Hangzhou Hopechart IoT Technology Co., Ltd. Security Vulnerabilities
7.1AI Score
Security Bulletin: Multiple vulnerabilities affect IBM® SDK, Java™ Technology Edition
Summary This bulletin for IBM SDK, Java Technology Edition covers all applicable Java SE CVEs published by Oracle as part of their April 2024 Critical Patch Update, plus CVE-2023-38264. For more information please refer to Oracle's April 2024 CPU Advisory and the X-Force database entries...
5.9CVSS
6.4AI Score
0.001EPSS
7.5CVSS
7.9AI Score
0.005EPSS
CommScope Ruckus IoT Controller - Information Disclosure
CommScope Ruckus IoT Controller is susceptible to information disclosure vulnerabilities because a 'service details' API endpoint discloses system and configuration information to an attacker without requiring authentication. This information includes DNS and NTP servers that the devices use for...
9.8CVSS
9.2AI Score
0.347EPSS
Cross-site scripting vulnerability in Authentication Key Settings of EC-CUBE 4.0.0 to 4.0.6-p2, EC-CUBE 4.1.0 to 4.1.2-p1, and EC-CUBE 4.2.0 allows a remote authenticated attacker to inject an arbitrary...
5.4CVSS
6.6AI Score
0.001EPSS
Malicious code in co-pilot-auth_web (npm)
-= Per source details. Do not edit below this line.=- Source: ghsa-malware (d490be43502540c62a740310c0ab3d38a35220e7b32f029a0c7e79e191104015) Any computer that has this package installed or running should be considered fully compromised. All secrets and keys stored on that computer should be...
7AI Score
Cross-site scripting vulnerability in Contents Management of EC-CUBE 4 series (EC-CUBE 4.0.0 to 4.0.6-p2, EC-CUBE 4.1.0 to 4.1.2-p1, and EC-CUBE 4.2.0), EC-CUBE 3 series (EC-CUBE 3.0.0 to 3.0.18-p5), and EC-CUBE 2 series (EC-CUBE 2.11.0 to 2.11.5, EC-CUBE 2.12.0 to 2.12.6, EC-CUBE 2.13.0 to...
5.4CVSS
6.5AI Score
0.001EPSS
7.2CVSS
7.4AI Score
0.001EPSS
CVE-2024-25110 affecting package azure-iot-sdk-c for versions less than 2024.03.04-1
CVE-2024-25110 affecting package azure-iot-sdk-c for versions less than 2024.03.04-1. An upgraded version of the package is available that resolves this...
9.8CVSS
7.3AI Score
0.0004EPSS
EC-CUBE 3 series (3.0.0 to 3.0.18-p6) and 4 series (4.0.0 to 4.0.6-p3, 4.1.0 to 4.1.2-p2, and 4.2.0 to 4.2.2) contain an arbitrary code execution vulnerability due to improper settings of the template engine Twig included in the product. As a result, arbitrary code may be executed on the server...
7.2CVSS
7.6AI Score
0.001EPSS
7.5CVSS
7.5AI Score
0.0004EPSS
Cross-site scripting vulnerability in Product List Screen and Product Detail Screen of EC-CUBE 4.0.0 to 4.0.6-p2, EC-CUBE 4.1.0 to 4.1.2-p1, and EC-CUBE 4.2.0 allows a remote authenticated attacker to inject an arbitrary...
5.4CVSS
6.5AI Score
0.001EPSS
CVE-2024-29195 affecting package azure-iot-sdk-c for versions less than 2024.03.04-1
CVE-2024-29195 affecting package azure-iot-sdk-c for versions less than 2024.03.04-1. An upgraded version of the package is available that resolves this...
6CVSS
7.3AI Score
0.0004EPSS
CVE-2024-21646 affecting package azure-iot-sdk-c for versions less than 2024.03.04-1
CVE-2024-21646 affecting package azure-iot-sdk-c for versions less than 2024.03.04-1. An upgraded version of the package is available that resolves this...
9.8CVSS
7.3AI Score
0.006EPSS
7.5CVSS
7.5AI Score
0.0005EPSS
7.2CVSS
7.4AI Score
0.001EPSS
Memory corruption in Graphics Linux while assigning shared virtual memory region during IOCTL...
8.8CVSS
8.8AI Score
0.001EPSS
CVE-2024-27099 affecting package azure-iot-sdk-c for versions less than 2024.03.04-1
CVE-2024-27099 affecting package azure-iot-sdk-c for versions less than 2024.03.04-1. An upgraded version of the package is available that resolves this...
9.8CVSS
7.3AI Score
0.0004EPSS
DOM-based cross-site scripting vulnerability in EC-CUBE 4 series (EC-CUBE 4.0.0 to 4.1.2) allows a remote attacker to inject an arbitrary script by having an administrative user of the product to visit a specially crafted...
