Vulnerabilities

DATE CVE VULNERABILITY TITLE RISK
2024-09-13 CVE-2024-7756 A potential vulnerability was reported in the ThinkPad L390 Yoga and 10w Notebook that could allow a local attacker to escalate privileges by accessing an embedded UEFI shell.
low complexity
 6.8
6.8
2024-09-13 CVE-2024-8059 IPMI credentials may be captured in XCC audit log entries when the account username length is 16 characters.
network
low complexity
 4.3
4.3
2024-09-13 CVE-2024-8278 A privilege escalation vulnerability was discovered in XCC that could allow a valid, authenticated XCC user with elevated privileges to perform command injection via specially crafted IPMI commands.
network
low complexity
 7.2
7.2
2024-09-13 CVE-2024-8279 A privilege escalation vulnerability was discovered in XCC that could allow a valid, authenticated XCC user with elevated privileges to perform command injection via specially crafted file uploads.
network
low complexity
 7.2
7.2
2024-09-13 CVE-2024-8280 An input validation weakness was discovered in XCC that could allow a valid, authenticated XCC user with elevated privileges to perform command injection or cause a recoverable denial of service using a specially crafted file.
network
low complexity
 7.2
7.2
2024-09-13 CVE-2024-8281 An input validation weakness was discovered in XCC that could allow a valid, authenticated XCC user with elevated privileges to perform command injection through specially crafted command line input in the XCC SSH captive shell.
network
low complexity
 7.2
7.2
2024-09-13 CVE-2024-8782 Path Traversal vulnerability in Heyewei Jfinalcms
A vulnerability was found in JFinalCMS up to 1.0.
network
low complexity
heyewei CWE-22
critical
 9.8
9.8
2024-09-13 CVE-2024-31414 Cross-site Scripting vulnerability in Eaton Foreseer Electrical Power Monitoring System
The Eaton Foreseer software provides users the capability to customize the dashboard in WebView pages.
network
low complexity
eaton CWE-79
6.1
6.1
2024-09-13 CVE-2024-31415 Insufficiently Protected Credentials vulnerability in Eaton Foreseer Electrical Power Monitoring System
The Eaton Foreseer software provides the feasibility for the user to configure external servers for multiple purposes such as network management, user management, etc.
network
low complexity
eaton CWE-522
8.1
8.1
2024-09-13 CVE-2024-31416 Improper Validation of Specified Quantity in Input vulnerability in Eaton Foreseer Electrical Power Monitoring System
The Eaton Foreseer software provides multiple customizable input fields for the users to configure parameters in the tool like alarms, reports, etc.
network
low complexity
eaton CWE-1284
6.5
6.5