Logo
-

Byte Open Security

(ByteOS Network)

Log In

Sign Up

ByteOS

Security
Vulnerability Details
Registries
Custom Views
Weaknesses
Attack Patterns
Filters & Tools

Israel National Cyber Directorate (INCD)

#a57ee1ae-c9c1-4f40-aa7b-cf10760fde3f
PolicyEmail

Short Name

INCD

Program Role

CNA

Top Level Root

MITRE Corporation

Security Advisories

View Advisories

Domain

cyber.gov.il

Country

Israel

Scope

Vulnerability assignment related to its vulnerability coordination role.
Reported CVEsVendorsProductsReports
239Vulnerabilities found
CVE-2024-42336
Assigner-Israel National Cyber Directorate (INCD)
ShareView Details
Assigner-Israel National Cyber Directorate (INCD)
CVSS Score-8.2||HIGH
EPSS-0.13% / 32.69%
||
7 Day CHG~0.00%
Published-20 Aug, 2024 | 12:26
Updated-27 Aug, 2024 | 14:59
Rejected-Not Available
Known To Be Used In Ransomware Campaigns?-Not Available
KEV Added-Not Available
KEV Action Due Date-Not Available
Servision - CWE-287: Improper Authentication

Servision - CWE-287: Improper Authentication

Action-Not Available
Vendor-servisionServisionservision
Product-ivg_webmaxServision IVG Webmax 1.0.57ivg_webmax
CWE ID-CWE-287
Improper Authentication
CVE-2024-42335
Assigner-Israel National Cyber Directorate (INCD)
ShareView Details
Assigner-Israel National Cyber Directorate (INCD)
CVSS Score-5.4||MEDIUM
EPSS-0.06% / 20.15%
||
7 Day CHG~0.00%
Published-20 Aug, 2024 | 12:18
Updated-21 Aug, 2024 | 13:49
Rejected-Not Available
Known To Be Used In Ransomware Campaigns?-Not Available
KEV Added-Not Available
KEV Action Due Date-Not Available
7Twenty - CWE-79: Improper Neutralization of Input During Web Page Generation ('Cross-site Scripting')

7Twenty - CWE-79: Improper Neutralization of Input During Web Page Generation ('Cross-site Scripting')

Action-Not Available
Vendor-7-twenty7Twenty
Product-bot7Twenty Bot
CWE ID-CWE-79
Improper Neutralization of Input During Web Page Generation ('Cross-site Scripting')
CVE-2024-42334
Assigner-Israel National Cyber Directorate (INCD)
ShareView Details
Assigner-Israel National Cyber Directorate (INCD)
CVSS Score-Not Assigned
EPSS-0.04% / 12.00%
||
7 Day CHG~0.00%
Published-20 Aug, 2024 | 12:16
Updated-08 Sep, 2024 | 12:15
Rejected-08 Sep, 2024 | 11:44
Known To Be Used In Ransomware Campaigns?-Not Available
KEV Added-Not Available
KEV Action Due Date-Not Available

This CVE ID has been rejected or withdrawn by its CVE Numbering Authority.

Action-Not Available
Vendor-
Product-
CVE-2024-41700
Assigner-Israel National Cyber Directorate (INCD)
ShareView Details
Assigner-Israel National Cyber Directorate (INCD)
CVSS Score-7.5||HIGH
EPSS-0.17% / 38.06%
||
7 Day CHG~0.00%
Published-20 Aug, 2024 | 12:05
Updated-03 Sep, 2024 | 19:37
Rejected-Not Available
Known To Be Used In Ransomware Campaigns?-Not Available
KEV Added-Not Available
KEV Action Due Date-Not Available
Barix – CWE-200 Exposure of Sensitive Information to an Unauthorized Actor

Barix – CWE-200 Exposure of Sensitive Information to an Unauthorized Actor

Action-Not Available
Vendor-barixBarixbarix
Product-sip_client_firmwareBarix SIP Client Web Management Interface UIsip_client_web_management_interface_ui
CWE ID-CWE-200
Exposure of Sensitive Information to an Unauthorized Actor
CVE-2024-41699
Assigner-Israel National Cyber Directorate (INCD)
ShareView Details
Assigner-Israel National Cyber Directorate (INCD)
CVSS Score-4.4||MEDIUM
EPSS-0.11% / 30.66%
||
7 Day CHG~0.00%
Published-20 Aug, 2024 | 12:00
Updated-03 Sep, 2024 | 20:17
Rejected-Not Available
Known To Be Used In Ransomware Campaigns?-Not Available
KEV Added-Not Available
KEV Action Due Date-Not Available
Priority – CWE-552: Files or Directories Accessible to External Parties

Priority – CWE-552: Files or Directories Accessible to External Parties

Action-Not Available
Vendor-priority-softwarePriority
Product-priorityPriority
CWE ID-CWE-552
Files or Directories Accessible to External Parties
CVE-2024-41698
Assigner-Israel National Cyber Directorate (INCD)
ShareView Details
Assigner-Israel National Cyber Directorate (INCD)
CVSS Score-4.3||MEDIUM
EPSS-0.14% / 35.13%
||
7 Day CHG~0.00%
Published-20 Aug, 2024 | 11:55
Updated-03 Sep, 2024 | 20:18
Rejected-Not Available
Known To Be Used In Ransomware Campaigns?-Not Available
KEV Added-Not Available
KEV Action Due Date-Not Available
Priority – CWE-200: Exposure of Sensitive Information to an Unauthorized Actor

Priority – CWE-200: Exposure of Sensitive Information to an Unauthorized Actor

Action-Not Available
Vendor-priority-softwarePriority
Product-priorityPriority
CWE ID-CWE-200
Exposure of Sensitive Information to an Unauthorized Actor
CVE-2024-41697
Assigner-Israel National Cyber Directorate (INCD)
ShareView Details
Assigner-Israel National Cyber Directorate (INCD)
CVSS Score-6.1||MEDIUM
EPSS-0.08% / 25.43%
||
7 Day CHG~0.00%
Published-20 Aug, 2024 | 11:48
Updated-03 Sep, 2024 | 20:19
Rejected-Not Available
Known To Be Used In Ransomware Campaigns?-Not Available
KEV Added-Not Available
KEV Action Due Date-Not Available
Priority – CWE-80: Improper Neutralization of Script-Related HTML Tags in a Web Page (Basic XSS)

