Vulnerabilities > Medium
| DATE | CVE | VULNERABILITY TITLE | RISK |
|---|---|---|---|
| 2024-09-04 | CVE-2024-41927 | Cleartext Transmission of Sensitive Information vulnerability in Idec products Cleartext transmission of sensitive information vulnerability exists in multiple IDEC PLCs. | 4.6 |
| 2024-09-03 | CVE-2024-45619 | Classic Buffer Overflow vulnerability in multiple products A vulnerability was found in OpenSC, OpenSC tools, PKCS#11 module, minidriver, and CTK. | 4.3 |
| 2024-09-03 | CVE-2024-45180 | Cross-site Scripting vulnerability in Squaredup DS for Scom SquaredUp DS for SCOM 6.2.1.11104 allows XSS. | 5.4 |
| 2024-09-03 | CVE-2024-45389 | Cross-site Scripting vulnerability in Cloudcannon Pagefinder Pagefind, a fully static search library, initializes its dynamic JavaScript and WebAssembly files relative to the location of the first script the user loads. | 5.4 |
| 2024-09-03 | CVE-2024-45678 | Information Exposure Through Discrepancy vulnerability in Yubico products Yubico YubiKey 5 Series devices with firmware before 5.7.0 and YubiHSM 2 devices with firmware before 2.4.0 allow an ECDSA secret-key extraction attack (that requires physical access and expensive equipment) in which an electromagnetic side channel is present because of a non-constant-time modular inversion for the Extended Euclidean Algorithm, aka the EUCLEAK issue. | 4.2 |
| 2024-09-03 | CVE-2024-4629 | Improper Enforcement of a Single, Unique Action vulnerability in Redhat products A vulnerability was found in Keycloak. | 6.5 |
| 2024-09-03 | CVE-2024-8399 | Unspecified vulnerability in Mozilla Firefox Focus 122.0 Websites could utilize Javascript links to spoof URL addresses in the Focus navigation bar This vulnerability affects Focus for iOS < 130. | 4.7 |
| 2024-09-03 | CVE-2024-43413 | Cross-site Scripting vulnerability in Xibosignage Xibo Xibo is an open source digital signage platform with a web content management system (CMS). | 4.8 |
| 2024-09-03 | CVE-2024-42903 | Injection vulnerability in Limesurvey A Host header injection vulnerability in the password reset function of LimeSurvey v.6.6.1+240806 and before allows attackers to send users a crafted password reset link that will direct victims to a malicious domain. | 6.5 |
| 2024-09-03 | CVE-2024-42904 | Cross-site Scripting vulnerability in Syspass A cross-site scripting (XSS) vulnerability in SysPass 3.2.x allows attackers to execute arbitrary web scripts or HTML via injecting a crafted payload into the name parameter at /Controllers/ClientController.php. | 6.1 |