Vulnerabilities > Critical
| DATE | CVE | VULNERABILITY TITLE | RISK |
|---|---|---|---|
| 2024-08-06 | CVE-2024-39226 | Path Traversal vulnerability in Gl-Inet products GL-iNet products AR750/AR750S/AR300M/AR300M16/MT300N-V2/B1300/MT1300/SFT1200/X750 v4.3.11, MT3000/MT2500/AXT1800/AX1800/A1300/X300B v4.5.16, XE300 v4.3.16, E750 v4.3.12, AP1300/S1300 v4.3.13, and XE3000/X3000 v4.4 were discovered to contain a vulnerability can be exploited to manipulate routers by passing malicious shell commands through the s2s API. | 9.8 |
| 2024-08-06 | CVE-2024-39228 | OS Command Injection vulnerability in Gl-Inet products GL-iNet products AR750/AR750S/AR300M/AR300M16/MT300N-V2/B1300/MT1300/SFT1200/X750 v4.3.11, MT3000/MT2500/AXT1800/AX1800/A1300/X300B v4.5.16, XE300 v4.3.16, E750 v4.3.12, AP1300/S1300 v4.3.13, and XE3000/X3000 v4.4 were discovered to contain a shell injection vulnerability via the interface check_ovpn_client_config and check_config. | 9.8 |
| 2024-08-06 | CVE-2024-41616 | Use of Hard-coded Credentials vulnerability in Dlink Dir-300 Firmware 1.06B05Ww D-Link DIR-300 REVA FIRMWARE v1.06B05_WW contains hardcoded credentials in the Telnet service. | 9.8 |
| 2024-08-06 | CVE-2024-30170 | Unspecified vulnerability in SSH Privx PrivX before 34.0 allows data exfiltration and denial of service via the REST API. | 9.1 |
| 2024-08-06 | CVE-2024-33897 | Forced Browsing vulnerability in Hms-Networks Ewon Cosy+ Firmware A compromised HMS Networks Cosy+ device could be used to request a Certificate Signing Request from Talk2m for another device, resulting in an availability issue. | 9.1 |
| 2024-08-06 | CVE-2024-6359 | Unspecified vulnerability in Opentext Arcsight Intelligence Privilege escalation vulnerability identified in OpenText ArcSight Intelligence. | 9.8 |
| 2024-08-06 | CVE-2024-7519 | Out-of-bounds Write vulnerability in Mozilla Firefox Insufficient checks when processing graphics shared memory could have led to memory corruption. | 9.6 |
| 2024-08-06 | CVE-2024-33960 | SQL Injection vulnerability in Janobe Credit Card, Debit Card Payment and Paypal SQL injection vulnerability in PayPal, Credit Card and Debit Card Payment affecting version 1.0. | 9.8 |
| 2024-08-06 | CVE-2024-33974 | SQL Injection vulnerability in Janobe products SQL injection vulnerability in PayPal, Credit Card and Debit Card Payment affecting version 1.0. | 9.8 |
| 2024-08-06 | CVE-2024-6202 | Incorrect Authorization vulnerability in Haloservicesolutions Haloitsm HaloITSM versions up to 2.146.1 are affected by a SAML XML Signature Wrapping (XSW) vulnerability. | 9.8 |