Vulnerabilities > Medium
| DATE | CVE | VULNERABILITY TITLE | RISK |
|---|---|---|---|
| 2024-06-26 | CVE-2024-37138 | Unspecified vulnerability in Dell Data Domain Operating System Dell PowerProtect DD, versions prior to 8.0, LTS 7.13.1.0, LTS 7.10.1.30, LTS 7.7.5.40 on DDMC contain a relative path traversal vulnerability. | 6.8 |
| 2024-06-26 | CVE-2024-37139 | Unspecified vulnerability in Dell Data Domain Operating System Dell PowerProtect DD, versions prior to 8.0, LTS 7.13.1.0, LTS 7.10.1.30, LTS 7.7.5.40 contain an Improper Control of a Resource Through its Lifetime vulnerability in an admin operation. | 6.5 |
| 2024-06-26 | CVE-2024-29174 | SQL Injection vulnerability in Dell Data Domain Operating System Dell Data Domain, versions prior to 7.13.0.0, LTS 7.7.5.30, LTS 7.10.1.20 contain an SQL Injection vulnerability. | 4.4 |
| 2024-06-26 | CVE-2024-29175 | Use of a Broken or Risky Cryptographic Algorithm vulnerability in Dell Data Domain Operating System Dell PowerProtect Data Domain, versions prior to 7.13.0.0, LTS 7.7.5.40, LTS 7.10.1.30 contain an weak cryptographic algorithm vulnerability. | 5.9 |
| 2024-06-26 | CVE-2024-5173 | The HT Mega – Absolute Addons For Elementor plugin for WordPress is vulnerable to Stored Cross-Site Scripting via the Video player widget settings in all versions up to, and including, 2.5.5 due to insufficient input sanitization and output escaping on user supplied attributes. network low complexity | 6.4 |
| 2024-06-26 | CVE-2024-24764 | Open Redirect vulnerability in Octobercms October October is a self-hosted CMS platform based on the Laravel PHP Framework. | 4.8 |
| 2024-06-26 | CVE-2024-29954 | Information Exposure Through Log Files vulnerability in Broadcom Fabric Operating System A vulnerability in a password management API in Brocade Fabric OS versions before v9.2.1, v9.2.0b, v9.1.1d, and v8.2.3e prints sensitive information in log files. | 5.5 |
| 2024-06-25 | CVE-2024-5014 | Server-Side Request Forgery (SSRF) vulnerability in Progress Whatsup Gold In WhatsUp Gold versions released before 2023.1.3, a Server Side Request Forgery vulnerability exists in the GetASPReport feature. | 6.5 |
| 2024-06-25 | CVE-2024-5017 | Path Traversal vulnerability in Progress Whatsup Gold In WhatsUp Gold versions released before 2023.1.3, a path traversal vulnerability exists. A specially crafted unauthenticated HTTP request to AppProfileImport can lead can lead to information disclosure. | 6.5 |
| 2024-06-25 | CVE-2024-0171 | Time-of-check Time-of-use (TOCTOU) Race Condition vulnerability in Dell products Dell PowerEdge Server BIOS contains an TOCTOU race condition vulnerability. | 5.3 |