Security Vulnerabilities - CVEs Published In September 2024
An issue was discovered in Infinera hiT 7300 5.60.50. A web application allows a remote privileged attacker to execute applications contained in a specific OS directory via HTTP invocations.
CVSS Score
3.3
EPSS Score
0.003
Published
2024-09-30
An issue was discovered in Infinera hiT 7300 5.60.50. A hidden SSH service (on the local management network interface) with hardcoded credentials allows attackers to access the appliance operating system (with highest privileges) via an SSH connection.
CVSS Score
8.8
EPSS Score
0.001
Published
2024-09-30
An issue was discovered in Infinera hiT 7300 5.60.50. Undocumented privileged functions in the @CT management application allow an attacker to activate remote SSH access to the appliance via an unexpected network interface.
CVSS Score
8.4
EPSS Score
0.0
Published
2024-09-30
An issue was discovered in Infinera hiT 7300 5.60.50. Sensitive information inside diagnostic files (exported by the @CT application) allows an attacker to achieve loss of confidentiality by analyzing these files.
CVSS Score
6.6
EPSS Score
0.0
Published
2024-09-30
An issue was discovered in Infinera hiT 7300 5.60.50. Cleartext storage of sensitive password in firmware update packages allows attackers to access various appliance services via hardcoded credentials.
CVSS Score
8.8
EPSS Score
0.0
Published
2024-09-30
A stored cross site scripting vulnerability exists in Nessus Network Monitor where an authenticated, privileged local attacker could inject arbitrary code into the NNM UI via the local CLI.
CVSS Score
8.4
EPSS Score
0.003
Published
2024-09-30
Giflib Project v5.2.2 is vulnerable to a heap buffer overflow via gif2rgb.
CVSS Score
6.5
EPSS Score
0.001
Published
2024-09-30
A remote code execution (RCE) vulnerability in the component /admin/store.php of Emlog Pro before v2.3.15 allows attackers to use remote file downloads and self-extract fucntions to upload webshells to the target server, thereby obtaining system privileges.
CVSS Score
6.3
EPSS Score
0.004
Published
2024-09-30
Citizen is a MediaWiki skin that makes extensions part of the cohesive experience. A user with the editmyprivateinfo right or who can otherwise change their name can XSS themselves by setting their "real name" to an XSS payload. This vulnerability is fixed in 2.31.0.
CVSS Score
5.4
EPSS Score
0.008
Published
2024-09-30
ESAFENET CDG v5 was discovered to contain a SQL injection vulnerability via the id parameter in the NavigationAjax interface
CVSS Score
7.6
EPSS Score
0.001
Published
2024-09-30