5.4CVSS
6.3AI Score
0.001EPSS
Memory corruption due to buffer copy without checking the size of input in Core while sending SCM command to get write protection...
9.3CVSS
9AI Score
0.0004EPSS
7.5CVSS
7.5AI Score
0.0005EPSS
Transient DOS due to improper authentication in modem while receiving plain TLB OTA request message from...
7.5CVSS
7.6AI Score
0.001EPSS
Summary An unspecified IBM SDK, Java Technology Edition vulnerability is addressed. Vulnerability Details ** CVEID: CVE-2023-22081 DESCRIPTION: **An unspecified vulnerability in Java SE related to the JSSE component could allow a remote attacker to cause no confidentiality impact, no integrity...
5.9CVSS
7.6AI Score
0.001EPSS
Summary An unspecified IBM SDK, Java Technology Edition vulnerability is addressed. Vulnerability Details ** CVEID: CVE-2023-22045 DESCRIPTION: **An unspecified vulnerability in Java SE related to the VM component could allow a remote attacker to cause low confidentiality impacts. CVSS Base...
3.7CVSS
5.9AI Score
0.001EPSS
7.5CVSS
7.3AI Score
0.055EPSS
7.2CVSS
8.1AI Score
0.01EPSS
10CVSS
8.2AI Score
0.057EPSS
10CVSS
8.2AI Score
0.051EPSS
9.8CVSS
8.2AI Score
0.05EPSS
9.8CVSS
8.2AI Score
0.028EPSS
8.8CVSS
7.7AI Score
0.014EPSS
8.8CVSS
8.1AI Score
0.01EPSS
8.8CVSS
8.1AI Score
0.01EPSS
7.8CVSS
8.1AI Score
0.0004EPSS
7.8CVSS
6.9AI Score
0.001EPSS
Kaa IoT Administration Server Detection
The remote host is running the Kaa Internet of Things (IoT) administration server. Kaa is a multi-purpose toolkit for building and managing IoT solutions, applications, and smart...
1.4AI Score
Summary Security Bulletin: IBM Maximo Application Suite - IoT Component uses Kafka - 3.0.2 which is vulnerable to CVE-2024-27309. This bulletin contains information regarding the vulnerability and its fixture. Vulnerability Details ** CVEID: CVE-2024-27309 DESCRIPTION: **Apache Kafka is...
6.7AI Score
0.0004EPSS
Cross Site Scripting vulnerability in Hangzhou Meisoft Information Technology Co., Ltd. Finesoft v.8.0 and before allows a remote attacker to execute arbitrary code via a crafted...
0.0004EPSS
An issue the background management system of Shanxi Internet Chuangxiang Technology Co., Ltd v1.0.1 allows a remote attacker to cause a denial of service via the index.html...
7AI Score
0.0004EPSS
Cross Site Scripting vulnerability in Hangzhou Meisoft Information Technology Co., Ltd. Finesoft v.8.0 and before allows a remote attacker to execute arbitrary code via a crafted...
7.3AI Score
0.0004EPSS
Cross Site Scripting vulnerability in Hangzhou Meisoft Information Technology Co., Ltd. Finesoft v.8.0 and before allows a remote attacker to execute arbitrary code via a crafted...
0.0004EPSS
An issue the background management system of Shanxi Internet Chuangxiang Technology Co., Ltd v1.0.1 allows a remote attacker to cause a denial of service via the index.html...
0.0004EPSS
Cross Site Scripting vulnerability in Hangzhou Meisoft Information Technology Co., Ltd. Finesoft v.8.0 and before allows a remote attacker to execute arbitrary code via a crafted...
7.2AI Score
0.0004EPSS
Insecure Permissions vulnerability in JLINK Unionman Technology Co. Ltd Jlink AX1800 v.1.0 allows a remote attacker to escalate privileges via a crafted...
6.8AI Score
0.0004EPSS
An issue the background management system of Shanxi Internet Chuangxiang Technology Co., Ltd v1.0.1 allows a remote attacker to cause a denial of service via the index.html...
0.0004EPSS
Insecure Permissions vulnerability in JLINK Unionman Technology Co. Ltd Jlink AX1800 v.1.0 allows a remote attacker to escalate privileges via a crafted...
0.0004EPSS
An issue in JLINK Unionman Technology Co. Ltd Jlink AX1800 v.1.0 allows a remote attacker to execute arbitrary code via the router's authentication...
8.1AI Score
0.0004EPSS
Cross Site Scripting vulnerability in Hangzhou Meisoft Information Technology Co., Ltd. Finesoft v.8.0 and before allows a remote attacker to execute arbitrary code via a crafted script to the login.jsp...
6.1CVSS
0.0005EPSS