Security Vulnerabilities - CVEs Published In September 2024
D-Link DI-8300 v16.07.26A1 is vulnerable to command injection via the msp_info_htm function.
CVSS Score
9.8
EPSS Score
0.007
Published
2024-09-09
An issue was discovered in Samsung Mobile Processor Exynos Exynos 980, Exynos 850, Exynos 1080, Exynos 1280, Exynos 1380, Exynos 1330, Exynos 1480, Exynos W920, Exynos W930. In the function slsi_rx_blockack_ind(), there is no input validation check on a length coming from userspace, which can lead to a potential heap over-read.
CVSS Score
4.4
EPSS Score
0.0
Published
2024-09-09
AutoCMS v5.4 was discovered to contain a PHP code injection vulnerability via the txtsite_url parameter at /admin/site_add.php. This vulnerability allows attackers to execute arbitrary PHP code via injecting a crafted value.
CVSS Score
7.2
EPSS Score
0.001
Published
2024-09-09
AutoCMS v5.4 was discovered to contain a SQL injection vulnerability via the sidebar parameter at /admin/robot.php.
CVSS Score
7.2
EPSS Score
0.001
Published
2024-09-09
A deserialization vulnerability in Thinkphp v6.1.3 to v8.0.4 allows attackers to execute arbitrary code.
CVSS Score
9.8
EPSS Score
0.817
Published
2024-09-09
In Connex health portal released before8/30/2024, SQL injection vulnerabilities were found that could have allowed an unauthenticated attacker to gain unauthorized access to Connex portal's database.
An attacker could have submitted a crafted payload to Connex portal that could have resulted in modification and disclosure of database content
and/or perform administrative operations including shutting down the database.
CVSS Score
10.0
EPSS Score
0.002
Published
2024-09-09
In Baxter Connex health portal released before 8/30/2024, an improper access control vulnerability has been found that could allow an unauthenticated attacker to gain unauthorized access to Connex portal's database and/or modify content.
CVSS Score
8.2
EPSS Score
0.004
Published
2024-09-09
An issue was discovered in Samsung Mobile Processor, Wearable Processor Exynos Exynos 980, Exynos 850, Exynos 1080, Exynos 1280, Exynos 1380, Exynos 1330, Exynos 1480, Exynos W920, Exynos W930. In the function slsi_rx_scan_done_ind(), there is no input validation check on a length coming from userspace, which can lead to a potential heap over-read.
CVSS Score
4.4
EPSS Score
0.0
Published
2024-09-09
An issue was discovered in Samsung Mobile Processor Exynos Wearable Processor Exynos 980, Exynos 850, Exynos 1080, Exynos 1280, Exynos 1380, Exynos 1330, Exynos 1480, Exynos W920, Exynos W930. In the function slsi_rx_scan_ind(), there is no input validation check on a length coming from userspace, which can lead to integer overflow and a potential heap over-read.
CVSS Score
4.4
EPSS Score
0.0
Published
2024-09-09
An issue was discovered in Samsung Mobile Processor Exynos Mobile Processor, Wearable Processor Exynos 980, Exynos 850, Exynos 1080, Exynos 1280, Exynos 1380, Exynos 1330, Exynos 1480, Exynos W920, Exynos W930. In the function slsi_rx_received_frame_ind(), there is no input validation check on a length coming from userspace, which can lead to a potential heap over-read.
CVSS Score
4.4
EPSS Score
0.0
Published
2024-09-09