Priority - CWE-80: Improper Neutralization of Script-Related HTML Tags in a Web Page (Basic XSS)

Action-Not Available
Vendor-priority-softwarePriority
Product-priorityPriority
CWE ID-CWE-80
Improper Neutralization of Script-Related HTML Tags in a Web Page (Basic XSS)
CWE ID-CWE-79
Improper Neutralization of Input During Web Page Generation ('Cross-site Scripting')
CVE-2024-41702
Assigner-Israel National Cyber Directorate (INCD)
ShareView Details
Assigner-Israel National Cyber Directorate (INCD)
CVSS Score-9.8||CRITICAL
EPSS-0.12% / 32.19%
||
7 Day CHG~0.00%
Published-30 Jul, 2024 | 09:18
Updated-08 Aug, 2024 | 20:31
Rejected-Not Available
Known To Be Used In Ransomware Campaigns?-Not Available
KEV Added-Not Available
KEV Action Due Date-Not Available
SiberianCMS – CWE-89: Improper Neutralization of Special Elements used in an SQL Command ('SQL Injection')

SiberianCMS - CWE-89: Improper Neutralization of Special Elements used in an SQL Command ('SQL Injection')

Action-Not Available
Vendor-siberiancmsSiberianCMSsiberiancms
Product-siberiancmsSiberianCMS v5.0.8siberiancms
CWE ID-CWE-89
Improper Neutralization of Special Elements used in an SQL Command ('SQL Injection')
CVE-2024-41701
Assigner-Israel National Cyber Directorate (INCD)
ShareView Details
Assigner-Israel National Cyber Directorate (INCD)
CVSS Score-5.3||MEDIUM
EPSS-0.13% / 33.37%
||
7 Day CHG~0.00%
Published-30 Jul, 2024 | 09:12
Updated-02 Aug, 2024 | 04:46
Rejected-Not Available
Known To Be Used In Ransomware Campaigns?-Not Available
KEV Added-Not Available
KEV Action Due Date-Not Available
AccuPOS – CWE-200: Exposure of Sensitive Information to an Unauthorized Actor

AccuPOS - CWE-200: Exposure of Sensitive Information to an Unauthorized Actor

Action-Not Available
Vendor-AccuPOSaccupos
Product-AccuPOSaccupos
CWE ID-CWE-200
Exposure of Sensitive Information to an Unauthorized Actor
CVE-2024-41696
Assigner-Israel National Cyber Directorate (INCD)
ShareView Details
Assigner-Israel National Cyber Directorate (INCD)
CVSS Score-7.5||HIGH
EPSS-0.17% / 38.06%
||
7 Day CHG~0.00%
Published-30 Jul, 2024 | 09:09
Updated-02 Aug, 2024 | 04:46
Rejected-Not Available
Known To Be Used In Ransomware Campaigns?-Not Available
KEV Added-Not Available
KEV Action Due Date-Not Available
Priority PRI WEB Portal Add-On for Priority ERP on prem – CWE-200: Exposure of Sensitive Information to an Unauthorized Actor

Priority PRI WEB Portal Add-On for Priority ERP on prem - CWE-200: Exposure of Sensitive Information to an Unauthorized Actor

Action-Not Available
Vendor-Prioritypriority-software
Product-PRI WEB Portal Add-On for Priority ERP on prempri_web_portal_add_on
CWE ID-CWE-200
Exposure of Sensitive Information to an Unauthorized Actor
CVE-2024-41695
Assigner-Israel National Cyber Directorate (INCD)
ShareView Details
Assigner-Israel National Cyber Directorate (INCD)
CVSS Score-7.5||HIGH
EPSS-0.25% / 48.35%
||
7 Day CHG~0.00%
Published-30 Jul, 2024 | 09:02
Updated-02 Aug, 2024 | 04:46
Rejected-Not Available
Known To Be Used In Ransomware Campaigns?-Not Available
KEV Added-Not Available
KEV Action Due Date-Not Available
Cybonet - CWE-22: Improper Limitation of a Pathname to a Restricted Directory

Cybonet - CWE-22: Improper Limitation of a Pathname to a Restricted Directory

Action-Not Available
Vendor-Cybonetcybonet
Product-PineApp Mail Relaypineapp_mail_secure
CWE ID-CWE-22
Improper Limitation of a Pathname to a Restricted Directory ('Path Traversal')
CVE-2024-41694
Assigner-Israel National Cyber Directorate (INCD)
ShareView Details
Assigner-Israel National Cyber Directorate (INCD)
CVSS Score-5.3||MEDIUM
EPSS-0.13% / 33.37%
||
7 Day CHG~0.00%
Published-30 Jul, 2024 | 09:01
Updated-02 Aug, 2024 | 04:46
Rejected-Not Available
Known To Be Used In Ransomware Campaigns?-Not Available
KEV Added-Not Available
KEV Action Due Date-Not Available
Cybonet – CWE-200: Exposure of Sensitive Information to an Unauthorized Actor

Cybonet - CWE-200: Exposure of Sensitive Information to an Unauthorized Actor

Action-Not Available
Vendor-Cybonetcybonet
Product-PineApp Mail Relaypineapp_mail_secure
CWE ID-CWE-200
Exposure of Sensitive Information to an Unauthorized Actor
CVE-2024-38432
Assigner-Israel National Cyber Directorate (INCD)
ShareView Details
Assigner-Israel National Cyber Directorate (INCD)
CVSS Score-5.5||MEDIUM
EPSS-0.06% / 17.09%
||
7 Day CHG~0.00%
Published-30 Jul, 2024 | 08:50
Updated-06 Sep, 2024 | 21:43
Rejected-Not Available
Known To Be Used In Ransomware Campaigns?-Not Available
KEV Added-Not Available
KEV Action Due Date-Not Available
Matrix – Tafnit v8 CWE-646: Reliance on File Name or Extension of Externally-Supplied File

