14Finger
by 14Finger
CVEs (3)
| CVE | Vendor / Product | Sev | Risk | CVSS | EPSS | KEV | Published | Description |
|---|---|---|---|---|---|---|---|---|
| CVE-2024-37770 | 0.01 | — | 0.11 | Jul 10, 2024 | 14Finger v1.1 was discovered to contain a remote command execution (RCE) vulnerability in the fingerprint function. This vulnerability allows attackers to execute arbitrary commands via a crafted payload. | |||
| CVE-2024-37767 | 0.00 | — | 0.00 | Jul 5, 2024 | Insecure permissions in the component /api/admin/user of 14Finger v1.1 allows attackers to access all user information via a crafted GET request. | |||
| CVE-2024-37768 | 0.00 | — | 0.00 | Jul 5, 2024 | 14Finger v1.1 was discovered to contain an arbitrary user deletion vulnerability via the component /api/admin/user?id. |
- CVE-2024-37770Jul 10, 2024risk 0.01cvss —epss 0.11
14Finger v1.1 was discovered to contain a remote command execution (RCE) vulnerability in the fingerprint function. This vulnerability allows attackers to execute arbitrary commands via a crafted payload.
- CVE-2024-37767Jul 5, 2024risk 0.00cvss —epss 0.00
Insecure permissions in the component /api/admin/user of 14Finger v1.1 allows attackers to access all user information via a crafted GET request.
- CVE-2024-37768Jul 5, 2024risk 0.00cvss —epss 0.00
14Finger v1.1 was discovered to contain an arbitrary user deletion vulnerability via the component /api/admin/user?id.