Security Vulnerabilities - CVEs Published In July 2024
The v6.40 release of Rockwell Automation FactoryTalk® Policy Manager CVE-2021-22681 https://www.rockwellautomation.com/en-us/trust-center/security-advisories/advisory.PN1550.html and CVE-2022-1161 https://www.rockwellautomation.com/en-us/trust-center/security-advisories/advisory.PN1585.html by implementing CIP security and did not update to the versions of the software CVE-2022-1161 https://www.rockwellautomation.com/en-us/trust-center/security-advisories/advisory.PN1585.html and CVE-2022-1161. https://www.rockwellautomation.com/en-us/trust-center/security-advisories/advisory.PN1585.html
CVSS Score
6.5
EPSS Score
0.0
Published
2024-07-16
An issue was found on the Ruijie EG-2000 series gateway. An attacker can easily dump cleartext stored passwords in /data/config.text with simple XORs. This affects EG-2000SE EG_RGOS 11.1(1)B1.
CVSS Score
7.5
EPSS Score
0.001
Published
2024-07-16
An issue was found on the Ruijie EG-2000 series gateway. There is a newcli.php API interface without access control, which can allow an attacker (who only has web interface access) to use TELNET commands and/or show admin passwords via the mode_url=exec&command= substring. This affects EG-2000SE EG_RGOS 11.9 B11P1.
CVSS Score
9.8
EPSS Score
0.001
Published
2024-07-16
An issue was found in upload.php on the Ruijie EG-2000 series gateway. A parameter passed to the class UploadFile is mishandled (%00 and /var/./html are not checked), which can allow an attacker to upload any file to the gateway. This affects EG-2000SE EG_RGOS 11.9 B11P1.
CVSS Score
7.5
EPSS Score
0.0
Published
2024-07-16
An issue was found on the Ruijie EG-2000 series gateway. There is a buffer overflow in client.so. Consequently, an attacker can use login.php to login to any account, without providing its password. This affects EG-2000SE EG_RGOS 11.1(1)B1.
CVSS Score
8.4
EPSS Score
0.0
Published
2024-07-16
An issue was discovered in JFinalCMS v.5.0.0. There is a SQL injection vulnerablity via /admin/div_data/data
CVSS Score
8.8
EPSS Score
0.001
Published
2024-07-16
The vulnerability could be remotely exploited to bypass authentication.
CVSS Score
9.8
EPSS Score
0.005
Published
2024-07-16
Tenda AC18 V15.03.3.10_EN was discovered to contain a stack-based buffer overflow vulnerability via the deviceId parameter at ip/goform/saveParentControlInfo.
CVSS Score
9.8
EPSS Score
0.004
Published
2024-07-16
Tenda AC18 V15.03.3.10_EN was discovered to contain a stack-based buffer overflow vulnerability via the deviceId parameter at ip/goform/addWifiMacFilter.
CVSS Score
9.8
EPSS Score
0.003
Published
2024-07-16
Tenda i29V1.0 V1.0.0.5 was discovered to contain a hardcoded password for root.
CVSS Score
9.8
EPSS Score
0.003
Published
2024-07-16