Vulnerabilities
| DATE | CVE | VULNERABILITY TITLE | RISK |
|---|---|---|---|
| 2024-09-19 | CVE-2024-33109 | Path Traversal vulnerability in multiple products Directory Traversal in the web interface of the Tiptel IP 286 with firmware version 2.61.13.10 allows attackers to overwrite arbitrary files on the phone via the Ringtone upload function. | 9.8 |
| 2024-09-19 | CVE-2024-40125 | Unrestricted Upload of File with Dangerous Type vulnerability in Closed-Loop Cless Server 4.5.2 An arbitrary file upload vulnerability in the Media Manager function of Closed-Loop Technology CLESS Server v4.5.2 allows attackers to execute arbitrary code via uploading a crafted PHP file to the upload endpoint. | 9.8 |
| 2024-09-19 | CVE-2024-47159 | Incorrect Authorization vulnerability in Jetbrains Youtrack In JetBrains YouTrack before 2024.3.44799 user without appropriate permissions could restore workflows attached to a project | 4.3 |
| 2024-09-19 | CVE-2024-47160 | Incorrect Authorization vulnerability in Jetbrains Youtrack In JetBrains YouTrack before 2024.3.44799 access to global app config data without appropriate permissions was possible | 5.3 |
| 2024-09-19 | CVE-2024-47162 | Insufficiently Protected Credentials vulnerability in Jetbrains Youtrack In JetBrains YouTrack before 2024.3.44799 token could be revealed on Imports page | 5.3 |
| 2024-09-19 | CVE-2024-8963 | Path Traversal vulnerability in Ivanti Endpoint Manager Cloud Services Appliance 4.6 Path Traversal in the Ivanti CSA before 4.6 Patch 519 allows a remote unauthenticated attacker to access restricted functionality. | 9.1 |
| 2024-09-19 | CVE-2024-31570 | Out-of-bounds Write vulnerability in Freeimage Project Freeimage libfreeimage in FreeImage 3.4.0 through 3.18.0 has a stack-based buffer overflow in the PluginXPM.cpp Load function via an XPM file. | 9.8 |
| 2024-09-19 | CVE-2024-38016 | Unspecified vulnerability in Microsoft products Microsoft Office Visio Remote Code Execution Vulnerability | 7.8 |
| 2024-09-19 | CVE-2024-8651 | Information Exposure Through Discrepancy vulnerability in Netcat Content Management System A vulnerability in NetCat CMS allows an attacker to send a specially crafted http request that can be used to check whether a user exists in the system, which could be a basis for further attacks. This issue affects NetCat CMS v. | 5.3 |
| 2024-09-19 | CVE-2024-8652 | Cross-site Scripting vulnerability in Netcat Content Management System A vulnerability in NetCat CMS allows an attacker to execute JavaScript code in a user's browser when they visit specific path on the site. This issue affects NetCat CMS v. | 6.1 |