Security Vulnerabilities - CVEs Published In August 2024
Improper Limitation of a Pathname to a Restricted Directory ('Path Traversal') vulnerability through a url parameter in Enphase IQ Gateway (formerly known as Envoy) allows File Manipulation. The endpoint requires authentication.This issue affects Envoy: from 4.x to 8.0 and < 8.2.4225.
CVSS Score
6.5
EPSS Score
0.002
Published
2024-08-12
NVIDIA Mellanox OS, ONYX, Skyway, and MetroX-3 XCC contain a vulnerability in the web support, where an attacker can cause a CGI path traversal by a specially crafted URI. A successful exploit of this vulnerability might lead to escalation of privileges and information disclosure.
CVSS Score
7.5
EPSS Score
0.003
Published
2024-08-12
NVIDIA CV-CUDA for Ubuntu 20.04, Ubuntu 22.04, and Jetpack contains a vulnerability in Python APIs where a user may cause an uncontrolled resource consumption issue by a long running CV-CUDA Python process. A successful exploit of this vulnerability may lead to denial of service and data loss.
CVSS Score
6.1
EPSS Score
0.001
Published
2024-08-12
IBM Aspera Shares 1.10.0 PL2 does not invalidate session after a password change which could allow an authenticated user to impersonate another user on the system. IBM X-Force ID: 260574.
CVSS Score
6.3
EPSS Score
0.001
Published
2024-08-12
Dorsett Controls InfoScan is vulnerable due to a leak of possible
sensitive information through the response headers and the rendered
JavaScript prior to user login.
CVSS Score
5.3
EPSS Score
0.004
Published
2024-08-08
An issue discovered in import host feature in Ab Initio Metadata Hub and Authorization Gateway before 4.3.1.1 allows attackers to run arbitrary code via crafted modification of server configuration.
CVSS Score
7.2
EPSS Score
0.002
Published
2024-08-08
Dorsett Controls Central Server update server has potential information
leaks with an unprotected file that contains passwords and API keys.
CVSS Score
5.3
EPSS Score
0.004
Published
2024-08-08
Use of hard-coded credentials vulnerability affecting Vonets industrial wifi bridge relays and wifi bridge repeaters, software versions
3.3.23.6.9 and prior, enables an unauthenticated remote attacker to
bypass authentication using hard-coded administrator credentials. These
accounts cannot be disabled.
CVSS Score
7.5
EPSS Score
0.001
Published
2024-08-08
The InfoScan client download page can be intercepted with a proxy, to
expose filenames located on the system, which could lead to additional
information exposure.
CVSS Score
5.3
EPSS Score
0.006
Published
2024-08-08
Diebold Nixdorf Vynamic Security Suite (VSS) before 3.3.0 SR12, 4.0.0 SR04, 4.1.0 SR02, and 4.2.0 SR01 fails to validate the directory structure of the root file system during the Pre-Boot Authorization (PBA) process. This can be exploited by a physical attacker who is able to manipulate the contents of the system's hard disk.
CVSS Score
6.8
EPSS Score
0.002
Published
2024-08-08