CVE-2024-35522 |
Description: Netgear EX3700 ' AC750 WiFi Range Extender Essentials Edition before 1.0.0.98 contains an authenticated command injection in operating_mode.cgi via the ap_mode parameter with ap_24g_manual set to 1 and ap_24g_manual_sec set to NotNone.
CVSS: HIGH (8.4) EPSS Score: 2.83% SSVC Exploitation: none
March 13th, 2025 (4 months ago)
|
CVE-2024-35517 |
Description: Netgear XR1000 v1.0.0.64 is vulnerable to command injection in usb_remote_smb_conf.cgi via the share_name parameter.
CVSS: HIGH (8.4) EPSS Score: 2.11% SSVC Exploitation: none
March 13th, 2025 (4 months ago)
|
CVE-2024-21255 |
Description: Vulnerability in the PeopleSoft Enterprise PeopleTools product of Oracle PeopleSoft (component: XMLPublisher). Supported versions that are affected are 8.59, 8.60 and 8.61. Easily exploitable vulnerability allows low privileged attacker with network access via HTTP to compromise PeopleSoft Enterprise PeopleTools. Successful attacks of this vulnerability can result in takeover of PeopleSoft Enterprise PeopleTools. CVSS 3.1 Base Score 8.8 (Confidentiality, Integrity and Availability impacts). CVSS Vector: (CVSS:3.1/AV:N/AC:L/PR:L/UI:N/S:U/C:H/I:H/A:H).
CVSS: HIGH (8.8) EPSS Score: 0.26% SSVC Exploitation: none
March 13th, 2025 (4 months ago)
|
CVE-2024-21195 |
Description: Vulnerability in the Oracle BI Publisher product of Oracle Analytics (component: Layout Templates). Supported versions that are affected are 7.0.0.0.0, 7.6.0.0.0 and 12.2.1.4.0. Easily exploitable vulnerability allows low privileged attacker with network access via HTTP to compromise Oracle BI Publisher. Successful attacks of this vulnerability can result in unauthorized access to critical data or complete access to all Oracle BI Publisher accessible data as well as unauthorized update, insert or delete access to some of Oracle BI Publisher accessible data and unauthorized ability to cause a partial denial of service (partial DOS) of Oracle BI Publisher. CVSS 3.1 Base Score 7.6 (Confidentiality, Integrity and Availability impacts). CVSS Vector: (CVSS:3.1/AV:N/AC:L/PR:L/UI:N/S:U/C:H/I:L/A:L).
CVSS: HIGH (7.6) EPSS Score: 0.13% SSVC Exploitation: none
March 13th, 2025 (4 months ago)
|
CVE-2024-21103 |
Description: Vulnerability in the Oracle VM VirtualBox product of Oracle Virtualization (component: Core). Supported versions that are affected are Prior to 7.0.16. Easily exploitable vulnerability allows low privileged attacker with logon to the infrastructure where Oracle VM VirtualBox executes to compromise Oracle VM VirtualBox. Successful attacks of this vulnerability can result in takeover of Oracle VM VirtualBox. Note: This vulnerability applies to Linux hosts only. CVSS 3.1 Base Score 7.8 (Confidentiality, Integrity and Availability impacts). CVSS Vector: (CVSS:3.1/AV:L/AC:L/PR:L/UI:N/S:U/C:H/I:H/A:H).
CVSS: HIGH (7.8) EPSS Score: 0.07% SSVC Exploitation: none
March 13th, 2025 (4 months ago)
|
CVE-2024-21689 |
Description: This High severity RCE (Remote Code Execution) vulnerability CVE-2024-21689 was introduced in versions 9.1.0, 9.2.0, 9.3.0, 9.4.0, 9.5.0, and 9.6.0 of Bamboo Data Center and Server.
This RCE (Remote Code Execution) vulnerability, with a CVSS Score of 7.6, allows an authenticated attacker to execute arbitrary code which has high impact to confidentiality, high impact to integrity, high impact to availability, and requires user interaction.
Atlassian recommends that Bamboo Data Center and Server customers upgrade to latest version, if you are unable to do so, upgrade your instance to one of the specified supported fixed versions:
Bamboo Data Center and Server 9.2: Upgrade to a release greater than or equal to 9.2.17
Bamboo Data Center and Server 9.6: Upgrade to a release greater than or equal to 9.6.5
See the release notes ([https://confluence.atlassian.com/bambooreleases/bamboo-release-notes-1189793869.html]). You can download the latest version of Bamboo Data Center and Server from the download center ([https://www.atlassian.com/software/bamboo/download-archives]).
This vulnerability was reported via our Bug Bounty program.
CVSS: HIGH (7.6) EPSS Score: 40.82% SSVC Exploitation: none
March 13th, 2025 (4 months ago)
|
CVE-2024-1174 |
Description: Previous versions of HP ThinPro (prior to HP ThinPro 8.0 SP 8) could potentially contain security vulnerabilities. HP has released HP ThinPro 8.0 SP 8, which includes updates to mitigate potential vulnerabilities.
CVSS: HIGH (8.2) EPSS Score: 0.06% SSVC Exploitation: none
March 13th, 2025 (4 months ago)
|
CVE-2024-9005 |
Description: CWE-502: Deserialization of Untrusted Data vulnerability exists that could allow code to be
remotely executed on the server when unsafely deserialized data is posted to the web server.
CVSS: HIGH (7.3) EPSS Score: 0.1% SSVC Exploitation: none
March 13th, 2025 (4 months ago)
|
CVE-2024-45335 |
Description: Trend Micro Antivirus One, version 3.10.4 and below contains a vulnerability that could allow an attacker to use a specifically crafted virus to allow itself to bypass and evade a virus scan detection.
CVSS: HIGH (8.4) EPSS Score: 0.03% SSVC Exploitation: none
March 13th, 2025 (4 months ago)
|
CVE-2024-37289 |
Description: An improper access control vulnerability in Trend Micro Apex One could allow a local attacker to escalate privileges on affected installations.
Please note: an attacker must first obtain the ability to execute low-privileged code on the target system in order to exploit this vulnerability.
CVSS: HIGH (7.8) EPSS Score: 0.04% SSVC Exploitation: none
March 13th, 2025 (4 months ago)
|