Security Vulnerabilities - CVEs Published In August 2024
User with no permission to any of the Hosts can access and view host count & other statistics through System Information Widget in Global View Dashboard.
CVSS Score
4.3
EPSS Score
0.001
Published
2024-08-12
An administrator with restricted permissions can exploit the script execution functionality within the Monitoring Hosts section. The lack of default escaping for script parameters enabled this user ability to execute arbitrary code via the Ping script, thereby compromising infrastructure.
CVSS Score
9.9
EPSS Score
0.002
Published
2024-08-12
Improper Limitation of a Pathname to a Restricted Directory ('Path Traversal') vulnerability via a URL parameter in Enphase IQ Gateway (formerly known as Envoy) allows an unautheticated attacker to access or create arbitratry files.This issue affects Envoy: from 4.x to 8.x and < 8.2.4225.
CVSS Score
9.1
EPSS Score
0.002
Published
2024-08-12
Improper Limitation of a Pathname to a Restricted Directory ('Path Traversal') vulnerability through a url parameter in Enphase IQ Gateway (formerly known as Envoy) allows File Manipulation. The endpoint requires authentication.This issue affects Envoy: from 4.x to 8.0 and < 8.2.4225.
CVSS Score
6.5
EPSS Score
0.002
Published
2024-08-12
NVIDIA Mellanox OS, ONYX, Skyway, and MetroX-3 XCC contain a vulnerability in the web support, where an attacker can cause a CGI path traversal by a specially crafted URI. A successful exploit of this vulnerability might lead to escalation of privileges and information disclosure.
CVSS Score
7.5
EPSS Score
0.003
Published
2024-08-12
NVIDIA CV-CUDA for Ubuntu 20.04, Ubuntu 22.04, and Jetpack contains a vulnerability in Python APIs where a user may cause an uncontrolled resource consumption issue by a long running CV-CUDA Python process. A successful exploit of this vulnerability may lead to denial of service and data loss.
CVSS Score
6.1
EPSS Score
0.001
Published
2024-08-12
IBM Aspera Shares 1.10.0 PL2 does not invalidate session after a password change which could allow an authenticated user to impersonate another user on the system. IBM X-Force ID: 260574.
CVSS Score
6.3
EPSS Score
0.0
Published
2024-08-12
Dorsett Controls InfoScan is vulnerable due to a leak of possible
sensitive information through the response headers and the rendered
JavaScript prior to user login.
CVSS Score
5.3
EPSS Score
0.004
Published
2024-08-08
An issue discovered in import host feature in Ab Initio Metadata Hub and Authorization Gateway before 4.3.1.1 allows attackers to run arbitrary code via crafted modification of server configuration.
CVSS Score
7.2
EPSS Score
0.002
Published
2024-08-08
Dorsett Controls Central Server update server has potential information
leaks with an unprotected file that contains passwords and API keys.
CVSS Score
5.3
EPSS Score
0.004
Published
2024-08-08