Matrix Tafnit v8 - CWE-646: Reliance on File Name or Extension of Externally-Supplied File

Action-Not Available
Vendor-Matrix I.T. Ltd.
Product-tafnitTafnit v8
CWE ID-CWE-646
Reliance on File Name or Extension of Externally-Supplied File
CWE ID-CWE-345
Insufficient Verification of Data Authenticity
CVE-2024-38431
Assigner-Israel National Cyber Directorate (INCD)
ShareView Details
Assigner-Israel National Cyber Directorate (INCD)
CVSS Score-5.3||MEDIUM
EPSS-0.16% / 37.12%
||
7 Day CHG~0.00%
Published-30 Jul, 2024 | 08:48
Updated-06 Sep, 2024 | 21:41
Rejected-Not Available
Known To Be Used In Ransomware Campaigns?-Not Available
KEV Added-Not Available
KEV Action Due Date-Not Available
Matrix Tafnit v8 - CWE-204: Observable Response Discrepancy

Matrix Tafnit v8 - CWE-204: Observable Response Discrepancy

Action-Not Available
Vendor-Matrix I.T. Ltd.
Product-tafnitTafnit v8tafnit
CWE ID-CWE-204
Observable Response Discrepancy
CWE ID-CWE-203
Observable Discrepancy
CVE-2024-38430
Assigner-Israel National Cyber Directorate (INCD)
ShareView Details
Assigner-Israel National Cyber Directorate (INCD)
CVSS Score-5.4||MEDIUM
EPSS-0.08% / 23.56%
||
7 Day CHG~0.00%
Published-30 Jul, 2024 | 08:47
Updated-06 Sep, 2024 | 21:39
Rejected-Not Available
Known To Be Used In Ransomware Campaigns?-Not Available
KEV Added-Not Available
KEV Action Due Date-Not Available
Matrix - CWE-79: Improper Neutralization of Input During Web Page Generation ('Cross-site Scripting')

Matrix - CWE-79: Improper Neutralization of Input During Web Page Generation ('Cross-site Scripting')

Action-Not Available
Vendor-Matrix I.T. Ltd.
Product-tafnitTafnit v8
CWE ID-CWE-79
Improper Neutralization of Input During Web Page Generation ('Cross-site Scripting')
CVE-2024-38429
Assigner-Israel National Cyber Directorate (INCD)
ShareView Details
Assigner-Israel National Cyber Directorate (INCD)
CVSS Score-7.5||HIGH
EPSS-0.17% / 38.06%
||
7 Day CHG~0.00%
Published-30 Jul, 2024 | 08:45
Updated-06 Sep, 2024 | 21:38
Rejected-Not Available
Known To Be Used In Ransomware Campaigns?-Not Available
KEV Added-Not Available
KEV Action Due Date-Not Available
Matrix - CWE-552: Files or Directories Accessible to External Parties

Matrix Tafnit v8 -  CWE-552: Files or Directories Accessible to External Parties

Action-Not Available
Vendor-Matrix I.T. Ltd.
Product-tafnitTafnit v8tafnit
CWE ID-CWE-552
Files or Directories Accessible to External Parties
CVE-2024-41693
Assigner-Israel National Cyber Directorate (INCD)
ShareView Details
Assigner-Israel National Cyber Directorate (INCD)
CVSS Score-6.1||MEDIUM
EPSS-0.08% / 25.43%
||
7 Day CHG~0.00%
Published-30 Jul, 2024 | 08:28
Updated-19 May, 2025 | 12:38
Rejected-Not Available
Known To Be Used In Ransomware Campaigns?-Not Available
KEV Added-Not Available
KEV Action Due Date-Not Available
Mashov - CWE-80: Improper Neutralization of Script-Related HTML Tags in a Web Page (Basic XSS)

Mashov - CWE-80: Improper Neutralization of Script-Related HTML Tags in a Web Page (Basic XSS)

Action-Not Available
Vendor-priority-softwareMashov
Product-mashovMashov
CWE ID-CWE-80
Improper Neutralization of Script-Related HTML Tags in a Web Page (Basic XSS)
CVE-2024-38438
Assigner-Israel National Cyber Directorate (INCD)
ShareView Details
Assigner-Israel National Cyber Directorate (INCD)
CVSS Score-9.8||CRITICAL
EPSS-0.68% / 70.67%
||
7 Day CHG~0.00%
Published-21 Jul, 2024 | 07:19
Updated-29 Aug, 2024 | 22:14
Rejected-Not Available
Known To Be Used In Ransomware Campaigns?-Not Available
KEV Added-Not Available
KEV Action Due Date-Not Available
D-Link - CWE-294: Authentication Bypass by Capture-replay

D-Link - CWE-294: Authentication Bypass by Capture-replay

Action-Not Available
Vendor-D-Link Corporation
Product-dsl-225dsl-225_firmwareDSL-225dsl-225_firmware
CWE ID-CWE-294
Authentication Bypass by Capture-replay
CVE-2024-38437
Assigner-Israel National Cyber Directorate (INCD)
ShareView Details
Assigner-Israel National Cyber Directorate (INCD)
CVSS Score-9.8||CRITICAL
EPSS-0.80% / 73.03%
||
7 Day CHG~0.00%
Published-21 Jul, 2024 | 07:17
Updated-29 Aug, 2024 | 22:17
Rejected-Not Available
Known To Be Used In Ransomware Campaigns?-Not Available
KEV Added-Not Available
KEV Action Due Date-Not Available
D-Link - CWE-288: Authentication Bypass Using an Alternate Path or Channel

