Vulnerabilities > High
| DATE | CVE | VULNERABILITY TITLE | RISK |
|---|---|---|---|
| 2024-11-18 | CVE-2024-41974 | A low privileged remote attacker may modify the BACNet service properties due to incorrect permission assignment for critical resources which may lead to a DoS limited to BACNet communication. | 7.1 |
| 2024-11-18 | CVE-2024-42384 | Integer Overflow or Wraparound vulnerability in Cesanta Mongoose Integer Overflow or Wraparound vulnerability in Cesanta Mongoose Web Server v7.14 allows an attacker to send an unexpected TLS packet and produce a segmentation fault on the application. | 7.5 |
| 2024-11-18 | CVE-2024-42385 | Unspecified vulnerability in Cesanta Mongoose Improper Neutralization of Delimiters vulnerability in Cesanta Mongoose Web Server v7.14 allows to trigger an out-of-bound memory write if the PEM certificate contains unexpected characters. | 7.0 |
| 2024-11-18 | CVE-2024-42386 | Unspecified vulnerability in Cesanta Mongoose Use of Out-of-range Pointer Offset vulnerability in Cesanta Mongoose Web Server v7.14 allows an attacker to send an unexpected TLS packet and produce a segmentation fault on the application. | 7.5 |
| 2024-11-18 | CVE-2024-42392 | Unspecified vulnerability in Cesanta Mongoose Improper Neutralization of Delimiters vulnerability in Cesanta Mongoose Web Server v7.14 allows to trigger an infinite loop bug if the input string contains unexpected characters. | 7.5 |
| 2024-11-18 | CVE-2024-41967 | A low privileged remote attacker may modify the boot mode configuration setup of the device, leading to modification of the firmware upgrade process or a denial-of-service attack. | 8.1 |
| 2024-11-18 | CVE-2024-41969 | A low privileged remote attacker may modify the configuration of the CODESYS V3 service through a missing authentication vulnerability which could lead to full system access and/or DoS. | 8.8 |
| 2024-11-18 | CVE-2024-49574 | SQL Injection vulnerability in Zohocorp Manageengine Adaudit Plus Zohocorp ManageEngine ADAudit Plus versions below 8123 are vulnerable to SQL Injection in the reports module. | 8.8 |
| 2024-11-18 | CVE-2024-22067 | Unspecified vulnerability in ZTE Nh8091 Firmware Znh8091V1.8 ZTE NH8091 product has an improper permission control vulnerability. | 8.8 |
| 2024-11-18 | CVE-2024-11309 | Path Traversal vulnerability in Trcore DVC The DVC from TRCore has a Path Traversal vulnerability, allowing unauthenticated remote attackers to exploit this vulnerability to read arbitrary system files. | 7.5 |