Vulnerabilities > Medium
| DATE | CVE | VULNERABILITY TITLE | RISK |
|---|---|---|---|
| 2024-08-13 | CVE-2023-20578 | Time-of-check Time-of-use (TOCTOU) Race Condition vulnerability in AMD products A TOCTOU (Time-Of-Check-Time-Of-Use) in SMM may allow an attacker with ring0 privileges and access to the BIOS menu or UEFI shell to modify the communications buffer potentially resulting in arbitrary code execution. | 6.4 |
| 2024-08-13 | CVE-2024-41613 | Cross-site Scripting vulnerability in Symphony-Cms Symphony CMS 2.7.10 A Cross Site Scripting (XSS) vulnerability in Symphony CMS 2.7.10 allows remote attackers to inject arbitrary web script or HTML by editing note. | 5.4 |
| 2024-08-13 | CVE-2024-41614 | Cross-site Scripting vulnerability in Symphony-Cms Symphony CMS symphonycms <=2.7.10 is vulnerable to Cross Site Scripting (XSS) in the Comment component for articles. | 4.8 |
| 2024-08-13 | CVE-2024-36505 | Unspecified vulnerability in Fortinet Fortios An improper access control vulnerability [CWE-284] in FortiOS 7.4.0 through 7.4.3, 7.2.5 through 7.2.7, 7.0.12 through 7.0.14 and 6.4.x may allow an attacker who has already successfully obtained write access to the underlying system (via another hypothetical exploit) to bypass the file integrity checking system. | 5.5 |
| 2024-08-13 | CVE-2024-6384 | Unspecified vulnerability in Mongodb "Hot" backup files may be downloaded by underprivileged users, if they are capable of acquiring a unique backup identifier. | 5.3 |
| 2024-08-13 | CVE-2024-38501 | Cross-site Scripting vulnerability in Pepperl-Fuchs products An unauthenticated remote attacker may use a HTML injection vulnerability with limited length to inject malicious HTML code and gain low-privileged access on the affected device. | 6.1 |
| 2024-08-13 | CVE-2024-3913 | Files or Directories Accessible to External Parties vulnerability in Phoenixcontact products An unauthenticated remote attacker can use this vulnerability to change the device configuration due to a file writeable for short time after system startup. | 5.3 |
| 2024-08-13 | CVE-2024-41774 | Cross-site Scripting vulnerability in IBM Common Licensing 9.0 IBM Common Licensing 9.0 is vulnerable to stored cross-site scripting. | 4.8 |
| 2024-08-13 | CVE-2024-41682 | Improper Restriction of Excessive Authentication Attempts vulnerability in Siemens Location Intelligence A vulnerability has been identified in Location Intelligence family (All versions < V4.4). | 5.3 |
| 2024-08-13 | CVE-2024-41683 | Weak Password Requirements vulnerability in Siemens Location Intelligence A vulnerability has been identified in Location Intelligence family (All versions < V4.4). | 5.3 |