D-Link - CWE-288:Authentication Bypass Using an Alternate Path or Channel

Action-Not Available
Vendor-D-Link Corporation
Product-dsl-225dsl-225_firmwareDSL-225
CWE ID-CWE-288
Authentication Bypass Using an Alternate Path or Channel
CWE ID-CWE-306
Missing Authentication for Critical Function
CVE-2024-38436
Assigner-Israel National Cyber Directorate (INCD)
ShareView Details
Assigner-Israel National Cyber Directorate (INCD)
CVSS Score-6.1||MEDIUM
EPSS-0.07% / 22.27%
||
7 Day CHG~0.00%
Published-21 Jul, 2024 | 07:12
Updated-30 Aug, 2024 | 20:55
Rejected-Not Available
Known To Be Used In Ransomware Campaigns?-Not Available
KEV Added-Not Available
KEV Action Due Date-Not Available
Commugen SOX 365 – CWE-79: Improper Neutralization of Input During Web Page Generation ('Cross-site Scripting')

Commugen SOX 365 – CWE-79: Improper Neutralization of Input During Web Page Generation ('Cross-site Scripting')

Action-Not Available
Vendor-commugenCommugen
Product-sox_365SOX 365
CWE ID-CWE-79
Improper Neutralization of Input During Web Page Generation ('Cross-site Scripting')
CVE-2024-38435
Assigner-Israel National Cyber Directorate (INCD)
ShareView Details
Assigner-Israel National Cyber Directorate (INCD)
CVSS Score-6.5||MEDIUM
EPSS-0.21% / 43.08%
||
7 Day CHG+0.07%
Published-21 Jul, 2024 | 07:10
Updated-21 Jul, 2025 | 14:18
Rejected-Not Available
Known To Be Used In Ransomware Campaigns?-Not Available
KEV Added-Not Available
KEV Action Due Date-Not Available
Unitronics Vision PLC - CWE-703: Improper Check or Handling of Exceptional Conditions

Unitronics Vision PLC – CWE-703: Improper Check or Handling of Exceptional Conditions may allow denial of service

Action-Not Available
Vendor-Unitronics PLC
Product-visilogicVision PLC
CWE ID-CWE-703
Improper Check or Handling of Exceptional Conditions
CVE-2024-38434
Assigner-Israel National Cyber Directorate (INCD)
ShareView Details
Assigner-Israel National Cyber Directorate (INCD)
CVSS Score-6.5||MEDIUM
EPSS-0.13% / 32.97%
||
7 Day CHG-0.01%
Published-21 Jul, 2024 | 07:08
Updated-02 Aug, 2024 | 04:12
Rejected-Not Available
Known To Be Used In Ransomware Campaigns?-Not Available
KEV Added-Not Available
KEV Action Due Date-Not Available
Unitronics Vision PLC - CWE-676: Use of Potentially Dangerous Function

Unitronics Vision PLC – CWE-676: Use of Potentially Dangerous Function may allow security feature bypass

Action-Not Available
Vendor-Unitronics PLC
Product-Vision PLC
CWE ID-CWE-676
Use of Potentially Dangerous Function
CVE-2024-38433
Assigner-Israel National Cyber Directorate (INCD)
ShareView Details
Assigner-Israel National Cyber Directorate (INCD)
CVSS Score-6.7||MEDIUM
EPSS-0.00% / 0.15%
||
7 Day CHG~0.00%
Published-11 Jul, 2024 | 07:50
Updated-02 Aug, 2024 | 04:12
Rejected-Not Available
Known To Be Used In Ransomware Campaigns?-Not Available
KEV Added-Not Available
KEV Action Due Date-Not Available
Nuvoton - CWE-305: Authentication Bypass by Primary Weakness

Nuvoton - CWE-305: Authentication Bypass by Primary Weakness An attacker with write access to the SPI-Flash on an NPCM7xx BMC subsystem that uses the Nuvoton BootBlock reference code can modify the u-boot image header on flash parsed by the BootBlock which could lead to arbitrary code execution.

Action-Not Available
Vendor-nuvotonNuvotonnuvoton
Product-npcm705r_firmwarenpcm710rnpcm750r_firmwarenpcm750rnpcm730r_firmwarenpcm730rnpcm710r_firmwarenpcm705rNPCM7xx (Poleg) BootBlocknpcm7xx_firmware
CWE ID-CWE-305
Authentication Bypass by Primary Weakness
CWE ID-CWE-287
Improper Authentication
CVE-2024-36397
Assigner-Israel National Cyber Directorate (INCD)
ShareView Details
Assigner-Israel National Cyber Directorate (INCD)
CVSS Score-6.1||MEDIUM
EPSS-0.11% / 30.09%
||
7 Day CHG~0.00%
Published-16 Jun, 2024 | 08:06
Updated-08 Aug, 2024 | 14:52
Rejected-Not Available
Known To Be Used In Ransomware Campaigns?-Not Available
KEV Added-Not Available
KEV Action Due Date-Not Available
Vantiva - CWE-79: Improper Neutralization of Input During Web Page Generation ('Cross-site Scripting')

Vantiva - MediaAccess DGA2232 v19.4 - CWE-79: Improper Neutralization of Input During Web Page Generation ('Cross-site Scripting')

Action-Not Available
Vendor-vantivaVantiva
Product-mediaaccess_dga2232_firmwaremediaaccess_dga2232MediaAccess DGA2232
CWE ID-CWE-79
Improper Neutralization of Input During Web Page Generation ('Cross-site Scripting')
CVE-2024-36396
Assigner-Israel National Cyber Directorate (INCD)
ShareView Details
Assigner-Israel National Cyber Directorate (INCD)
CVSS Score-8.8||HIGH
EPSS-0.13% / 33.73%
||
7 Day CHG~0.00%
Published-13 Jun, 2024 | 12:33
Updated-07 Aug, 2024 | 17:40
Rejected-Not Available
Known To Be Used In Ransomware Campaigns?-Not Available
KEV Added-Not Available
KEV Action Due Date-Not Available
Verint - CWE-434: Unrestricted Upload of File with Dangerous Type

