Threat and Vulnerability Intelligence Database
Example Searches:
CVE
Threat Actors
Countries
Vendors
Severity
Known Exploited
CVE-2023-1783 |
Description: OrangeScrum version 2.0.11 allows an external attacker to remotely obtain AWS instance credentials. This is possible because the application does not properly validate the HTML content to be converted to PDF.
CVSS: MEDIUM (6.5) EPSS Score: 0.11%
November 28th, 2024 (6 months ago)
|
|
CVE-2023-0003 |
Description: A file disclosure vulnerability in the Palo Alto Networks Cortex XSOAR server software enables an authenticated user with access to the web interface to read local files from the server.
CVSS: MEDIUM (6.5) EPSS Score: 0.12%
November 28th, 2024 (6 months ago)
|
|
CVE-2024-53426 |
|
|
CVE-2024-43451 |
Description: NTLM Hash Disclosure Spoofing Vulnerability
CVSS: MEDIUM (6.5) EPSS Score: 1.33%
November 27th, 2024 (6 months ago)
|
|
CVE-2024-43449 |
Description: Windows USB Video Class System Driver Elevation of Privilege Vulnerability
CVSS: MEDIUM (6.8) EPSS Score: 0.05%
November 27th, 2024 (6 months ago)
|
|
CVE-2024-42412 |
Description: Cross-site scripting vulnerability exists in ELECOM wireless access points due to improper processing of input values in menu.cgi. If a user views a malicious web page while logged in to the product, an arbitrary script may be executed on the user's web browser.
CVSS: MEDIUM (6.1) EPSS Score: 0.05%
November 27th, 2024 (6 months ago)
|
|
CVE-2024-34162 |
Description: The web interface of the affected devices is designed to hide the LDAP credentials even for administrative users. But configuring LDAP authentication to "SIMPLE", the device communicates with the LDAP server in clear-text. The LDAP password can be retrieved from this clear-text communication. As for the details of affected product names, model numbers, and versions, refer to the information provided by the respective vendors listed under [References].
CVSS: MEDIUM (5.3) EPSS Score: 0.04%
November 27th, 2024 (6 months ago)
|
|
CVE-2024-32151 |
Description: User passwords are decrypted and stored on memory before any user logged in. Those decrypted passwords can be retrieved from the coredump file. As for the details of affected product names, model numbers, and versions, refer to the information provided by the respective vendors listed under [References].
CVSS: MEDIUM (5.9) EPSS Score: 0.04%
November 27th, 2024 (6 months ago)
|
|
CVE-2024-29978 |
Description: User passwords are decrypted and stored on memory before any user logged in. Those decrypted passwords can be retrieved from the coredump file. As for the details of affected product names, model numbers, and versions, refer to the information provided by the respective vendors listed under [References].
CVSS: MEDIUM (5.9) EPSS Score: 0.04%
November 27th, 2024 (6 months ago)
|
|
CVE-2024-29146 |
Description: User passwords are decrypted and stored on memory before any user logged in. Those decrypted passwords can be retrieved from the coredump file. As for the details of affected product names, model numbers, and versions, refer to the information provided by the respective vendors listed under [References].
CVSS: MEDIUM (5.9) EPSS Score: 0.04%
November 27th, 2024 (6 months ago)
|