.3 |