Vulnerabilities > Medium
DATE | CVE | VULNERABILITY TITLE | RISK |
---|---|---|---|
2024-08-15 | CVE-2024-31799 | Cleartext Transmission of Sensitive Information vulnerability in Gncchome Gncc C2 Firmware Information Disclosure in GNCC's GC2 Indoor Security Camera 1080P allows an attacker with physical access to read the WiFi passphrase via the UART Debugging Port. | 4.6 |
2024-08-15 | CVE-2024-31800 | Improper Authentication vulnerability in Gncchome Gncc C2 Firmware Authentication Bypass in GNCC's GC2 Indoor Security Camera 1080P allows an attacker with physical access to gain a privileged command shell via the UART Debugging Port. | 6.8 |
2024-08-15 | CVE-2024-31905 | Missing Encryption of Sensitive Data vulnerability in IBM Qradar Network Packet Capture 7.5.0 IBM QRadar Network Packet Capture 7.5 could allow a remote attacker to obtain sensitive information, caused by the failure to properly enable HTTP Strict Transport Security. | 5.9 |
2024-08-15 | CVE-2024-40704 | Insufficiently Protected Credentials vulnerability in IBM Infosphere Information Server 11.7/11.7.0.1/11.7.0.2 IBM InfoSphere Information Server 11.7 could allow a privileged user to obtain sensitive information from authentication request headers. | 4.9 |
2024-08-15 | CVE-2024-40705 | Unspecified vulnerability in IBM Infosphere Information Server 11.7/11.7.0.1/11.7.0.2 IBM InfoSphere Information Server could allow an authenticated user to consume file space resources due to unrestricted file uploads. | 6.5 |
2024-08-15 | CVE-2024-6347 | Unspecified vulnerability in Nissan-Global Blind Spot Detection Sensor ECU Firmware * Unprotected privileged mode access through UDS session in the Blind Spot Detection Sensor ECU firmware in Nissan Altima (2022) allows attackers to trigger denial-of-service (DoS) by unauthorized access to the ECU's programming session. * No preconditions implemented for ECU management functionality through UDS session in the Blind Spot Detection Sensor ECU in Nissan Altima (2022) allows attackers to disrupt normal ECU operations by triggering a control command without authentication. low complexity nissan-global | 6.5 |
2024-08-15 | CVE-2024-42677 | Unspecified vulnerability in Isellerpal Enterprise Resource Management System An issue in Huizhi enterprise resource management system v.1.0 and before allows a local attacker to obtain sensitive information via the /nssys/common/filehandle. | 5.5 |
2024-08-15 | CVE-2024-42678 | Cross-site Scripting vulnerability in Cysoft168 Super Easy Enterprise Management System Cross Site Scripting vulnerability in Super easy enterprise management system v.1.0.0 and before allows a local attacker to execute arbitrary code via a crafted script to the /WebSet/DlgGridSet.html component. | 6.1 |
2024-08-15 | CVE-2024-42680 | Path Traversal vulnerability in Cysoft168 Super Easy Enterprise Management System An issue in Super easy enterprise management system v.1.0.0 and before allows a local attacker to obtain the server absolute path by entering a single quotation mark. | 5.5 |
2024-08-15 | CVE-2024-7411 | The Newsletters plugin for WordPress is vulnerable to Full Path Disclosure in all versions up to, and including, 4.9.9. network low complexity | 5.3 |