Threat and Vulnerability Intelligence Database
Example Searches:
CVE
Threat Actors
Countries
Vendors
Severity
Known Exploited
CVE-2024-36987 |
Description: In Splunk Enterprise versions below 9.2.2, 9.1.5, and 9.0.10 and Splunk Cloud Platform versions below 9.1.2312.200, an authenticated, low-privileged user who does not hold the admin or power Splunk roles could upload a file with an arbitrary extension using the indexing/preview REST endpoint.
CVSS: MEDIUM (4.3) EPSS Score: 0.05%
December 11th, 2024 (4 months ago)
|
|
CVE-2024-36986 |
Description: In Splunk Enterprise versions below 9.2.2, 9.1.5, and 9.0.10 and Splunk Cloud Platform versions below 9.1.2312.200 and 9.1.2308.207, an authenticated user could run risky commands using the permissions of a higher-privileged user to bypass SPL safeguards for risky commands in the Analytics Workspace. The vulnerability requires the authenticated user to phish the victim by tricking them into initiating a request within their browser. The authenticated user should not be able to exploit the vulnerability at will.
CVSS: MEDIUM (6.3) EPSS Score: 0.05%
December 11th, 2024 (4 months ago)
|
|
CVE-2024-35270 |
Description: Windows iSCSI Service Denial of Service Vulnerability
CVSS: MEDIUM (5.3) EPSS Score: 0.05%
December 11th, 2024 (4 months ago)
|
|
CVE-2024-34162 |
Description: The web interface of the affected devices is designed to hide the LDAP credentials even for administrative users. But configuring LDAP authentication to "SIMPLE", the device communicates with the LDAP server in clear-text. The LDAP password can be retrieved from this clear-text communication. As for the details of affected product names, model numbers, and versions, refer to the information provided by the respective vendors listed under [References].
CVSS: MEDIUM (5.3) EPSS Score: 0.04%
December 11th, 2024 (4 months ago)
|
|
CVE-2024-33616 |
Description: Admin authentication can be bypassed with some specific invalid credentials, which allows logging in with an administrative privilege. Sharp Corporation states the telnet feature is implemented on older models only, and is planning to provide the firmware update to remove the feature. As for the details of affected product names, model numbers, and versions, refer to the information provided by the respective vendors listed under [References].
CVSS: MEDIUM (5.3) EPSS Score: 0.04%
December 11th, 2024 (4 months ago)
|
|
CVE-2024-32732 |
Description: Under certain conditions SAP BusinessObjects Business Intelligence platform allows an attacker to access information which would otherwise be restricted.This has low impact on Confidentiality with no impact on Integrity and Availability of the application.
CVSS: MEDIUM (5.3) EPSS Score: 0.04%
December 11th, 2024 (4 months ago)
|
|
CVE-2024-30071 |
Description: Windows Remote Access Connection Manager Information Disclosure Vulnerability
CVSS: MEDIUM (4.7) EPSS Score: 0.05%
December 11th, 2024 (4 months ago)
|
|
CVE-2024-23677 |
Description: In Splunk Enterprise versions below 9.0.8, the Splunk RapidDiag utility discloses server responses from external applications in a log file.
CVSS: MEDIUM (4.3) EPSS Score: 0.06%
December 11th, 2024 (4 months ago)
|
|
CVE-2024-23676 |
Description: In Splunk versions below 9.0.8 and 9.1.3, the “mrollup” SPL command lets a low-privileged user view metrics on an index that they do not have permission to view. This vulnerability requires user interaction from a high-privileged user to exploit.
CVSS: MEDIUM (4.6) EPSS Score: 0.05%
December 11th, 2024 (4 months ago)
|
|
CVE-2024-23675 |
Description: In Splunk Enterprise versions below 9.0.8 and 9.1.3, Splunk app key value store (KV Store) improperly handles permissions for users that use the REST application programming interface (API). This can potentially result in the deletion of KV Store collections.
CVSS: MEDIUM (6.5) EPSS Score: 0.05%
December 11th, 2024 (4 months ago)
|