Vulnerabilities > Medium
| DATE | CVE | VULNERABILITY TITLE | RISK |
|---|---|---|---|
| 2024-08-08 | CVE-2023-24064 | Unspecified vulnerability in Dieboldnixdorf Vynamic Security Suite Diebold Nixdorf Vynamic Security Suite (VSS) before 3.3.0 SR4 fails to validate /etc/initab during the Pre-Boot Authorization (PBA) process. low complexity dieboldnixdorf | 6.8 |
| 2024-08-08 | CVE-2023-28865 | Insufficient Verification of Data Authenticity vulnerability in Dieboldnixdorf Vynamic Security Suite Diebold Nixdorf Vynamic Security Suite (VSS) before 3.3.0 SR15, 4.0.0 SR05, 4.1.0 SR03, and 4.2.0 SR02 fails to validate the directory contents of certain directories (e.g., ensuring the expected hash sum) during the Pre-Boot Authorization (PBA) process. | 6.6 |
| 2024-08-08 | CVE-2023-33206 | Improper Validation of Integrity Check Value vulnerability in Dieboldnixdorf Vynamic Security Suite Diebold Nixdorf Vynamic Security Suite (VSS) before 3.3.0 SR16, 4.0.0 SR06, 4.1.0 SR04, 4.2.0 SR03, and 4.3.0 SR01 fails to validate symlinks during the Pre-Boot Authorization (PBA) process. | 6.8 |
| 2024-08-08 | CVE-2023-40261 | Improper Initialization vulnerability in Dieboldnixdorf Vynamic Security Suite Diebold Nixdorf Vynamic Security Suite (VSS) before 3.3.0 SR17, 4.0.0 SR07, 4.1.0 SR04, 4.2.0 SR04, and 4.3.0 SR02 fails to validate file attributes during the Pre-Boot Authorization (PBA) process. | 6.8 |
| 2024-08-08 | CVE-2024-42493 | Unspecified vulnerability in Dorsettcontrols Infoscan 1.32/1.33/1.35 Dorsett Controls InfoScan is vulnerable due to a leak of possible sensitive information through the response headers and the rendered JavaScript prior to user login. | 5.3 |
| 2024-08-08 | CVE-2024-0102 | Out-of-bounds Read vulnerability in Nvidia Cuda Toolkit NVIDIA CUDA Toolkit for all platforms contains a vulnerability in nvdisasm, where an attacker can cause an out-of-bounds read issue by deceiving a user into reading a malformed ELF file. | 5.5 |
| 2024-08-08 | CVE-2024-7394 | Cross-site Scripting vulnerability in Concretecms Concrete CMS Concrete CMS versions 9 through 9.3.2 and below 8.5.18 are vulnerable to Stored XSS in getAttributeSetName(). | 4.8 |
| 2024-08-08 | CVE-2024-41238 | SQL Injection vulnerability in Lopalopa Responsive School Management System 3.2.0 A SQL injection vulnerability in /smsa/student_login.php in Kashipara Responsive School Management System v1.0 allows an attacker to execute arbitrary SQL commands via the "username" parameter. | 5.3 |
| 2024-08-08 | CVE-2024-7477 | SQL Injection vulnerability in Avaya Aura System Manager A SQL injection vulnerability was found which could allow a command line interface (CLI) user with administrative privileges to execute arbitrary queries against the Avaya Aura System Manager database. Affected versions include 10.1.x.x and 10.2.x.x. | 6.7 |
| 2024-08-08 | CVE-2024-7480 | Unspecified vulnerability in Avaya Aura System Manager An Improper access control vulnerability was found in Avaya Aura System Manager which could allow a command-line interface (CLI) user with administrative privileges to read arbitrary files on the system. Affected versions include 10.1.x.x and 10.2.x.x. | 4.4 |