Vulnerabilities
| DATE | CVE | VULNERABILITY TITLE | RISK |
|---|---|---|---|
| 2024-09-30 | CVE-2024-47063 | Cross-site Scripting vulnerability in Cvat Computer Vision Annotation Tool Computer Vision Annotation Tool (CVAT) is an interactive video and image annotation tool for computer vision. | 6.1 |
| 2024-09-30 | CVE-2024-47064 | Improper Neutralization of Script in an Error Message Web Page vulnerability in Cvat Computer Vision Annotation Tool Computer Vision Annotation Tool (CVAT) is an interactive video and image annotation tool for computer vision. | 6.1 |
| 2024-09-30 | CVE-2024-47172 | Incorrect Authorization vulnerability in Cvat Computer Vision Annotation Tool Computer Vision Annotation Tool (CVAT) is an interactive video and image annotation tool for computer vision. | 5.4 |
| 2024-09-30 | CVE-2024-45772 | Deserialization of Untrusted Data vulnerability in Apache Lucene Deserialization of Untrusted Data vulnerability in Apache Lucene Replicator. This issue affects Apache Lucene's replicator module: from 4.4.0 before 9.12.0. The deprecated org.apache.lucene.replicator.http package is affected. The org.apache.lucene.replicator.nrt package is not affected. Users are recommended to upgrade to version 9.12.0, which fixes the issue. The deserialization can only be triggered if users actively deploy an network-accessible implementation and a corresponding client using a HTTP library that uses the API (e.g., a custom servlet and HTTPClient). | 8.0 |
| 2024-09-30 | CVE-2024-8453 | Use of a One-Way Hash without a Salt vulnerability in Planet Gs-4210-24P2S Firmware and Gs-4210-24Pl4C Firmware Certain switch models from PLANET Technology use an insecure hashing function to hash user passwords without being salted. | 4.9 |
| 2024-09-30 | CVE-2024-8454 | Resource Exhaustion vulnerability in Planet Gs-4210-24P2S Firmware and Gs-4210-24Pl4C Firmware The swctrl service is used to detect and remotely manage PLANET Technology devices. | 7.5 |
| 2024-09-30 | CVE-2024-8455 | Inadequate Encryption Strength vulnerability in Planet products The swctrl service is used to detect and remotely manage PLANET Technology devices. | 5.9 |
| 2024-09-30 | CVE-2024-8456 | Missing Authentication for Critical Function vulnerability in Planet Gs-4210-24P2S Firmware and Gs-4210-24Pl4C Firmware Certain switch models from PLANET Technology lack proper access control in firmware upload and download functionality, allowing unauthenticated remote attackers to download and upload firmware and system configurations, ultimately gaining full control of the devices. | 9.8 |
| 2024-09-30 | CVE-2024-8457 | Cross-site Scripting vulnerability in Planet Gs-4210-24P2S Firmware and Gs-4210-24Pl4C Firmware Certain switch models from PLANET Technology have a web application that does not properly validate specific parameters, allowing remote authenticated users with administrator privileges to inject arbitrary JavaScript, leading to Stored XSS attack. | 4.8 |
| 2024-09-30 | CVE-2024-8458 | Cross-Site Request Forgery (CSRF) vulnerability in Planet Gs-4210-24P2S Firmware and Gs-4210-24Pl4C Firmware Certain switch models from PLANET Technology have a web application that is vulnerable to Cross-Site Request Forgery (CSRF). | 8.8 |