Threat and Vulnerability Intelligence Database
Example Searches:
CVE
Threat Actors
Countries
Vendors
Severity
Known Exploited
CVE-2024-38077 |
Description: Windows Remote Desktop Licensing Service Remote Code Execution Vulnerability
CVSS: CRITICAL (9.8) EPSS Score: 0.05%
December 11th, 2024 (4 months ago)
|
|
CVE-2024-38076 |
Description: Windows Remote Desktop Licensing Service Remote Code Execution Vulnerability
CVSS: CRITICAL (9.8) EPSS Score: 0.05%
December 11th, 2024 (4 months ago)
|
|
CVE-2024-38074 |
Description: Windows Remote Desktop Licensing Service Remote Code Execution Vulnerability
CVSS: CRITICAL (9.8) EPSS Score: 0.05%
December 11th, 2024 (4 months ago)
|
|
CVE-2024-37143 |
Description: Dell PowerFlex appliance versions prior to IC 46.381.00 and IC 46.376.00, Dell PowerFlex rack versions prior to RCM 3.8.1.0 (for RCM 3.8.x train) and prior to RCM 3.7.6.0 (for RCM 3.7.x train), Dell PowerFlex custom node using PowerFlex Manager versions prior to 4.6.1.0, Dell InsightIQ versions prior to 5.1.1, and Dell Data Lakehouse versions prior to 1.2.0.0 contain an Improper Link Resolution Before File Access vulnerability. An unauthenticated attacker with remote access could potentially exploit this vulnerability to execute arbitrary code on the system.
CVSS: CRITICAL (10.0) EPSS Score: 0.04%
December 11th, 2024 (4 months ago)
|
|
CVE-2024-33610 |
Description: "sessionlist.html" and "sys_trayentryreboot.html" are accessible with no authentication. "sessionlist.html" provides logged-in users' session information including session cookies, and "sys_trayentryreboot.html" allows to reboot the device. As for the details of affected product names, model numbers, and versions, refer to the information provided by the respective vendors listed under [References].
CVSS: CRITICAL (9.1) EPSS Score: 0.09%
December 11th, 2024 (4 months ago)
|
|
CVE-2024-28038 |
Description: The web interface of the affected devices processes a cookie value improperly, leading to a stack buffer overflow. More precisely, giving too long character string to MFPSESSIONID parameter results in a stack buffer overflow. As for the details of affected product names, model numbers, and versions, refer to the information provided by the respective vendors listed under [References].
CVSS: CRITICAL (9.0) EPSS Score: 0.04%
December 11th, 2024 (4 months ago)
|
|
CVE-2024-12286 |
Description: MOBATIME Network Master Clock - DTS 4801 allows attackers to use SSH to gain initial access using default credentials.
CVSS: CRITICAL (9.3) EPSS Score: 0.04%
December 11th, 2024 (4 months ago)
|
|
CVE-2024-11773 |
Description: SQL injection in the admin web console of Ivanti CSA before version 5.0.3 allows a remote authenticated attacker with admin privileges to run arbitrary SQL statements.
CVSS: CRITICAL (9.1) EPSS Score: 0.05%
December 11th, 2024 (4 months ago)
|
|
CVE-2024-11772 |
Description: Command injection in the admin web console of Ivanti CSA before version 5.0.3 allows a remote authenticated attacker with admin privileges to achieve remote code execution.
CVSS: CRITICAL (9.1) EPSS Score: 0.06%
December 11th, 2024 (4 months ago)
|
|
CVE-2024-11639 |
Description: An authentication bypass in the admin web console of Ivanti CSA before 5.0.3 allows a remote unauthenticated attacker to gain administrative access
CVSS: CRITICAL (10.0) EPSS Score: 0.09%
December 11th, 2024 (4 months ago)
|