Threat and Vulnerability Intelligence Database
Example Searches:
CVE
Threat Actors
Countries
Vendors
Severity
Known Exploited
CVE-2024-41776 |
Description: IBM Cognos Controller 11.0.0 and 11.0.1
is vulnerable to cross-site request forgery which could allow an attacker to execute malicious and unauthorized actions transmitted from a user that the website trusts.
CVSS: MEDIUM (6.5) EPSS Score: 0.05%
December 4th, 2024 (5 months ago)
|
|
CVE-2024-41775 |
Description: IBM Cognos Controller 11.0.0 and 11.0.1 uses weaker than expected cryptographic algorithms that could allow an attacker to decrypt highly sensitive information.
CVSS: MEDIUM (5.9) EPSS Score: 0.09%
December 4th, 2024 (5 months ago)
|
|
CVE-2024-38496 |
Description: The vulnerability allows a malicious low-privileged PAM user to access information about other PAM users and their group memberships.
CVSS: MEDIUM (5.1) EPSS Score: 0.04%
December 4th, 2024 (5 months ago)
|
|
CVE-2024-38036 |
Description: There is a reflected XSS vulnerability in Esri Portal for ArcGIS versions 10.9.1, 10.8.1 and 10.7.1 which may allow a remote, unauthenticated attacker to create a crafted link which when clicked could potentially execute arbitrary JavaScript code in the victim’s browser.
CVSS: MEDIUM (5.4) EPSS Score: 0.05%
December 4th, 2024 (5 months ago)
|
|
CVE-2024-37303 |
Description: Synapse is an open-source Matrix homeserver. Synapse before version 1.106 allows, by design, unauthenticated remote participants to trigger a download and caching of remote media from a remote homeserver to the local media repository. Such content then also becomes available for download from the local homeserver in an unauthenticated way. The implication is that unauthenticated remote adversaries can use this functionality to plant problematic content into the media repository. Synapse 1.106 introduces a partial mitigation in the form of new endpoints which require authentication for media downloads. The unauthenticated endpoints will be frozen in a future release, closing the attack vector.
CVSS: MEDIUM (5.3) EPSS Score: 0.04%
December 4th, 2024 (5 months ago)
|
|
CVE-2024-25579 |
Description: OS command injection vulnerability in ELECOM wireless LAN routers allows a network-adjacent attacker with an administrative privilege to execute arbitrary OS commands by sending a specially crafted request to the product. Note that WMC-X1800GST-B is also included in e-Mesh Starter Kit "WMC-2LX-B".
CVSS: MEDIUM (6.8) EPSS Score: 0.04%
December 4th, 2024 (5 months ago)
|
|
CVE-2024-25036 |
Description: IBM Cognos Controller 11.0.0 and 11.0.1
could allow an authenticated user with local access to bypass security allowing users to circumvent restrictions imposed on input fields.
CVSS: MEDIUM (4.3) EPSS Score: 0.04%
December 4th, 2024 (5 months ago)
|
|
CVE-2024-25035 |
Description: IBM Cognos Controller 11.0.0 and 11.0.1
exposes server details that could allow an attacker to obtain information of the application environment to conduct further attacks.
CVSS: MEDIUM (5.3) EPSS Score: 0.05%
December 4th, 2024 (5 months ago)
|
|
CVE-2024-25020 |
Description: IBM Cognos Controller 11.0.0 and 11.0.1
is vulnerable to malicious file upload by allowing unrestricted filetype attachments in the Journal entry page. Attackers can make use of this weakness and upload malicious executable files into the system and can be sent to victims for performing further attacks.
CVSS: MEDIUM (5.5) EPSS Score: 0.09%
December 4th, 2024 (5 months ago)
|
|
CVE-2024-25019 |
Description: IBM Cognos Controller 11.0.0 and 11.0.1
could be vulnerable to malicious file upload by not validating the type of file uploaded to Journal entry attachments. Attackers can make use of this weakness and upload malicious executable files into the system that can be sent to victims for performing further attacks.
CVSS: MEDIUM (5.5) EPSS Score: 0.09%
December 4th, 2024 (5 months ago)
|