Vulnerabilities > Medium

DATE CVE VULNERABILITY TITLE RISK
2024-09-13 CVE-2024-8783 Cross-site Scripting vulnerability in Opentibiabr Myaac
A vulnerability classified as problematic has been found in OpenTibiaBR MyAAC up to 0.8.16.
network
low complexity
opentibiabr CWE-79
5.4
5.4
2024-09-13 CVE-2024-45101 A privilege escalation vulnerability was discovered when Single Sign On (SSO) is enabled that could allow an attacker to intercept a valid, authenticated LXCA user’s XCC session if they can convince the user to click on a specially crafted URL.
network
high complexity
 6.8
6.8
2024-09-13 CVE-2024-45103 Unspecified vulnerability in Lenovo Xclarity Administrator
A valid, authenticated LXCA user may be able to unmanage an LXCA managed device in through the LXCA web interface without sufficient privileges.
network
low complexity
lenovo
4.3
4.3
2024-09-13 CVE-2024-45104 Unspecified vulnerability in Lenovo Xclarity Administrator
A valid, authenticated LXCA user without sufficient privileges may be able to use the device identifier to modify an LXCA managed device through a specially crafted web API call.
network
low complexity
lenovo
6.5
6.5
2024-09-13 CVE-2024-45105 An internal product security audit discovered a UEFI SMM (System Management Mode) callout vulnerability in some ThinkSystem servers that could allow a local attacker with elevated privileges to execute arbitrary code.
local
low complexity
 6.7
6.7
2024-09-13 CVE-2024-4550 A potential buffer overflow vulnerability was reported in some Lenovo ThinkSystem and ThinkStation products that could allow a local attacker with elevated privileges to execute arbitrary code.
local
low complexity
 6.7
6.7
2024-09-13 CVE-2024-7756 A potential vulnerability was reported in the ThinkPad L390 Yoga and 10w Notebook that could allow a local attacker to escalate privileges by accessing an embedded UEFI shell.
low complexity
 6.8
6.8
2024-09-13 CVE-2024-8059 IPMI credentials may be captured in XCC audit log entries when the account username length is 16 characters.
network
low complexity
 4.3
4.3
2024-09-13 CVE-2024-31414 Cross-site Scripting vulnerability in Eaton Foreseer Electrical Power Monitoring System
The Eaton Foreseer software provides users the capability to customize the dashboard in WebView pages.
network
low complexity
eaton CWE-79
6.1
6.1
2024-09-13 CVE-2024-31416 Improper Validation of Specified Quantity in Input vulnerability in Eaton Foreseer Electrical Power Monitoring System
The Eaton Foreseer software provides multiple customizable input fields for the users to configure parameters in the tool like alarms, reports, etc.
network
low complexity
eaton CWE-1284
6.5
6.5