Vulnerabilities > Critical

DATE	CVE	VULNERABILITY TITLE	RISK
2024-08-06	CVE-2024-42395	Out-of-bounds Write vulnerability in multiple products There is a vulnerability in the AP Certificate Management Service which could allow a threat actor to execute an unauthenticated RCE attack. network low complexity hp arubanetworks CWE-787 critical	9.8
2024-08-06	CVE-2024-39227	Injection vulnerability in Gl-Inet products GL-iNet products AR750/AR750S/AR300M/AR300M16/MT300N-V2/B1300/MT1300/SFT1200/X750 v4.3.11, MT3000/MT2500/AXT1800/AX1800/A1300/X300B v4.5.16, XE300 v4.3.16, E750 v4.3.12, AP1300/S1300 v4.3.13, and XE3000/X3000 v4.4 were discovered to contain insecure permissions in the endpoint /cgi-bin/glc. network low complexity gl-inet CWE-74 critical	9.8
2024-08-06	CVE-2024-23483	OS Command Injection vulnerability in Zscaler Client Connector An Improper Input Validation vulnerability in Zscaler Client Connector on MacOS allows OS Command Injection. This issue affects Zscaler Client Connector on MacOS <4.2. network low complexity zscaler CWE-78 critical	9.8
2024-08-06	CVE-2024-39225	Improper Restriction of Excessive Authentication Attempts vulnerability in Gl-Inet products GL-iNet products AR750/AR750S/AR300M/AR300M16/MT300N-V2/B1300/MT1300/SFT1200/X750 v4.3.11, MT3000/MT2500/AXT1800/AX1800/A1300/X300B v4.5.16, XE300 v4.3.16, E750 v4.3.12, AP1300/S1300 v4.3.13, and XE3000/X3000 v4.4 were discovered to contain a remote code execution (RCE) vulnerability. network low complexity gl-inet CWE-307 critical	9.8
2024-08-06	CVE-2024-39226	Path Traversal vulnerability in Gl-Inet products GL-iNet products AR750/AR750S/AR300M/AR300M16/MT300N-V2/B1300/MT1300/SFT1200/X750 v4.3.11, MT3000/MT2500/AXT1800/AX1800/A1300/X300B v4.5.16, XE300 v4.3.16, E750 v4.3.12, AP1300/S1300 v4.3.13, and XE3000/X3000 v4.4 were discovered to contain a vulnerability can be exploited to manipulate routers by passing malicious shell commands through the s2s API. network low complexity gl-inet CWE-22 critical	9.8
2024-08-06	CVE-2024-39228	OS Command Injection vulnerability in Gl-Inet products GL-iNet products AR750/AR750S/AR300M/AR300M16/MT300N-V2/B1300/MT1300/SFT1200/X750 v4.3.11, MT3000/MT2500/AXT1800/AX1800/A1300/X300B v4.5.16, XE300 v4.3.16, E750 v4.3.12, AP1300/S1300 v4.3.13, and XE3000/X3000 v4.4 were discovered to contain a shell injection vulnerability via the interface check_ovpn_client_config and check_config. network low complexity gl-inet CWE-78 critical	9.8
2024-08-06	CVE-2024-41616	Use of Hard-coded Credentials vulnerability in Dlink Dir-300 Firmware 1.06B05Ww D-Link DIR-300 REVA FIRMWARE v1.06B05_WW contains hardcoded credentials in the Telnet service. network low complexity dlink CWE-798 critical	9.8
2024-08-06	CVE-2024-30170	Unspecified vulnerability in SSH Privx PrivX before 34.0 allows data exfiltration and denial of service via the REST API. network low complexity ssh critical	9.1
2024-08-06	CVE-2024-33897	Forced Browsing vulnerability in Hms-Networks Ewon Cosy+ Firmware A compromised HMS Networks Cosy+ device could be used to request a Certificate Signing Request from Talk2m for another device, resulting in an availability issue. network low complexity hms-networks CWE-425 critical	9.1
2024-08-06	CVE-2024-6359	Unspecified vulnerability in Opentext Arcsight Intelligence Privilege escalation vulnerability identified in OpenText ArcSight Intelligence. network low complexity opentext critical	9.8

Vulnerabilities > Critical {"@context":"https://schema.org","@type":"BreadcrumbList","itemListElement":[{"@type":"ListItem","position":1,"name":"Vulnerabilities","item":"https://cyber.vumetric.com/vulns/"},{"@type":"ListItem","position":2,"name":"Critical"}]}

Vulnerabilities > Critical