Threat and Vulnerability Intelligence Database
Example Searches:
CVE
Threat Actors
Countries
Vendors
Severity
Known Exploited
CVE-2024-37144 |
Description: Dell PowerFlex appliance versions prior to IC 46.381.00 and IC 46.376.00, Dell PowerFlex rack versions prior to RCM 3.8.1.0 (for RCM 3.8.x train) and prior to RCM 3.7.6.0 (for RCM 3.7.x train), Dell PowerFlex custom node using PowerFlex Manager versions prior to 4.6.1.0, Dell InsightIQ versions prior to 5.1.1, and Dell Data Lakehouse versions prior to 1.2.0.0 contain an Insecure Storage of Sensitive Information vulnerability. A high privileged attacker with local access could potentially exploit this vulnerability, leading to information disclosure. The attacker may be able to use information disclosed to gain unauthorized access to pods within the cluster.
CVSS: HIGH (8.2) EPSS Score: 0.04%
December 11th, 2024 (4 months ago)
|
|
CVE-2024-36991 |
Description: In Splunk Enterprise on Windows versions below 9.2.2, 9.1.5, and 9.0.10, an attacker could perform a path traversal on the /modules/messaging/ endpoint in Splunk Enterprise on Windows. This vulnerability should only affect Splunk Enterprise on Windows.
CVSS: HIGH (7.5) EPSS Score: 12.01%
December 11th, 2024 (4 months ago)
|
|
CVE-2024-36985 |
Description: In Splunk Enterprise versions below 9.2.2, 9.1.5, and 9.0.10, a low-privileged user that does not hold the admin or power Splunk roles could cause a Remote Code Execution through an external lookup that references the “splunk_archiver“ application.
CVSS: HIGH (8.8) EPSS Score: 0.04%
December 11th, 2024 (4 months ago)
|
|
CVE-2024-36984 |
Description: In Splunk Enterprise versions below 9.2.2, 9.1.5, and 9.0.10 on Windows, an authenticated user could execute a specially crafted query that they could then use to serialize untrusted data. The attacker could use the query to execute arbitrary code.
CVSS: HIGH (8.8) EPSS Score: 0.04%
December 11th, 2024 (4 months ago)
|
|
CVE-2024-36983 |
Description: In Splunk Enterprise versions below 9.2.2, 9.1.5, and 9.0.10 and Splunk Cloud Platform versions below 9.1.2312.109 and 9.1.2308.207, an authenticated user could create an external lookup that calls a legacy internal function. The authenticated user could use this internal function to insert code into the Splunk platform installation directory. From there, the user could execute arbitrary code on the Splunk platform Instance.
CVSS: HIGH (8.0) EPSS Score: 0.04%
December 11th, 2024 (4 months ago)
|
|
CVE-2024-36982 |
Description: In Splunk Enterprise versions below 9.2.2, 9.1.5, and 9.0.10 and Splunk Cloud Platform versions below 9.1.2312.109 and 9.1.2308.207, an attacker could trigger a null pointer reference on the cluster/config REST endpoint, which could result in a crash of the Splunk daemon.
CVSS: HIGH (7.5) EPSS Score: 0.05%
December 11th, 2024 (4 months ago)
|
|
CVE-2024-35272 |
Description: SQL Server Native Client OLE DB Provider Remote Code Execution Vulnerability
CVSS: HIGH (8.8) EPSS Score: 0.05%
December 11th, 2024 (4 months ago)
|
|
CVE-2024-35271 |
Description: SQL Server Native Client OLE DB Provider Remote Code Execution Vulnerability
CVSS: HIGH (8.8) EPSS Score: 0.05%
December 11th, 2024 (4 months ago)
|
|
CVE-2024-35267 |
Description: Azure DevOps Server Spoofing Vulnerability
CVSS: HIGH (7.6) EPSS Score: 0.05%
December 11th, 2024 (4 months ago)
|
|
CVE-2024-35266 |
Description: Azure DevOps Server Spoofing Vulnerability
CVSS: HIGH (7.6) EPSS Score: 0.05%
December 11th, 2024 (4 months ago)
|