Threat and Vulnerability Intelligence Database
Example Searches:
CVE
Threat Actors
Countries
Vendors
Severity
Known Exploited
CVE-2024-50361 |
Description: A CWE-78 "Improper Neutralization of Special Elements used in an OS Command ('OS Command Injection')" was discovered affecting the following devices manufactured by Advantech: EKI-6333AC-2G (<= 1.6.3), EKI-6333AC-2GD (<= v1.6.3) and EKI-6333AC-1GPO (<= v1.2.1). The source of the vulnerability relies on multiple parameters belonging to the "certificate_file_remove" API which are not properly sanitized before being concatenated to OS level commands.
CVSS: HIGH (7.2) EPSS Score: 0.04%
November 27th, 2024 (5 months ago)
|
|
CVE-2024-50360 |
Description: A CWE-78 "Improper Neutralization of Special Elements used in an OS Command ('OS Command Injection')" was discovered affecting the following devices manufactured by Advantech: EKI-6333AC-2G (<= 1.6.3), EKI-6333AC-2GD (<= v1.6.3) and EKI-6333AC-1GPO (<= v1.2.1). The source of the vulnerability relies on multiple parameters belonging to the "snmp_apply" API which are not properly sanitized before being concatenated to OS level commands.
CVSS: HIGH (7.2) EPSS Score: 0.04%
November 27th, 2024 (5 months ago)
|
|
CVE-2024-50359 |
Description: A CWE-78 "Improper Neutralization of Special Elements used in an OS Command ('OS Command Injection')" was discovered affecting the following devices manufactured by Advantech: EKI-6333AC-2G (<= 1.6.3), EKI-6333AC-2GD (<= v1.6.3) and EKI-6333AC-1GPO (<= v1.2.1). The source of the vulnerability relies on multiple parameters belonging to the "scan_ap" API which are not properly sanitized before being concatenated to OS level commands.
CVSS: HIGH (7.2) EPSS Score: 0.04%
November 27th, 2024 (5 months ago)
|
|
CVE-2024-50358 |
Description: A CWE-15 "External Control of System or Configuration Setting" was discovered affecting the following devices manufactured by Advantech: EKI-6333AC-2G (<= 1.6.3), EKI-6333AC-2GD (<= v1.6.3) and EKI-6333AC-1GPO (<= v1.2.1). The vulnerability can be exploited by authenticated users by restoring a tampered configuration backup.
CVSS: HIGH (7.2) EPSS Score: 0.04%
November 27th, 2024 (5 months ago)
|
|
CVE-2024-50054 |
Description: The back-end does not sufficiently verify the user-controlled filename parameter which makes it possible for an attacker to perform a path traversal attack and retrieve arbitrary files from the file system.
CVSS: HIGH (7.5) EPSS Score: 0.04%
November 27th, 2024 (5 months ago)
|
|
CVE-2024-49597 |
Description: Dell Wyse Management Suite, versions WMS 4.4 and prior, contain an Improper Restriction of Excessive Authentication Attempts vulnerability. A high privileged attacker with remote access could potentially exploit this vulnerability, leading to Protection mechanism bypass.
CVSS: HIGH (7.6) EPSS Score: 0.04%
November 27th, 2024 (5 months ago)
|
|
CVE-2024-49595 |
Description: Dell Wyse Management Suite, version WMS 4.4 and before, contain an Authentication Bypass by Capture-replay vulnerability. A high privileged attacker with remote access could potentially exploit this vulnerability, leading to Denial of service.
CVSS: HIGH (7.6) EPSS Score: 0.04%
November 27th, 2024 (5 months ago)
|
|
CVE-2024-49574 |
Description: Zohocorp ManageEngine ADAudit Plus versions below 8123 are vulnerable to SQL Injection in the reports module.
CVSS: HIGH (8.3) EPSS Score: 0.39%
November 27th, 2024 (5 months ago)
|
|
CVE-2024-49353 |
Description: IBM Watson Speech Services Cartridge for IBM Cloud Pak for Data 4.0.0 through 5.0.2 does not properly check inputs to resources that are used concurrently, which might lead to unexpected states, possibly resulting in a crash.
CVSS: HIGH (7.5) EPSS Score: 0.04%
November 27th, 2024 (5 months ago)
|
|
CVE-2024-49060 |
Description: Azure Stack HCI Elevation of Privilege Vulnerability
CVSS: HIGH (8.8) EPSS Score: 0.05%
November 27th, 2024 (5 months ago)
|