Vulnerabilities > High

DATE CVE VULNERABILITY TITLE RISK
2024-12-19 CVE-2024-11157 Out-of-bounds Write vulnerability in Rockwellautomation Arena
A third-party vulnerability exists in the Rockwell Automation Arena® that could allow a threat actor to write beyond the boundaries of allocated memory in a DOE file.
local
low complexity
rockwellautomation CWE-787
7.3
2024-12-19 CVE-2024-11364 Use of Uninitialized Resource vulnerability in Rockwellautomation Arena
Another “uninitialized variable” code execution vulnerability exists in the Rockwell Automation Arena® that could allow a threat actor to craft a DOE file and force the software to access a variable prior to it being initialized.
local
low complexity
rockwellautomation CWE-908
7.3
2024-12-19 CVE-2024-12175 Use After Free vulnerability in Rockwellautomation Arena
Another “use after free” code execution vulnerability exists in the Rockwell Automation Arena® that could allow a threat actor to craft a DOE file and force the software to use a resource that was already used.
local
low complexity
rockwellautomation CWE-416
7.8
2024-12-19 CVE-2024-12790 Cross-site Scripting vulnerability in Fabianros Hostel Management System 1.0
A vulnerability was found in code-projects Hostel Management Site 1.0.
network
low complexity
fabianros CWE-79
8.2
2024-12-19 CVE-2024-12785 SQL Injection vulnerability in Angeljudesuarez Vehicle Management System 1.0
A vulnerability was found in itsourcecode Vehicle Management System 1.0.
network
low complexity
angeljudesuarez CWE-89
8.8
2024-12-19 CVE-2024-25131 A flaw was found in the MustGather.managed.openshift.io Custom Defined Resource (CRD) of OpenShift Dedicated.
network
low complexity
CWE-20
8.8
2024-12-19 CVE-2020-12820 Out-of-bounds Write vulnerability in Fortinet Fortios
Under non-default configuration, a stack-based buffer overflow in FortiOS version 6.0.10 and below, version 5.6.12 and below may allow a remote attacker authenticated to the SSL VPN to crash the FortiClient NAC daemon (fcnacd) and potentially execute arbitrary code via requesting a large FortiClient file name.
network
low complexity
fortinet CWE-787
8.8
2024-12-19 CVE-2020-15934 Improper Privilege Management vulnerability in Fortinet Forticlient
An execution with unnecessary privileges vulnerability in the VCM engine of FortiClient for Linux versions 6.2.7 and below, version 6.4.0.
local
low complexity
fortinet CWE-269
7.8
2024-12-19 CVE-2021-26115 OS Command Injection vulnerability in Fortinet Fortiwan
An OS command injection (CWE-78) vulnerability in FortiWAN version 4.5.7 and below Command Line Interface may allow a local, authenticated and unprivileged attacker to escalate their privileges to root via executing a specially-crafted command.An OS command injection (CWE-78) vulnerability in FortiWAN Command Line Interface may allow a local, authenticated and unprivileged attacker to escalate their privileges to root via executing a specially-crafted command.
local
low complexity
fortinet CWE-78
7.8
2024-12-19 CVE-2020-12819 Out-of-bounds Write vulnerability in Fortinet Fortios
A heap-based buffer overflow vulnerability in the processing of Link Control Protocol messages in FortiGate versions 5.6.12, 6.0.10, 6.2.4 and 6.4.1 and earlier may allow a remote attacker with valid SSL VPN credentials to crash the SSL VPN daemon by sending a large LCP packet, when tunnel mode is enabled.
network
high complexity
fortinet CWE-787
7.5