Verint - CWE-434: Unrestricted Upload of File with Dangerous Type

Action-Not Available
Vendor-verintVerintverint
Product-workforce_optimizationWFOworkforce_optimization
CWE ID-CWE-434
Unrestricted Upload of File with Dangerous Type
CVE-2024-36395
Assigner-Israel National Cyber Directorate (INCD)
ShareView Details
Assigner-Israel National Cyber Directorate (INCD)
CVSS Score-6.1||MEDIUM
EPSS-0.12% / 32.05%
||
7 Day CHG~0.00%
Published-13 Jun, 2024 | 12:32
Updated-02 Aug, 2024 | 03:37
Rejected-Not Available
Known To Be Used In Ransomware Campaigns?-Not Available
KEV Added-Not Available
KEV Action Due Date-Not Available
Verint - CWE-80: Improper Neutralization of Script-Related HTML Tags in a Web Page (Basic XSS)

Verint - CWE-80: Improper Neutralization of Script-Related HTML Tags in a Web Page (Basic XSS)

Action-Not Available
Vendor-verintVerint
Product-workforce_optimizationWFO
CWE ID-CWE-80
Improper Neutralization of Script-Related HTML Tags in a Web Page (Basic XSS)
CVE-2024-36394
Assigner-Israel National Cyber Directorate (INCD)
ShareView Details
Assigner-Israel National Cyber Directorate (INCD)
CVSS Score-9.1||CRITICAL
EPSS-0.21% / 43.25%
||
7 Day CHG~0.00%
Published-06 Jun, 2024 | 08:20
Updated-02 Aug, 2024 | 03:37
Rejected-Not Available
Known To Be Used In Ransomware Campaigns?-Not Available
KEV Added-Not Available
KEV Action Due Date-Not Available
SysAid - CWE-78: Improper Neutralization of Special Elements used in an OS Command ('OS Command Injection')

SysAid - CWE-78: Improper Neutralization of Special Elements used in an OS Command ('OS Command Injection')

Action-Not Available
Vendor-SysAid Technologies Ltd.
Product-sysaidSysAidsysaid
CWE ID-CWE-78
Improper Neutralization of Special Elements used in an OS Command ('OS Command Injection')
CVE-2024-36393
Assigner-Israel National Cyber Directorate (INCD)
ShareView Details
Assigner-Israel National Cyber Directorate (INCD)
CVSS Score-9.9||CRITICAL
EPSS-0.18% / 39.96%
||
7 Day CHG~0.00%
Published-06 Jun, 2024 | 08:18
Updated-02 Aug, 2024 | 03:37
Rejected-Not Available
Known To Be Used In Ransomware Campaigns?-Not Available
KEV Added-Not Available
KEV Action Due Date-Not Available
SysAid - CWE-89: Improper Neutralization of Special Elements used in an SQL Command ('SQL Injection')

SysAid - CWE-89: Improper Neutralization of Special Elements used in an SQL Command ('SQL Injection')

Action-Not Available
Vendor-SysAid Technologies Ltd.
Product-sysaidSysAidsysaid
CWE ID-CWE-89
Improper Neutralization of Special Elements used in an SQL Command ('SQL Injection')
CVE-2024-36392
Assigner-Israel National Cyber Directorate (INCD)
ShareView Details
Assigner-Israel National Cyber Directorate (INCD)
CVSS Score-6.1||MEDIUM
EPSS-0.12% / 32.05%
||
7 Day CHG~0.00%
Published-02 Jun, 2024 | 13:24
Updated-10 Apr, 2025 | 19:37
Rejected-Not Available
Known To Be Used In Ransomware Campaigns?-Not Available
KEV Added-Not Available
KEV Action Due Date-Not Available
MileSight DeviceHub - CWE-79: Improper Neutralization of Input During Web Page Generation ('Cross-site Scripting')

MileSight DeviceHub - CWE-79: Improper Neutralization of Input During Web Page Generation ('Cross-site Scripting')

Action-Not Available
Vendor-Canonical Ltd.Milesight
Product-ubuntu_linuxdevicehubDeviceHub
CWE ID-CWE-79
Improper Neutralization of Input During Web Page Generation ('Cross-site Scripting')
CVE-2024-36391
Assigner-Israel National Cyber Directorate (INCD)
ShareView Details
Assigner-Israel National Cyber Directorate (INCD)
CVSS Score-9.1||CRITICAL
EPSS-0.03% / 5.49%
||
7 Day CHG~0.00%
Published-02 Jun, 2024 | 13:23
Updated-02 Aug, 2024 | 03:37
Rejected-Not Available
Known To Be Used In Ransomware Campaigns?-Not Available
KEV Added-Not Available
KEV Action Due Date-Not Available
MileSight DeviceHub - CWE-320: Key Management Errors

MileSight DeviceHub - CWE-320: Key Management Errors may allow Authentication Bypass and Man-In-The-Middle Traffic

Action-Not Available
Vendor-Milesight
Product-DeviceHubdevicehub
CWE ID-CWE-320
Not Available
CVE-2024-36390
Assigner-Israel National Cyber Directorate (INCD)
ShareView Details
Assigner-Israel National Cyber Directorate (INCD)
CVSS Score-7.5||HIGH
EPSS-0.13% / 32.72%
||
7 Day CHG~0.00%
Published-02 Jun, 2024 | 13:22
Updated-02 Aug, 2024 | 03:37
Rejected-Not Available
Known To Be Used In Ransomware Campaigns?-Not Available
KEV Added-Not Available
KEV Action Due Date-Not Available
MileSight DeviceHub - CWE-20 Improper Input Validation

MileSight DeviceHub - CWE-20 Improper Input Validation may allow Denial of Service

Action-Not Available
Vendor-Milesight
Product-DeviceHubdevicehub
CWE ID-CWE-20
Improper Input Validation
CVE-2024-36389
Assigner-Israel National Cyber Directorate (INCD)
ShareView Details
Assigner-Israel National Cyber Directorate (INCD)
CVSS Score-9.8||CRITICAL
EPSS-0.04% / 12.36%
||
7 Day CHG~0.00%
Published-02 Jun, 2024 | 13:21
Updated-10 Apr, 2025 | 19:12
Rejected-Not Available
Known To Be Used In Ransomware Campaigns?-Not Available
KEV Added-Not Available
KEV Action Due Date-Not Available
MileSight DeviceHub - CWE-330 Use of Insufficiently Random Values

