Threat and Vulnerability Intelligence Database
Example Searches:
CVE
Threat Actors
Countries
Vendors
Severity
Known Exploited
CVE-2024-50381 |
Description: A vulnerability exists in Snap One OVRC cloud where an attacker can impersonate a Hub device and send requests to claim and unclaim devices. The attacker only needs to provide the MAC address of the targeted device and can make a request to unclaim it from its original connection and make a request to claim it.
CVSS: HIGH (8.8) EPSS Score: 0.04%
December 3rd, 2024 (5 months ago)
|
|
CVE-2024-50380 |
Description: Snap One OVRC cloud uses the MAC address as an identifier to provide information when requested. An attacker can impersonate other devices by supplying enumerated MAC addresses and receive sensitive information about the device.
CVSS: HIGH (8.7) EPSS Score: 0.04%
December 3rd, 2024 (5 months ago)
|
|
CVE-2024-5011 |
Description: In WhatsUp Gold versions released before 2023.1.3, an uncontrolled resource consumption vulnerability exists. A specially crafted unauthenticated HTTP request to the TestController Chart functionality can lead to denial of service.
CVSS: HIGH (7.5) EPSS Score: 0.05%
December 3rd, 2024 (5 months ago)
|
|
CVE-2024-5010 |
Description: In WhatsUp Gold versions released before 2023.1.3, a vulnerability exists in the TestController functionality. A specially crafted
unauthenticated
HTTP request can lead to a disclosure of sensitive information.
CVSS: HIGH (7.5) EPSS Score: 0.06%
December 3rd, 2024 (5 months ago)
|
|
CVE-2024-49763 |
Description: PlexRipper is a cross-platform media downloader for Plex. PlexRipper’s open CORS policy allows attackers to gain sensitive information from PlexRipper by getting the user to access the attacker’s domain. This allows an attacking website to access the /api/PlexAccount endpoint and steal the user’s Plex login. This vulnerability is fixed in 0.24.0.
CVSS: HIGH (8.7) EPSS Score: 0.04%
December 3rd, 2024 (5 months ago)
|
|
CVE-2024-46908 |
Description: In WhatsUp Gold versions released before 2024.0.1, a SQL Injection vulnerability allows an authenticated low-privileged user (at least Report Viewer permissions required)
to achieve privilege escalation to the admin account.
CVSS: HIGH (8.8) EPSS Score: 0.06%
December 3rd, 2024 (5 months ago)
|
|
CVE-2024-46907 |
Description: In WhatsUp Gold versions released before 2024.0.1, a SQL Injection vulnerability allows an authenticated low-privileged user (at least Report Viewer permissions required) to achieve privilege escalation to the admin account.
CVSS: HIGH (8.8) EPSS Score: 0.06%
December 3rd, 2024 (5 months ago)
|
|
CVE-2024-46906 |
Description: In WhatsUp Gold versions released before 2024.0.1, a SQL Injection vulnerability allows an authenticated low-privileged user (at least Report Viewer permissions required) to achieve privilege escalation to the admin account.
CVSS: HIGH (8.8) EPSS Score: 0.06%
December 3rd, 2024 (5 months ago)
|
|
CVE-2024-46905 |
Description: In WhatsUp Gold versions released before 2024.0.1, a SQL Injection vulnerability allows an authenticated lower-privileged user (at least Network Manager permissions required) to achieve privilege escalation to the admin account.
CVSS: HIGH (8.8) EPSS Score: 0.06%
December 3rd, 2024 (5 months ago)
|
|
CVE-2024-43053 |
Description: Memory corruption while invoking IOCTL calls from user space to read WLAN target diagnostic information.
CVSS: HIGH (7.8) EPSS Score: 0.04%
December 3rd, 2024 (5 months ago)
|