Show filters
2,287 Total Results
Displaying 131-140 of 2,287
Sort by:
Attacker Value
Unknown
CVE-2024-41164
Disclosure Date: August 14, 2024 (last updated February 26, 2025)
When TCP profile with Multipath TCP enabled (MPTCP) is configured on a Virtual Server, undisclosed traffic along with conditions beyond the attackers control can cause TMM to terminate.
Note: Software versions which have reached End of Technical Support (EoTS) are not evaluated.
0
Attacker Value
Unknown
CVE-2024-39778
Disclosure Date: August 14, 2024 (last updated February 26, 2025)
When a stateless virtual server is configured on BIG-IP system with a High-Speed Bridge (HSB), undisclosed requests can cause TMM to terminate.
Note: Software versions which have reached End of Technical Support (EoTS) are not evaluated.
0
Attacker Value
Unknown
CVE-2024-43126
Disclosure Date: August 12, 2024 (last updated February 26, 2025)
Improper Neutralization of Input During Web Page Generation (XSS or 'Cross-site Scripting') vulnerability in Sender Sender – Newsletter, SMS and Email Marketing Automation for WooCommerce allows Reflected XSS.This issue affects Sender – Newsletter, SMS and Email Marketing Automation for WooCommerce: from n/a through 2.6.14.
0
Attacker Value
Unknown
CVE-2024-5801
Disclosure Date: August 12, 2024 (last updated February 26, 2025)
Enabled IP Forwarding feature in B&R Automation Runtime versions before 6.0.2 may allow remote attack-ers to compromise network security by routing IP-based packets through the host, potentially by-passing firewall, router, or NAC filtering.
0
Attacker Value
Unknown
CVE-2024-5800
Disclosure Date: August 12, 2024 (last updated February 26, 2025)
Diffie-Hellman groups with insufficient strength are used in the SSL/TLS stack of B&R Automation Runtime versions before 6.0.2, allowing a network attacker to decrypt the SSL/TLS communication.
0
Attacker Value
Unknown
CVE-2024-39751
Disclosure Date: August 06, 2024 (last updated February 26, 2025)
IBM InfoSphere Information Server 11.7 could allow a remote attacker to obtain sensitive information when a detailed technical error message is returned in the browser. This information could be used in further attacks against the system. IBM X-Force ID: 297429
0
Attacker Value
Unknown
CVE-2024-41226
Disclosure Date: August 06, 2024 (last updated February 26, 2025)
A CSV injection vulnerability in Automation Anywhere Automation 360 version 21094 allows attackers to execute arbitrary code via a crafted payload. NOTE: Automation Anywhere disputes this report, arguing the attacker executes everything from the client side and does not attack the Control Room. The payload is being injected in the http Response from the client-side, so the owner of the Response and payload is the end user in this case. They contend that the server's security controls have no impact or role to play in this situation and therefore this is not a valid vulnerability.
0
Attacker Value
Unknown
CVE-2024-38321
Disclosure Date: August 03, 2024 (last updated February 26, 2025)
IBM Business Automation Workflow 22.0.2, 23.0.1, 23.0.2, and 24.0.0 stores potentially sensitive information in log files under certain situations that could be read by an authenticated user. IBM X-Force ID: 284868.
0
Attacker Value
Unknown
CVE-2024-37856
Disclosure Date: July 29, 2024 (last updated February 26, 2025)
Cross Site Scripting vulnerability in Lost and Found Information System 1.0 allows a remote attacker to escalate privileges via the first, last, middle name fields in the User Profile page.
0
Attacker Value
Unknown
CVE-2024-6922
Disclosure Date: July 26, 2024 (last updated February 26, 2025)
Automation Anywhere Automation 360 v21-v32 is vulnerable to Server-Side Request Forgery in a web API component. An attacker with unauthenticated access to the Automation 360 Control Room HTTPS service (port 443) or HTTP service (port 80) can trigger arbitrary web requests from the server.
0