MileSight DeviceHub - CWE-330 Use of Insufficiently Random Values may allow Authentication Bypass

Action-Not Available
Vendor-Canonical Ltd.Milesight
Product-ubuntu_linuxdevicehubDeviceHubdevicehub
CWE ID-CWE-330
Use of Insufficiently Random Values
CVE-2024-36388
Assigner-Israel National Cyber Directorate (INCD)
ShareView Details
Assigner-Israel National Cyber Directorate (INCD)
CVSS Score-10||CRITICAL
EPSS-0.12% / 31.56%
||
7 Day CHG~0.00%
Published-02 Jun, 2024 | 13:14
Updated-02 Aug, 2024 | 03:37
Rejected-Not Available
Known To Be Used In Ransomware Campaigns?-Not Available
KEV Added-Not Available
KEV Action Due Date-Not Available
MileSight DeviceHub - CWE-305 Missing Authentication for Critical Function

MileSight DeviceHub - CWE-305 Missing Authentication for Critical Function

Action-Not Available
Vendor-Milesight
Product-DeviceHubdevicehub
CWE ID-CWE-305
Authentication Bypass by Primary Weakness
CVE-2024-27776
Assigner-Israel National Cyber Directorate (INCD)
ShareView Details
Assigner-Israel National Cyber Directorate (INCD)
CVSS Score-9.8||CRITICAL
EPSS-0.35% / 56.58%
||
7 Day CHG~0.00%
Published-02 Jun, 2024 | 13:13
Updated-10 Apr, 2025 | 20:24
Rejected-Not Available
Known To Be Used In Ransomware Campaigns?-Not Available
KEV Added-Not Available
KEV Action Due Date-Not Available
MileSight DeviceHub - CWE-22 Improper Limitation of a Pathname to a Restricted Directory ('Path Traversal')

MileSight DeviceHub - CWE-22 Improper Limitation of a Pathname to a Restricted Directory ('Path Traversal') may allow Unauthenticated RCE

Action-Not Available
Vendor-Canonical Ltd.Milesight
Product-ubuntu_linuxdevicehubDeviceHubdevicehub
CWE ID-CWE-22
Improper Limitation of a Pathname to a Restricted Directory ('Path Traversal')
CVE-2024-27775
Assigner-Israel National Cyber Directorate (INCD)
ShareView Details
Assigner-Israel National Cyber Directorate (INCD)
CVSS Score-7.2||HIGH
EPSS-0.13% / 33.56%
||
7 Day CHG~0.00%
Published-28 Mar, 2024 | 12:19
Updated-02 Aug, 2024 | 00:41
Rejected-Not Available
Known To Be Used In Ransomware Campaigns?-Not Available
KEV Added-Not Available
KEV Action Due Date-Not Available
SysAid - CWE-918: Server-Side Request Forgery (SSRF)

SysAid before version 23.2.14 b18 - CWE-918: Server-Side Request Forgery (SSRF) may allow exposing the local OS user's NTLMv2 hash

Action-Not Available
Vendor-SysAid Technologies Ltd.
Product-SysAid
CWE ID-CWE-918
Server-Side Request Forgery (SSRF)
CVE-2024-27774
Assigner-Israel National Cyber Directorate (INCD)
ShareView Details
Assigner-Israel National Cyber Directorate (INCD)
CVSS Score-7.5||HIGH
EPSS-0.07% / 21.03%
||
7 Day CHG~0.00%
Published-18 Mar, 2024 | 13:34
Updated-10 Mar, 2025 | 18:34
Rejected-Not Available
Known To Be Used In Ransomware Campaigns?-Not Available
KEV Added-Not Available
KEV Action Due Date-Not Available
Unitronics Unistream Unilogic – Versions prior to 1.35.227 CWE-259: Use of Hard-coded Password

Unitronics Unistream Unilogic – Versions prior to 1.35.227 - CWE-259: Use of Hard-coded Password may allow disclosing Sensitive Information Embedded inside Device's Firmware

Action-Not Available
Vendor-Unitronics PLC
Product-unilogicUnistream Unilogicunistream_unilogic
CWE ID-CWE-259
Use of Hard-coded Password
CWE ID-CWE-798
Use of Hard-coded Credentials
CVE-2024-27773
Assigner-Israel National Cyber Directorate (INCD)
ShareView Details
Assigner-Israel National Cyber Directorate (INCD)
CVSS Score-8.8||HIGH
EPSS-0.08% / 24.84%
||
7 Day CHG~0.00%
Published-18 Mar, 2024 | 13:32
Updated-10 Mar, 2025 | 18:34
Rejected-Not Available
Known To Be Used In Ransomware Campaigns?-Not Available
KEV Added-Not Available
KEV Action Due Date-Not Available
Unitronics Unistream Unilogic – Versions prior to 1.35.227 CWE-348: Use of Less Trusted Source

Unitronics Unistream Unilogic – Versions prior to 1.35.227 - CWE-348: Use of Less Trusted Source may allow RCE

Action-Not Available
Vendor-Unitronics PLC
Product-unilogicUnistream Unilogicunistream_unilogic
CWE ID-CWE-345
Insufficient Verification of Data Authenticity
CWE ID-CWE-348
Use of Less Trusted Source
CVE-2024-27772
Assigner-Israel National Cyber Directorate (INCD)
ShareView Details
Assigner-Israel National Cyber Directorate (INCD)
CVSS Score-8.8||HIGH
EPSS-0.69% / 70.96%
||
7 Day CHG~0.00%
Published-18 Mar, 2024 | 13:28
Updated-10 Mar, 2025 | 18:34
Rejected-Not Available
Known To Be Used In Ransomware Campaigns?-Not Available
KEV Added-Not Available
KEV Action Due Date-Not Available
Unitronics Unistream Unilogic – Versions prior to 1.35.227 CWE-78: 'OS Command Injection'

