Vulnerability Summary for the Week of September 16, 2024

High Vulnerabilities

Primary
Vendor — Product
Description Published CVSS Score Source & Patch Info
CIRCUTOR–CIRCUTOR Q-SMT
 
CIRCUTOR Q-SMT in its firmware version 1.0.4, could be affected by a denial of service (DoS) attack if an attacker with access to the web service bypasses the authentication mechanisms on the login page, allowing the attacker to use all the functionalities implemented at web level that allow interacting with the device. 2024-09-18 10 CVE-2024-8887
cve-coordination@incibe.es
 
CIRCUTOR–CIRCUTOR Q-SMT
 
An attacker with access to the network where CIRCUTOR Q-SMT is located in its firmware version 1.0.4, could steal the tokens used on the web, since these have no expiration date to access the web application without restrictions. Token theft can originate from different methods such as network captures, locally stored web information, etc. 2024-09-18 10 CVE-2024-8888
cve-coordination@incibe.es
 
dragonflyoss–Dragonfly2
 
Dragonfly is an open sou

[…]
Content was cut in order to protect the source.Please visit the source for the rest of the article.

This article has been indexed from Bulletins

Read the original article: