Vulnerabilities
| DATE | CVE | VULNERABILITY TITLE | RISK |
|---|---|---|---|
| 2024-09-25 | CVE-2022-43845 | Incorrect Permission Assignment for Critical Resource vulnerability in IBM Aspera Console 3.4.0/3.4.1/3.4.2 IBM Aspera Console 3.4.0 through 3.4.4 could allow a remote attacker to obtain sensitive information, caused by the failure to set the HTTPOnly flag. | 7.5 |
| 2024-09-25 | CVE-2023-5359 | Cleartext Storage of Sensitive Information vulnerability in Boldgrid W3 Total Cache The W3 Total Cache plugin for WordPress is vulnerable to Sensitive Information Exposure in versions up to, and including, 2.7.5 via Google OAuth API secrets stored in plaintext in the publicly visible plugin source. | 7.5 |
| 2024-09-25 | CVE-2024-38324 | Improper Certificate Validation vulnerability in IBM Storage Defender 2.0.0/2.0.4 IBM Storage Defender 2.0.0 through 2.0.7 on-prem defender-sensor-cmd CLI does not validate server name during registration and unregistration operations which could expose sensitive information to an attacker with access to the system. | 6.5 |
| 2024-09-25 | CVE-2024-41725 | Cross-site Scripting vulnerability in Doverfuelingsolutions products ProGauge MAGLINK LX CONSOLE does not have sufficient filtering on input fields that are used to render pages which may allow cross site scripting. | 6.1 |
| 2024-09-25 | CVE-2024-43423 | Use of Hard-coded Credentials vulnerability in Doverfuelingsolutions products The web application for ProGauge MAGLINK LX4 CONSOLE contains an administrative-level user account with a password that cannot be changed. | 9.8 |
| 2024-09-25 | CVE-2024-43692 | Unspecified vulnerability in Doverfuelingsolutions products An attacker can directly request the ProGauge MAGLINK LX CONSOLE resource sub page with full privileges by requesting the URL directly. | 9.8 |
| 2024-09-25 | CVE-2024-43693 | Command Injection vulnerability in Doverfuelingsolutions products A specially crafted POST request to the ProGauge MAGLINK LX CONSOLE UTILITY sub-menu can allow a remote attacker to inject arbitrary commands. | 9.8 |
| 2024-09-25 | CVE-2024-45066 | Command Injection vulnerability in Doverfuelingsolutions products A specially crafted POST request to the ProGauge MAGLINK LX CONSOLE IP sub-menu can allow a remote attacker to inject arbitrary commands. | 9.8 |
| 2024-09-25 | CVE-2024-45373 | Unspecified vulnerability in Doverfuelingsolutions products Once logged in to ProGauge MAGLINK LX4 CONSOLE, a valid user can change their privileges to administrator. | 8.8 |
| 2024-09-25 | CVE-2024-46610 | Unspecified vulnerability in Thecosy Icecms 1.0.0/2.0.1 An access control issue in IceCMS v3.4.7 and before allows attackers to arbitrarily modify users' information, including username and password, via a crafted POST request sent to the endpoint /User/ChangeUser/s in the ChangeUser function in UserController.java | 7.5 |