Unitronics Unistream Unilogic – Versions prior to 1.35.227 - CWE-78: 'OS Command Injection' may allow RCE

Action-Not Available
Vendor-Unitronics PLC
Product-unilogicUnistream Unilogicunistream_unilogic
CWE ID-CWE-78
Improper Neutralization of Special Elements used in an OS Command ('OS Command Injection')
CVE-2024-27771
Assigner-Israel National Cyber Directorate (INCD)
ShareView Details
Assigner-Israel National Cyber Directorate (INCD)
CVSS Score-8.8||HIGH
EPSS-0.16% / 37.64%
||
7 Day CHG~0.00%
Published-18 Mar, 2024 | 13:27
Updated-10 Mar, 2025 | 18:34
Rejected-Not Available
Known To Be Used In Ransomware Campaigns?-Not Available
KEV Added-Not Available
KEV Action Due Date-Not Available
Unitronics Unistream Unilogic – Versions prior to 1.35.227 CWE-22: 'Path Traversal'

Unitronics Unistream Unilogic – Versions prior to 1.35.227 - CWE-22: 'Path Traversal' may allow RCE

Action-Not Available
Vendor-Unitronics PLC
Product-unilogicUnistream Unilogicunistream_unilogic
CWE ID-CWE-22
Improper Limitation of a Pathname to a Restricted Directory ('Path Traversal')
CVE-2024-27770
Assigner-Israel National Cyber Directorate (INCD)
ShareView Details
Assigner-Israel National Cyber Directorate (INCD)
CVSS Score-8.8||HIGH
EPSS-0.15% / 36.04%
||
7 Day CHG~0.00%
Published-18 Mar, 2024 | 13:23
Updated-10 Mar, 2025 | 18:34
Rejected-Not Available
Known To Be Used In Ransomware Campaigns?-Not Available
KEV Added-Not Available
KEV Action Due Date-Not Available
Unitronics Unistream Unilogic – Versions prior to 1.35.227 CWE-23: Relative Path Traversal

Unitronics Unistream Unilogic – Versions prior to 1.35.227 - CWE-23: Relative Path Traversal

Action-Not Available
Vendor-Unitronics PLC
Product-unilogicUnistream Unilogicunistream_unilogic
CWE ID-CWE-22
Improper Limitation of a Pathname to a Restricted Directory ('Path Traversal')
CWE ID-CWE-23
Relative Path Traversal
CVE-2024-27769
Assigner-Israel National Cyber Directorate (INCD)
ShareView Details
Assigner-Israel National Cyber Directorate (INCD)
CVSS Score-8.8||HIGH
EPSS-0.10% / 28.03%
||
7 Day CHG~0.00%
Published-18 Mar, 2024 | 13:21
Updated-10 Apr, 2025 | 20:24
Rejected-Not Available
Known To Be Used In Ransomware Campaigns?-Not Available
KEV Added-Not Available
KEV Action Due Date-Not Available
Unitronics Unistream Unilogic – Versions prior to 1.35.227 CWE-200: Exposure of Sensitive Information to an Unauthorized Actor

Unitronics Unistream Unilogic – Versions prior to 1.35.227 - CWE-200: Exposure of Sensitive Information to an Unauthorized Actor may allow Taking Ownership Over Devices

Action-Not Available
Vendor-UnitronicsUnitronics PLC
Product-unilogicUnistream Unilogicunistream_unilogic
CWE ID-CWE-200
Exposure of Sensitive Information to an Unauthorized Actor
CVE-2024-27768
Assigner-Israel National Cyber Directorate (INCD)
ShareView Details
Assigner-Israel National Cyber Directorate (INCD)
CVSS Score-9.8||CRITICAL
EPSS-0.15% / 36.03%
||
7 Day CHG~0.00%
Published-18 Mar, 2024 | 13:19
Updated-10 Mar, 2025 | 18:34
Rejected-Not Available
Known To Be Used In Ransomware Campaigns?-Not Available
KEV Added-Not Available
KEV Action Due Date-Not Available
Unitronics Unistream Unilogic – Versions prior to 1.35.227 CWE-22: 'Path Traversal'

Unitronics Unistream Unilogic – Versions prior to 1.35.227 - CWE-22: 'Path Traversal' may allow RCE

Action-Not Available
Vendor-Unitronics PLC
Product-unilogicUnistream Unilogicunistream_unilogic
CWE ID-CWE-22
Improper Limitation of a Pathname to a Restricted Directory ('Path Traversal')
CVE-2024-27767
Assigner-Israel National Cyber Directorate (INCD)
ShareView Details
Assigner-Israel National Cyber Directorate (INCD)
CVSS Score-10||CRITICAL
EPSS-0.06% / 18.10%
||
7 Day CHG~0.00%
Published-18 Mar, 2024 | 13:13
Updated-10 Mar, 2025 | 18:34
Rejected-Not Available
Known To Be Used In Ransomware Campaigns?-Not Available
KEV Added-Not Available
KEV Action Due Date-Not Available
Unitronics Unistream Unilogic – Versions prior to 1.35.227 CWE-287: Improper Authentication

CWE-287: Improper Authentication may allow Authentication Bypass

Action-Not Available
Vendor-Unitronics PLC
Product-unilogicUnistream Unilogicunistream_unilogic
CWE ID-CWE-287
Improper Authentication
CVE-2023-42495
Assigner-Israel National Cyber Directorate (INCD)
ShareView Details
Assigner-Israel National Cyber Directorate (INCD)
CVSS Score-9.8||CRITICAL
EPSS-0.35% / 56.61%
||
7 Day CHG~0.00%
Published-13 Dec, 2023 | 12:48
Updated-02 Aug, 2024 | 19:23
Rejected-Not Available
Known To Be Used In Ransomware Campaigns?-Not Available
KEV Added-Not Available
KEV Action Due Date-Not Available
Dasan Networks - W-Web versions 1.22-1.27 - CWE-78: Improper Neutralization of Special Elements used in an OS Command ('OS Command Injection')

