Vulnerabilities > Medium
| DATE | CVE | VULNERABILITY TITLE | RISK |
|---|---|---|---|
| 2024-07-14 | CVE-2024-39733 | Insufficiently Protected Credentials vulnerability in IBM Datacap IBM Datacap Navigator 9.1.5, 9.1.6, 9.1.7, 9.1.8, and 9.1.9 stores user credentials in plain clear text which can be read by a local user. | 5.5 |
| 2024-07-14 | CVE-2024-39734 | Reliance on Cookies without Validation and Integrity Checking vulnerability in IBM Datacap IBM Datacap Navigator 9.1.5, 9.1.6, 9.1.7, 9.1.8, and 9.1.9 does not set the secure attribute on authorization tokens or session cookies. | 4.3 |
| 2024-07-13 | CVE-2024-6465 | The WP Links Page plugin for WordPress is vulnerable to unauthorized modification of data due to a missing capability check on the 'wplf_ajax_update_screenshots' function in all versions up to, and including, 4.9.5. network low complexity | 4.3 |
| 2024-07-13 | CVE-2024-6574 | The Laposta plugin for WordPress is vulnerable to Full Path Disclosure in all versions up to, and including, 1.12. network low complexity | 5.3 |
| 2024-07-12 | CVE-2024-31947 | Path Traversal vulnerability in Stonefly Storage Concentrator StoneFly Storage Concentrator (SC and SCVM) before 8.0.4.26 allows Directory Traversal by authenticated users. | 6.5 |
| 2024-07-12 | CVE-2024-40690 | Cross-site Scripting vulnerability in IBM Infosphere Information Server 11.7 IBM InfoSphere Server 11.7 is vulnerable to cross-site scripting. | 5.4 |
| 2024-07-12 | CVE-2024-40547 | Unspecified vulnerability in Publiccms PublicCMS v4.0.202302.e was discovered to contain an arbitrary file content replacement vulnerability via the component /admin/cmsTemplate/replace. | 6.5 |
| 2024-07-12 | CVE-2024-39916 | Insecure Default Initialization of Resource vulnerability in Fogproject FOG is a free open-source cloning/imaging/rescue suite/inventory management system. | 6.4 |
| 2024-07-12 | CVE-2024-39498 | NULL Pointer Dereference vulnerability in Linux Kernel In the Linux kernel, the following vulnerability has been resolved: drm/mst: Fix NULL pointer dereference at drm_dp_add_payload_part2 [Why] Commit: - commit 5aa1dfcdf0a4 ("drm/mst: Refactor the flow for payload allocation/removement") accidently overwrite the commit - commit 54d217406afe ("drm: use mgr->dev in drm_dbg_kms in drm_dp_add_payload_part2") which cause regression. [How] Recover the original NULL fix and remove the unnecessary input parameter 'state' for drm_dp_add_payload_part2(). (cherry picked from commit 4545614c1d8da603e57b60dd66224d81b6ffc305) | 5.5 |
| 2024-07-12 | CVE-2024-39504 | NULL Pointer Dereference vulnerability in Linux Kernel In the Linux kernel, the following vulnerability has been resolved: netfilter: nft_inner: validate mandatory meta and payload Check for mandatory netlink attributes in payload and meta expression when used embedded from the inner expression, otherwise NULL pointer dereference is possible from userspace. | 5.5 |