Threat and Vulnerability Intelligence Database

RSS Feed

Example Searches:

CVE
Threat Actors
Countries
Vendors
Severity
Known Exploited

CVE-2024-38831
Local privilege escalation vulnerability (CVE-2024-38831)
Description: VMware Aria Operations contains a local privilege escalation vulnerability.  A malicious actor with local administrative privileges can insert malicious commands into the properties file to escalate privileges to  a root user on the appliance running VMware Aria Operations.

CVSS: HIGH (7.8)

EPSS Score: 0.04%

Source: CVE
November 27th, 2024 (5 months ago)

CVE-2024-38830
Local privilege escalation vulnerability
Description: VMware Aria Operations contains a local privilege escalation vulnerability. A malicious actor with local administrative privileges may trigger this vulnerability to escalate privileges to root user on the appliance running VMware Aria Operations.

CVSS: HIGH (7.8)

EPSS Score: 0.04%

Source: CVE
November 27th, 2024 (5 months ago)

CVE-2024-38255
SQL Server Native Client Remote Code Execution Vulnerability
Description: SQL Server Native Client Remote Code Execution Vulnerability

CVSS: HIGH (8.8)

EPSS Score: 0.15%

Source: CVE
November 27th, 2024 (5 months ago)

CVE-2024-36254
Description: Out-of-bounds read vulnerability exists in Sharp Corporation and Toshiba Tec Corporation multiple MFPs (multifunction printers), which may lead to a denial-of-service (DoS) condition.

CVSS: HIGH (7.5)

EPSS Score: 0.05%

Source: CVE
November 27th, 2024 (5 months ago)

CVE-2024-36251
Description: The web interface of the affected devices process some crafted HTTP requests improperly, leading to a device crash. More precisely, a crafted parameter to billcodedef_sub_sel.html is not processed properly and device-crash happens. As for the details of affected product names, model numbers, and versions, refer to the information provided by the respective vendors listed under [References].

CVSS: HIGH (7.5)

EPSS Score: 0.04%

Source: CVE
November 27th, 2024 (5 months ago)

CVE-2024-36249
Description: Cross-site scripting vulnerability exists in Sharp Corporation and Toshiba Tech Corporation multiple MFPs (multifunction printers). If this vulnerability is exploited, an arbitrary script may be executed on the administrative page of the affected MFPs. As for the details of affected product names, model numbers, and versions, refer to the information provided by the respective vendors listed under [References].

CVSS: HIGH (7.4)

EPSS Score: 0.05%

Source: CVE
November 27th, 2024 (5 months ago)

CVE-2024-11691
Description: Certain WebGL operations on Apple silicon M series devices could have lead to an out-of-bounds write and memory corruption due to a flaw in Apple's GPU driver. *This bug only affected the application on Apple M series hardware. Other platforms were unaffected.* This vulnerability affects Firefox < 133, Firefox ESR < 128.5, Firefox ESR < 115.18, Thunderbird < 133, and Thunderbird < 128.5.

CVSS: HIGH (8.8)

EPSS Score: 0.04%

Source: CVE
November 27th, 2024 (5 months ago)

CVE-2024-11664
eNMS TGZ File controller.py multiselect_filtering path traversal
Description: A vulnerability, which was classified as critical, has been found in eNMS up to 4.2. Affected by this issue is the function multiselect_filtering of the file eNMS/controller.py of the component TGZ File Handler. The manipulation leads to path traversal. The attack may be launched remotely. The exploit has been disclosed to the public and may be used. The patch is identified as 22b0b443acca740fc83b5544165c1f53eff3f529. It is recommended to apply a patch to fix this issue. Eine kritische Schwachstelle wurde in eNMS bis 4.2 entdeckt. Es geht hierbei um die Funktion multiselect_filtering der Datei eNMS/controller.py der Komponente TGZ File Handler. Durch Manipulieren mit unbekannten Daten kann eine path traversal-Schwachstelle ausgenutzt werden. Der Angriff kann über das Netzwerk angegangen werden. Der Exploit steht zur öffentlichen Verfügung. Der Patch wird als 22b0b443acca740fc83b5544165c1f53eff3f529 bezeichnet. Als bestmögliche Massnahme wird Patching empfohlen.

CVSS: HIGH (8.7)

EPSS Score: 0.32%

Source: CVE
November 27th, 2024 (5 months ago)

CVE-2024-11622
Description: An XML external entity injection (XXE) vulnerability in HPE Insight Remote Support may allow remote users to disclose information in certain cases.

CVSS: HIGH (7.3)

EPSS Score: 0.09%

Source: CVE
November 27th, 2024 (5 months ago)

CVE-2024-11415
WP-Orphanage Extended <= 1.2 - Cross-Site Request Forgery to Orphan Account Privilege Escalation
Description: The WP-Orphanage Extended plugin for WordPress is vulnerable to Cross-Site Request Forgery in all versions up to, and including, 1.2. This is due to missing or incorrect nonce validation on the wporphanageex_menu_settings() function. This makes it possible for unauthenticated attackers to escalate the privileges of all orphan accounts via a forged request granted they can trick a site administrator into performing an action such as clicking on a link.

CVSS: HIGH (8.8)

EPSS Score: 0.05%

Source: CVE
November 27th, 2024 (5 months ago)