Vulnerabilities
| DATE | CVE | VULNERABILITY TITLE | RISK |
|---|---|---|---|
| 2024-11-01 | CVE-2024-41741 | Information Exposure Through Discrepancy vulnerability in IBM Txseries for Multiplatforms 10.1 IBM TXSeries for Multiplatforms 10.1 could allow an attacker to determine valid usernames due to an observable timing discrepancy which could be used in further attacks against the system. | 5.3 |
| 2024-11-01 | CVE-2024-41744 | IBM CICS TX Standard 11.1 is vulnerable to cross-site request forgery which could allow an attacker to execute malicious and unauthorized actions transmitted from a user that the website trusts. network low complexity | 6.5 |
| 2024-11-01 | CVE-2024-41745 | Cross-site Scripting vulnerability in IBM Cics TX 11.1.0.0 IBM CICS TX Standard is vulnerable to cross-site scripting. | 6.1 |
| 2024-11-01 | CVE-2024-48352 | Unspecified vulnerability in Yealink Meeting Server Yealink Meeting Server before V26.0.0.67 is vulnerable to sensitive data exposure in the server response via sending HTTP request with enterprise ID. | 7.5 |
| 2024-11-01 | CVE-2024-51244 | OS Command Injection vulnerability in Draytek Vigor3900 Firmware 1.5.1.3 In Draytek Vigor3900 1.5.1.3, attackers can inject malicious commands into mainfunction.cgi and execute arbitrary commands by calling the doIPSec function. | 8.8 |
| 2024-11-01 | CVE-2024-51245 | OS Command Injection vulnerability in Draytek Vigor3900 Firmware 1.5.1.3 In DrayTek Vigor3900 1.5.1.3, attackers can inject malicious commands into mainfunction.cgi and execute arbitrary commands by calling the rename_table function. | 8.8 |
| 2024-11-01 | CVE-2024-51247 | OS Command Injection vulnerability in Draytek Vigor3900 Firmware 1.5.1.3 In Draytek Vigor3900 1.5.1.3, attackers can inject malicious commands into mainfunction.cgi and execute arbitrary commands by calling the doPPPo function. | 8.8 |
| 2024-11-01 | CVE-2024-51248 | OS Command Injection vulnerability in Draytek Vigor3900 Firmware 1.5.1.3 In Draytek Vigor3900 1.5.1.3, attackers can inject malicious commands into mainfunction.cgi and execute arbitrary commands by calling the modifyrow function. | 8.8 |
| 2024-11-01 | CVE-2024-51431 | Use of Hard-coded Credentials vulnerability in Lb-Link Bl-Wr1300H Firmware 1.0.4 LB-LINK BL-WR 1300H v.1.0.4 contains hardcoded credentials stored in /etc/shadow which are easily guessable. | 9.8 |
| 2024-11-01 | CVE-2024-10659 | SQL Injection vulnerability in Esafenet CDG 5 A vulnerability, which was classified as critical, has been found in ESAFENET CDG 5. | 9.8 |