Vulnerabilities > High
| DATE | CVE | VULNERABILITY TITLE | RISK |
|---|---|---|---|
| 2024-12-19 | CVE-2024-11157 | Out-of-bounds Write vulnerability in Rockwellautomation Arena A third-party vulnerability exists in the Rockwell Automation Arena® that could allow a threat actor to write beyond the boundaries of allocated memory in a DOE file. | 7.3 |
| 2024-12-19 | CVE-2024-11364 | Use of Uninitialized Resource vulnerability in Rockwellautomation Arena Another “uninitialized variable” code execution vulnerability exists in the Rockwell Automation Arena® that could allow a threat actor to craft a DOE file and force the software to access a variable prior to it being initialized. | 7.3 |
| 2024-12-19 | CVE-2024-12175 | Use After Free vulnerability in Rockwellautomation Arena Another “use after free” code execution vulnerability exists in the Rockwell Automation Arena® that could allow a threat actor to craft a DOE file and force the software to use a resource that was already used. | 7.8 |
| 2024-12-19 | CVE-2024-12790 | Cross-site Scripting vulnerability in Fabianros Hostel Management System 1.0 A vulnerability was found in code-projects Hostel Management Site 1.0. | 8.2 |
| 2024-12-19 | CVE-2024-12785 | SQL Injection vulnerability in Angeljudesuarez Vehicle Management System 1.0 A vulnerability was found in itsourcecode Vehicle Management System 1.0. | 8.8 |
| 2024-12-19 | CVE-2024-25131 | A flaw was found in the MustGather.managed.openshift.io Custom Defined Resource (CRD) of OpenShift Dedicated. | 8.8 |
| 2024-12-19 | CVE-2020-12820 | Out-of-bounds Write vulnerability in Fortinet Fortios Under non-default configuration, a stack-based buffer overflow in FortiOS version 6.0.10 and below, version 5.6.12 and below may allow a remote attacker authenticated to the SSL VPN to crash the FortiClient NAC daemon (fcnacd) and potentially execute arbitrary code via requesting a large FortiClient file name. | 8.8 |
| 2024-12-19 | CVE-2020-15934 | Improper Privilege Management vulnerability in Fortinet Forticlient An execution with unnecessary privileges vulnerability in the VCM engine of FortiClient for Linux versions 6.2.7 and below, version 6.4.0. | 7.8 |
| 2024-12-19 | CVE-2021-26115 | OS Command Injection vulnerability in Fortinet Fortiwan An OS command injection (CWE-78) vulnerability in FortiWAN version 4.5.7 and below Command Line Interface may allow a local, authenticated and unprivileged attacker to escalate their privileges to root via executing a specially-crafted command.An OS command injection (CWE-78) vulnerability in FortiWAN Command Line Interface may allow a local, authenticated and unprivileged attacker to escalate their privileges to root via executing a specially-crafted command. | 7.8 |
| 2024-12-19 | CVE-2020-12819 | Out-of-bounds Write vulnerability in Fortinet Fortios A heap-based buffer overflow vulnerability in the processing of Link Control Protocol messages in FortiGate versions 5.6.12, 6.0.10, 6.2.4 and 6.4.1 and earlier may allow a remote attacker with valid SSL VPN credentials to crash the SSL VPN daemon by sending a large LCP packet, when tunnel mode is enabled. | 7.5 |