Vulnerabilities
| DATE | CVE | VULNERABILITY TITLE | RISK |
|---|---|---|---|
| 2024-10-02 | CVE-2024-28888 | Use After Free vulnerability in Foxit PDF Reader 2024.1.0.23997 A use-after-free vulnerability exists in the way Foxit Reade 2024.1.0.23997 handles a checkbox field object. | 8.8 |
| 2024-10-02 | CVE-2024-43795 | Cross-site Scripting vulnerability in Openc3 Cosmos OpenC3 COSMOS provides the functionality needed to send commands to and receive data from one or more embedded systems. | 6.1 |
| 2024-10-02 | CVE-2024-46977 | Path Traversal vulnerability in Openc3 Cosmos OpenC3 COSMOS provides the functionality needed to send commands to and receive data from one or more embedded systems. | 6.5 |
| 2024-10-02 | CVE-2024-47529 | Unspecified vulnerability in Openc3 Cosmos OpenC3 COSMOS provides the functionality needed to send commands to and receive data from one or more embedded systems. | 6.5 |
| 2024-10-02 | CVE-2024-20498 | Double Free vulnerability in Cisco products Multiple vulnerabilities in the Cisco AnyConnect VPN server of Cisco Meraki MX and Cisco Meraki Z Series Teleworker Gateway devices could allow an unauthenticated, remote attacker to cause a DoS condition in the AnyConnect service on an affected device. These vulnerabilities are due to insufficient validation of client-supplied parameters while establishing an SSL VPN session. | 7.5 |
| 2024-10-02 | CVE-2024-20499 | Out-of-bounds Write vulnerability in Cisco products Multiple vulnerabilities in the Cisco AnyConnect VPN server of Cisco Meraki MX and Cisco Meraki Z Series Teleworker Gateway devices could allow an unauthenticated, remote attacker to cause a DoS condition in the AnyConnect service on an affected device. These vulnerabilities are due to insufficient validation of client-supplied parameters while establishing an SSL VPN session. | 7.5 |
| 2024-10-02 | CVE-2024-20500 | Resource Exhaustion vulnerability in Cisco products A vulnerability in the Cisco AnyConnect VPN server of Cisco Meraki MX and Cisco Meraki Z Series Teleworker Gateway devices could allow an unauthenticated, remote attacker to cause a DoS condition in the AnyConnect service on an affected device. This vulnerability is due to insufficient resource management when establishing TLS/SSL sessions. | 7.5 |
| 2024-10-02 | CVE-2024-20501 | Out-of-bounds Write vulnerability in Cisco products Multiple vulnerabilities in the Cisco AnyConnect VPN server of Cisco Meraki MX and Cisco Meraki Z Series Teleworker Gateway devices could allow an unauthenticated, remote attacker to cause a DoS condition in the AnyConnect service on an affected device. These vulnerabilities are due to insufficient validation of client-supplied parameters while establishing an SSL VPN session. | 7.5 |
| 2024-10-02 | CVE-2024-20502 | Resource Exhaustion vulnerability in Cisco products A vulnerability in the Cisco AnyConnect VPN server of Cisco Meraki MX and Cisco Meraki Z Series Teleworker Gateway devices could allow an unauthenticated, remote attacker to cause a DoS condition on an affected device. This vulnerability is due to insufficient resource management while establishing SSL VPN sessions. | 7.5 |
| 2024-10-02 | CVE-2024-20509 | Race Condition vulnerability in Cisco products A vulnerability in the Cisco AnyConnect VPN server of Cisco Meraki MX and Cisco Meraki Z Series Teleworker Gateway devices could allow an unauthenticated, remote attacker to hijack an AnyConnect VPN session or cause a denial of service (DoS) condition for individual users of the AnyConnect VPN service on an affected device. This vulnerability is due to weak entropy for handlers that are used during the VPN authentication process as well as a race condition that exists in the same process. | 5.9 |