Vulnerabilities
| DATE | CVE | VULNERABILITY TITLE | RISK |
|---|---|---|---|
| 2024-09-17 | CVE-2024-8956 | Improper Authentication vulnerability in Ptzoptics Pt30X-Ndi-Xx-G2 Firmware and Pt30X-Sdi Firmware PTZOptics PT30X-SDI/NDI-xx before firmware 6.3.40 is vulnerable to an insufficient authentication issue. | 9.1 |
| 2024-09-17 | CVE-2024-38183 | Unspecified vulnerability in Microsoft Groupme An improper access control vulnerability in GroupMe allows an a unauthenticated attacker to elevate privileges over a network by convincing a user to click on a malicious link. | 8.8 |
| 2024-09-17 | CVE-2024-43460 | Unspecified vulnerability in Microsoft Dynamics 365 Business Central Improper authorization in Dynamics 365 Business Central resulted in a vulnerability that allows an authenticated attacker to elevate privileges over a network. | 8.8 |
| 2024-09-17 | CVE-2024-45384 | Unspecified vulnerability in Apache Druid Padding Oracle vulnerability in Apache Druid extension, druid-pac4j. This could allow an attacker to manipulate a pac4j session cookie. This issue affects Apache Druid versions 0.18.0 through 30.0.0. Since the druid-pac4j extension is optional and disabled by default, Druid installations not using the druid-pac4j extension are not affected by this vulnerability. While we are not aware of a way to meaningfully exploit this flaw, we nevertheless recommend upgrading to version 30.0.1 or higher which fixes the issue and ensuring you have a strong druid.auth.pac4j.cookiePassphrase as a precaution. | 5.3 |
| 2024-09-17 | CVE-2024-45537 | Unspecified vulnerability in Apache Druid Apache Druid allows users with certain permissions to read data from other database systems using JDBC. | 6.5 |
| 2024-09-17 | CVE-2024-45612 | Injection vulnerability in Contao Contao is an Open Source CMS. | 5.3 |
| 2024-09-17 | CVE-2024-45803 | Cross-site Scripting vulnerability in Wireui Wire UI is a library of components and resources to empower Laravel and Livewire application development. | 6.1 |
| 2024-09-17 | CVE-2024-8660 | Cross-site Scripting vulnerability in Concretecms Concrete CMS Concrete CMS versions 9.0.0 through 9.3.3 are affected by a stored XSS vulnerability in the "Top Navigator Bar" block. Since the "Top Navigator Bar" output was not sufficiently sanitized, a rogue administrator could add a malicious payload that could be executed when targeted users visited the home page.The Concrete CMS Security Team gave this vulnerability a CVSS v4 score of 4.6 with vector CVSS:4.0/AV:N/AC:L/AT:N/PR:H/UI:A/VC:N/VI:L/VA:N/SC:N/SI:N/SA:N https://www.first.org/cvss/calculator/4.0#CVSS:4.0/AV:N/AC:L/AT:N/PR:H/UI:A/VC:N/VI:L/VA:N/SC:N/SI:N/SA:N . | 4.8 |
| 2024-09-17 | CVE-2024-8900 | Unspecified vulnerability in Mozilla Firefox An attacker could write data to the user's clipboard, bypassing the user prompt, during a certain sequence of navigational events. | 7.5 |
| 2024-09-17 | CVE-2024-8946 | Out-of-bounds Write vulnerability in Micropython 1.23.0 A vulnerability was found in MicroPython 1.23.0. | 7.5 |