Show filters
16 Total Results
Displaying 1-10 of 16
Sort by:
Attacker Value
High

CVE-2021-40438

Disclosure Date: September 16, 2021 (last updated July 25, 2024)
A crafted request uri-path can cause mod_proxy to forward the request to an origin server choosen by the remote user. This issue affects Apache HTTP Server 2.4.48 and earlier.
Attacker Value
Unknown

CVE-2024-42345

Disclosure Date: September 10, 2024 (last updated September 11, 2024)
A vulnerability has been identified in SINEMA Remote Connect Server (All versions < V3.2 SP2). The affected application does not properly handle user session establishment and invalidation. This could allow a remote attacker to circumvent the additional multi factor authentication for user session establishment.
Attacker Value
Unknown

CVE-2024-39876

Disclosure Date: July 09, 2024 (last updated August 08, 2024)
A vulnerability has been identified in SINEMA Remote Connect Server (All versions < V3.2 SP1). Affected applications do not properly handle log rotation. This could allow an unauthenticated remote attacker to cause a denial of service condition through resource exhaustion on the device.
Attacker Value
Unknown

CVE-2024-39875

Disclosure Date: July 09, 2024 (last updated August 08, 2024)
A vulnerability has been identified in SINEMA Remote Connect Server (All versions < V3.2 SP1). The affected application allows authenticated, low privilege users with the 'Manage own remote connections' permission to retrieve details about other users and group memberships.
Attacker Value
Unknown

CVE-2024-39874

Disclosure Date: July 09, 2024 (last updated September 10, 2024)
A vulnerability has been identified in SINEMA Remote Connect Server (All versions < V3.2 SP1). The affected application does not properly implement brute force protection against user credentials in its Client Communication component. This could allow an attacker to learn user credentials that are vulnerable to brute force attacks.
Attacker Value
Unknown

CVE-2024-39873

Disclosure Date: July 09, 2024 (last updated September 10, 2024)
A vulnerability has been identified in SINEMA Remote Connect Server (All versions < V3.2 SP1). The affected application does not properly implement brute force protection against user credentials in its web API. This could allow an attacker to learn user credentials that are vulnerable to brute force attacks.
Attacker Value
Unknown

CVE-2024-39872

Disclosure Date: July 09, 2024 (last updated September 10, 2024)
A vulnerability has been identified in SINEMA Remote Connect Server (All versions < V3.2 SP1). The affected application does not properly assign rights to temporary files created during its update process. This could allow an authenticated attacker with the 'Manage firmware updates' role to escalate their privileges on the underlying OS level.
Attacker Value
Unknown

CVE-2024-39871

Disclosure Date: July 09, 2024 (last updated September 07, 2024)
A vulnerability has been identified in SINEMA Remote Connect Server (All versions < V3.2 SP1). Affected applications do not properly separate the rights to edit device settings and to edit settings for communication relations. This could allow an authenticated attacker with the permission to manage devices to gain access to participant groups that the attacked does not belong to.
Attacker Value
Unknown

CVE-2024-39870

Disclosure Date: July 09, 2024 (last updated September 10, 2024)
A vulnerability has been identified in SINEMA Remote Connect Server (All versions < V3.2 SP1). The affected applications can be configured to allow users to manage own users. A local authenticated user with this privilege could use this modify users outside of their own scope as well as to escalate privileges.
Attacker Value
Unknown

CVE-2024-39869

Disclosure Date: July 09, 2024 (last updated September 10, 2024)
A vulnerability has been identified in SINEMA Remote Connect Server (All versions < V3.2 SP1). Affected products allow to upload certificates. An authenticated attacker could upload a crafted certificates leading to a permanent denial-of-service situation. In order to recover from such an attack, the offending certificate needs to be removed manually.