Shodan
Vulnerabilities
Vulnerable Software
Security Vulnerabilities - CVEs Published In July 2024
CVE-2024-40732
A cross-site scripting (XSS) vulnerability in netbox v4.0.3 allows attackers to execute arbitrary web scripts or HTML via a crafted payload injected into the Name parameter at /dcim/rear-ports/add/.
CVSS Score
6.1
EPSS Score
0.003
Published
2024-07-09
CVE-2024-40733
A cross-site scripting (XSS) vulnerability in netbox v4.0.3 allows attackers to execute arbitrary web scripts or HTML via a crafted payload injected into the Name parameter at /dcim/front-ports/{id}/edit/.
CVSS Score
6.1
EPSS Score
0.004
Published
2024-07-09
CVE-2024-40734
A cross-site scripting (XSS) vulnerability in netbox v4.0.3 allows attackers to execute arbitrary web scripts or HTML via a crafted payload injected into the Name parameter at /dcim/front-ports/add/.
CVSS Score
6.1
EPSS Score
0.004
Published
2024-07-09
CVE-2024-40735
A cross-site scripting (XSS) vulnerability in netbox v4.0.3 allows attackers to execute arbitrary web scripts or HTML via a crafted payload injected into the Name parameter at /dcim/power-outlets/{id}/edit/.
CVSS Score
6.1
EPSS Score
0.003
Published
2024-07-09
CVE-2024-40736
A cross-site scripting (XSS) vulnerability in netbox v4.0.3 allows attackers to execute arbitrary web scripts or HTML via a crafted payload injected into the Name parameter at /dcim/power-outlets/add.
CVSS Score
6.1
EPSS Score
0.003
Published
2024-07-09
CVE-2024-31957
A vulnerability was discovered in Samsung Mobile Processors Exynos 2200 and Exynos 2400 where they lack a check for the validation of native handles, which can result in a DoS(Denial of Service) attack by unmapping an invalid length.
CVSS Score
6.2
EPSS Score
0.003
Published
2024-07-09
CVE-2024-38970
vaeThink 1.0.2 is vulnerable to Information Disclosure via the system backend,access management administrator function.
CVSS Score
4.9
EPSS Score
0.002
Published
2024-07-09
CVE-2024-38971
vaeThink 1.0.2 is vulnerable to stored Cross Site Scripting (XSS) in the system backend.
CVSS Score
5.4
EPSS Score
0.002
Published
2024-07-09
CVE-2024-38972
A cross-site scripting (XSS) vulnerability in netbox v4.0.3 allows attackers to execute arbitrary web scripts or HTML via a crafted payload injected into the Name parameter at /dcim/power-ports/add/.
CVSS Score
6.1
EPSS Score
0.003
Published
2024-07-09
CVE-2024-39698
electron-updater allows for automatic updates for Electron apps. The file `packages/electron-updater/src/windowsExecutableCodeSignatureVerifier.ts` implements the signature validation routine for Electron applications on Windows. Because of the surrounding shell, a first pass by `cmd.exe` expands any environment variable found in command-line above. This creates a situation where `verifySignature()` can be tricked into validating the certificate of a different file than the one that was just downloaded. If the step is successful, the malicious update will be executed even if its signature is invalid. This attack assumes a compromised update manifest (server compromise, Man-in-the-Middle attack if fetched over HTTP, Cross-Site Scripting to point the application to a malicious updater server, etc.). The patch is available starting from 6.3.0-alpha.6.
CVSS Score
7.5
EPSS Score
0.004
Published
2024-07-09


Products
Pricing
Contact Us

Shodan ® - All rights reserved