NA - CVE-2024-27161 - all the Toshiba printers have programs...
all the Toshiba printers have programs containing a hardcoded key used to encrypt files. An attacker can decrypt the encrypted files using the hardcoded key. Insecure algorithm is used for the...
NA - CVE-2024-37885 - The Nextcloud Desktop Client is a tool to...
The Nextcloud Desktop Client is a tool to synchronize files from Nextcloud Server with your computer. A code injection in Nextcloud Desktop Client for macOS allowed to load arbitrary code when...
NA - CVE-2024-37316 - Nextcloud Calendar is a calendar app for...
Nextcloud Calendar is a calendar app for Nextcloud. Authenticated users could create an event with manipulated attachment data leading to a bad redirect for participants when clicked. It is...
High - CVE-2024-31163 - ASUS Download Master has a buffer overflow...
ASUS Download Master has a buffer overflow vulnerability. An unauthenticated remote attacker with administrative privileges can exploit this vulnerability to execute arbitrary system commands on...
NA - CVE-2024-27170 - It was observed that all the Toshiba printers...
It was observed that all the Toshiba printers contain credentials used for WebDAV access in the readable file. Then, it is possible to get a full access with WebDAV to the printer. As for the...
NA - CVE-2024-3498 - Attackers can then execute malicious files by...
Attackers can then execute malicious files by enabling certain services of the printer via the web configuration page and elevate its privileges to root. As for the affected...
NA - CVE-2024-27142 - Toshiba printers use XML communication for the...
Toshiba printers use XML communication for the API endpoint provided by the printer. For the endpoint, XML parsing library is used and it is vulnerable to a time-based blind XML External Entity...
NA - CVE-2024-5685 - Users with "User:edit" and "Self:api"...
Users with "User:edit" and "Self:api" permissions can promote or demote themselves or other users by performing changes to the group's memberships via API call.This issue affects snipe-it:...