Dasan Networks - W-Web versions 1.22-1.27 - CWE-78: Improper Neutralization of Special Elements used in an OS Command ('OS Command Injection')

Action-Not Available
Vendor-dasannetworksDasan Networks
Product-w-webDasan Networks
CWE ID-CWE-78
Improper Neutralization of Special Elements used in an OS Command ('OS Command Injection')
CVE-2023-42494
Assigner-Israel National Cyber Directorate (INCD)
ShareView Details
Assigner-Israel National Cyber Directorate (INCD)
CVSS Score-7.5||HIGH
EPSS-0.22% / 44.77%
||
7 Day CHG~0.00%
Published-25 Oct, 2023 | 14:45
Updated-10 Sep, 2024 | 19:51
Rejected-Not Available
Known To Be Used In Ransomware Campaigns?-Not Available
KEV Added-Not Available
KEV Action Due Date-Not Available
EisBaer Scada - CWE-749: Exposed Dangerous Method or Function

EisBaer Scada - CWE-749: Exposed Dangerous Method or Function

Action-Not Available
Vendor-busbaerEisBaer Scada
Product-eisbaer_scadav3.0.6433.1964
CWE ID-CWE-749
Exposed Dangerous Method or Function
CVE-2023-42493
Assigner-Israel National Cyber Directorate (INCD)
ShareView Details
Assigner-Israel National Cyber Directorate (INCD)
CVSS Score-7.1||HIGH
EPSS-0.12% / 31.76%
||
7 Day CHG~0.00%
Published-25 Oct, 2023 | 14:43
Updated-10 Sep, 2024 | 19:52
Rejected-Not Available
Known To Be Used In Ransomware Campaigns?-Not Available
KEV Added-Not Available
KEV Action Due Date-Not Available
EisBaer Scada - CWE-256: Plaintext Storage of a Password

EisBaer Scada - CWE-256: Plaintext Storage of a Password

Action-Not Available
Vendor-busbaerEisBaer Scada
Product-eisbaer_scadav3.0.6433.1964
CWE ID-CWE-256
Plaintext Storage of a Password
CVE-2023-42492
Assigner-Israel National Cyber Directorate (INCD)
ShareView Details
Assigner-Israel National Cyber Directorate (INCD)
CVSS Score-7.1||HIGH
EPSS-0.12% / 31.76%
||
7 Day CHG~0.00%
Published-25 Oct, 2023 | 14:42
Updated-10 Sep, 2024 | 19:53
Rejected-Not Available
Known To Be Used In Ransomware Campaigns?-Not Available
KEV Added-Not Available
KEV Action Due Date-Not Available
EisBaer Scada - CWE-321: Use of Hard-coded Cryptographic Key

EisBaer Scada - CWE-321: Use of Hard-coded Cryptographic Key

Action-Not Available
Vendor-busbaerEisBaer Scada
Product-eisbaer_scadav3.0.6433.1964
CWE ID-CWE-321
Use of Hard-coded Cryptographic Key
CWE ID-CWE-798
Use of Hard-coded Credentials
CVE-2023-42490
Assigner-Israel National Cyber Directorate (INCD)
ShareView Details
Assigner-Israel National Cyber Directorate (INCD)
CVSS Score-7.5||HIGH
EPSS-0.22% / 44.19%
||
7 Day CHG~0.00%
Published-25 Oct, 2023 | 14:41
Updated-10 Sep, 2024 | 20:35
Rejected-Not Available
Known To Be Used In Ransomware Campaigns?-Not Available
KEV Added-Not Available
KEV Action Due Date-Not Available
EisBaer Scada - CWE-200: Exposure of Sensitive Information to an Unauthorized Actor

EisBaer Scada - CWE-200: Exposure of Sensitive Information to an Unauthorized Actor

Action-Not Available
Vendor-busbaerEisBaer Scada
Product-eisbaer_scadav3.0.6433.1964
CWE ID-CWE-200
Exposure of Sensitive Information to an Unauthorized Actor
CVE-2023-42489
Assigner-Israel National Cyber Directorate (INCD)
ShareView Details
Assigner-Israel National Cyber Directorate (INCD)
CVSS Score-7.5||HIGH
EPSS-0.20% / 41.84%
||
7 Day CHG~0.00%
Published-25 Oct, 2023 | 14:40
Updated-10 Sep, 2024 | 19:55
Rejected-Not Available
Known To Be Used In Ransomware Campaigns?-Not Available
KEV Added-Not Available
KEV Action Due Date-Not Available
EisBaer Scada - CWE-732: Incorrect Permission Assignment for Critical Resource

EisBaer Scada - CWE-732: Incorrect Permission Assignment for Critical Resource

Action-Not Available
Vendor-busbaerEisBaer Scada
Product-eisbaer_scadav3.0.6433.1964
CWE ID-CWE-732
Incorrect Permission Assignment for Critical Resource
CVE-2023-42488
Assigner-Israel National Cyber Directorate (INCD)
ShareView Details
Assigner-Israel National Cyber Directorate (INCD)
CVSS Score-7.5||HIGH
EPSS-0.22% / 44.63%
||
7 Day CHG~0.00%
Published-25 Oct, 2023 | 14:37
Updated-17 Sep, 2024 | 13:40
Rejected-Not Available
Known To Be Used In Ransomware Campaigns?-Not Available
KEV Added-Not Available
KEV Action Due Date-Not Available
EisBaer Scada - CWE-22: Improper Limitation of a Pathname to a Restricted Directory ('Path Traversal')

EisBaer Scada - CWE-22: Improper Limitation of a Pathname to a Restricted Directory ('Path Traversal')

Action-Not Available
Vendor-busbaerEisBaer Scada
Product-eisbaer_scadav3.0.6433.1964
CWE ID-CWE-22
Improper Limitation of a Pathname to a Restricted Directory ('Path Traversal')
  • Previous
  • 1
  • 2
  • 3
  • 4
  • 5
  • Next