Threat and Vulnerability Intelligence Database
Example Searches:
CVE
Threat Actors
Countries
Vendors
Severity
Known Exploited
CVE-2024-25579 |
Description: OS command injection vulnerability in ELECOM wireless LAN routers allows a network-adjacent attacker with an administrative privilege to execute arbitrary OS commands by sending a specially crafted request to the product. Note that WMC-X1800GST-B is also included in e-Mesh Starter Kit "WMC-2LX-B".
CVSS: MEDIUM (6.8) EPSS Score: 0.04%
December 4th, 2024 (5 months ago)
|
|
CVE-2024-25036 |
Description: IBM Cognos Controller 11.0.0 and 11.0.1
could allow an authenticated user with local access to bypass security allowing users to circumvent restrictions imposed on input fields.
CVSS: MEDIUM (4.3) EPSS Score: 0.04%
December 4th, 2024 (5 months ago)
|
|
CVE-2024-25035 |
Description: IBM Cognos Controller 11.0.0 and 11.0.1
exposes server details that could allow an attacker to obtain information of the application environment to conduct further attacks.
CVSS: MEDIUM (5.3) EPSS Score: 0.05%
December 4th, 2024 (5 months ago)
|
|
CVE-2024-25020 |
Description: IBM Cognos Controller 11.0.0 and 11.0.1
is vulnerable to malicious file upload by allowing unrestricted filetype attachments in the Journal entry page. Attackers can make use of this weakness and upload malicious executable files into the system and can be sent to victims for performing further attacks.
CVSS: MEDIUM (5.5) EPSS Score: 0.09%
December 4th, 2024 (5 months ago)
|
|
CVE-2024-25019 |
Description: IBM Cognos Controller 11.0.0 and 11.0.1
could be vulnerable to malicious file upload by not validating the type of file uploaded to Journal entry attachments. Attackers can make use of this weakness and upload malicious executable files into the system that can be sent to victims for performing further attacks.
CVSS: MEDIUM (5.5) EPSS Score: 0.09%
December 4th, 2024 (5 months ago)
|
|
CVE-2024-21065 |
Description: Vulnerability in the PeopleSoft Enterprise PeopleTools product of Oracle PeopleSoft (component: Workflow). Supported versions that are affected are 8.59, 8.60 and 8.61. Easily exploitable vulnerability allows unauthenticated attacker with network access via HTTP to compromise PeopleSoft Enterprise PeopleTools. Successful attacks require human interaction from a person other than the attacker and while the vulnerability is in PeopleSoft Enterprise PeopleTools, attacks may significantly impact additional products (scope change). Successful attacks of this vulnerability can result in unauthorized update, insert or delete access to some of PeopleSoft Enterprise PeopleTools accessible data as well as unauthorized read access to a subset of PeopleSoft Enterprise PeopleTools accessible data. CVSS 3.1 Base Score 6.1 (Confidentiality and Integrity impacts). CVSS Vector: (CVSS:3.1/AV:N/AC:L/PR:N/UI:R/S:C/C:L/I:L/A:N).
CVSS: MEDIUM (6.1) EPSS Score: 0.06%
December 4th, 2024 (5 months ago)
|
|
CVE-2024-21063 |
Description: Vulnerability in the PeopleSoft Enterprise HCM Benefits Administration product of Oracle PeopleSoft (component: Benefits Administration). The supported version that is affected is 9.2. Easily exploitable vulnerability allows low privileged attacker with logon to the infrastructure where PeopleSoft Enterprise HCM Benefits Administration executes to compromise PeopleSoft Enterprise HCM Benefits Administration. Successful attacks require human interaction from a person other than the attacker. Successful attacks of this vulnerability can result in unauthorized access to critical data or complete access to all PeopleSoft Enterprise HCM Benefits Administration accessible data as well as unauthorized update, insert or delete access to some of PeopleSoft Enterprise HCM Benefits Administration accessible data and unauthorized ability to cause a partial denial of service (partial DOS) of PeopleSoft Enterprise HCM Benefits Administration. CVSS 3.1 Base Score 6.1 (Confidentiality, Integrity and Availability impacts). CVSS Vector: (CVSS:3.1/AV:L/AC:L/PR:L/UI:R/S:U/C:H/I:L/A:L).
CVSS: MEDIUM (6.1) EPSS Score: 0.04%
December 4th, 2024 (5 months ago)
|
|
CVE-2024-21052 |
Description: Vulnerability in the MySQL Server product of Oracle MySQL (component: Server: DML). Supported versions that are affected are 8.0.34 and prior. Easily exploitable vulnerability allows high privileged attacker with network access via multiple protocols to compromise MySQL Server. Successful attacks of this vulnerability can result in unauthorized ability to cause a hang or frequently repeatable crash (complete DOS) of MySQL Server. CVSS 3.1 Base Score 4.9 (Availability impacts). CVSS Vector: (CVSS:3.1/AV:N/AC:L/PR:H/UI:N/S:U/C:N/I:N/A:H).
CVSS: MEDIUM (4.9) EPSS Score: 0.04%
December 4th, 2024 (5 months ago)
|
|
CVE-2024-21044 |
Description: Vulnerability in the Oracle Complex Maintenance, Repair, and Overhaul product of Oracle E-Business Suite (component: LOV). Supported versions that are affected are 12.2.3-12.2.13. Easily exploitable vulnerability allows unauthenticated attacker with network access via HTTP to compromise Oracle Complex Maintenance, Repair, and Overhaul. Successful attacks require human interaction from a person other than the attacker and while the vulnerability is in Oracle Complex Maintenance, Repair, and Overhaul, attacks may significantly impact additional products (scope change). Successful attacks of this vulnerability can result in unauthorized update, insert or delete access to some of Oracle Complex Maintenance, Repair, and Overhaul accessible data as well as unauthorized read access to a subset of Oracle Complex Maintenance, Repair, and Overhaul accessible data. CVSS 3.1 Base Score 6.1 (Confidentiality and Integrity impacts). CVSS Vector: (CVSS:3.1/AV:N/AC:L/PR:N/UI:R/S:C/C:L/I:L/A:N).
CVSS: MEDIUM (6.1) EPSS Score: 0.04%
December 4th, 2024 (5 months ago)
|
|
CVE-2024-21032 |
Description: Vulnerability in the Oracle Complex Maintenance, Repair, and Overhaul product of Oracle E-Business Suite (component: LOV). Supported versions that are affected are 12.2.3-12.2.13. Easily exploitable vulnerability allows unauthenticated attacker with network access via HTTP to compromise Oracle Complex Maintenance, Repair, and Overhaul. Successful attacks require human interaction from a person other than the attacker and while the vulnerability is in Oracle Complex Maintenance, Repair, and Overhaul, attacks may significantly impact additional products (scope change). Successful attacks of this vulnerability can result in unauthorized update, insert or delete access to some of Oracle Complex Maintenance, Repair, and Overhaul accessible data as well as unauthorized read access to a subset of Oracle Complex Maintenance, Repair, and Overhaul accessible data. CVSS 3.1 Base Score 6.1 (Confidentiality and Integrity impacts). CVSS Vector: (CVSS:3.1/AV:N/AC:L/PR:N/UI:R/S:C/C:L/I:L/A:N).
CVSS: MEDIUM (6.1) EPSS Score: 0.04%
December 4th, 2024 (5 months ago)
|