Vulnerabilities > Medium
| DATE | CVE | VULNERABILITY TITLE | RISK |
|---|---|---|---|
| 2024-06-13 | CVE-2024-37280 | Out-of-bounds Write vulnerability in Elastic Elasticsearch A flaw was discovered in Elasticsearch, affecting document ingestion when an index template contains a dynamic field mapping of “passthrough” type. | 4.9 |
| 2024-06-13 | CVE-2024-38279 | Missing Authentication for Critical Function vulnerability in Motorola Vigilant Fixed LPR Coms BOX Firmware The affected product is vulnerable to an attacker modifying the bootloader by using custom arguments to bypass authentication and gain access to the file system and obtain password hashes. | 4.6 |
| 2024-06-13 | CVE-2024-38280 | Cleartext Storage of Sensitive Information vulnerability in Motorola Vigilant Fixed LPR Coms BOX Firmware An unauthorized user is able to gain access to sensitive data, including credentials, by physically retrieving the hard disk of the product as the data is stored in clear text. | 4.6 |
| 2024-06-13 | CVE-2023-35859 | Cross-site Scripting vulnerability in Moderncampus Omni CMS 2023.1 A Reflected Cross-Site Scripting (XSS) vulnerability in the blog function of Modern Campus - Omni CMS 2023.1 allows a remote attacker to inject arbitrary scripts or HTML via multiple parameters. | 6.1 |
| 2024-06-13 | CVE-2023-35860 | Path Traversal vulnerability in Moderncampus Omni CMS 2023.1 A Directory Traversal vulnerability in Modern Campus - Omni CMS 2023.1 allows a remote, unauthenticated attacker to enumerate file system information via the dir parameter to listing.php or rss.php. | 5.3 |
| 2024-06-13 | CVE-2024-28965 | Unspecified vulnerability in Dell Secure Connect Gateway 5.18.00.20/5.22.00.18 Dell SCG, versions prior to 5.24.00.00, contain an Improper Access Control vulnerability in the SCG exposed for an internal enable REST API (if enabled by Admin user from UI). | 5.4 |
| 2024-06-13 | CVE-2024-28966 | Unspecified vulnerability in Dell Secure Connect Gateway 5.18.00.20/5.22.00.18 Dell SCG, versions prior to 5.24.00.00, contain an Improper Access Control vulnerability in the SCG exposed for an internal update REST API (if enabled by Admin user from UI). | 5.4 |
| 2024-06-13 | CVE-2024-28967 | Unspecified vulnerability in Dell Secure Connect Gateway 5.18.00.20/5.22.00.18 Dell SCG, versions prior to 5.24.00.00, contain an Improper Access Control vulnerability in the SCG exposed for an internal maintenance REST API (if enabled by Admin user from UI). | 5.4 |
| 2024-06-13 | CVE-2024-28968 | Unspecified vulnerability in Dell Secure Connect Gateway 5.18.00.20/5.22.00.18 Dell SCG, versions prior to 5.24.00.00, contain an Improper Access Control vulnerability in the SCG exposed for internal email and collection settings REST APIs (if enabled by Admin user from UI). | 5.4 |
| 2024-06-13 | CVE-2024-28969 | Unspecified vulnerability in Dell Secure Connect Gateway 5.18.00.20/5.22.00.18 Dell SCG, versions prior to 5.24.00.00, contain an Improper Access Control vulnerability in the SCG exposed for an internal update REST API (if enabled by Admin user from UI). | 4.3 |