CyberAlerts

CVE-2024-51766

HPE NonStop DISK UTIL, Local Denial of Service vulnerability

Description: A potential security vulnerability has been identified in the HPE NonStop DISK UTIL (T9208) product. This vulnerability could be exploited to cause a denial of service (DoS) to NonStop server. It exists in all prior DISK UTIL product versions of L-series and J-series.

CVSS: MEDIUM (6.5)

EPSS Score: 0.04%

Source: CVE

November 27th, 2024 (5 months ago)

CVE-2024-51566

bhyve(8) NVMe driver to guest-induced infinite loops.

Description: The NVMe driver queue processing is vulernable to guest-induced infinite loops.

CVSS: MEDIUM (6.5)

EPSS Score: 0.04%

Source: CVE

November 27th, 2024 (5 months ago)

CVE-2024-51565

bhyve(8) hda driver buffer over-read

Description: The hda driver is vulnerable to a buffer over-read from a guest-controlled value.

CVSS: MEDIUM (6.5)

EPSS Score: 0.04%

Source: CVE

November 27th, 2024 (5 months ago)

CVE-2024-51563

bhyve(8) virtio_vq_recordon time-of-check to time-of-use race

Description: The virtio_vq_recordon function is subject to a time-of-check to time-of-use (TOCTOU) race condition.

CVSS: MEDIUM (6.5)

EPSS Score: 0.04%

Source: CVE

November 27th, 2024 (5 months ago)

CVE-2024-51562

bhyve(8) nvme_opc_get_log_page buffer over-read

Description: The NVMe driver function nvme_opc_get_log_page is vulnerable to a buffer over-read from a guest-controlled value.

CVSS: MEDIUM (6.5)

EPSS Score: 0.04%

Source: CVE

November 27th, 2024 (5 months ago)

CVE-2024-51072

Description: An issue in KIA Seltos vehicle instrument cluster with software and hardware v1.0 allows attackers to cause a Denial of Service (DoS) via ECU reset UDS service.

CVSS: MEDIUM (5.3)

EPSS Score: 0.05%

Source: CVE

November 27th, 2024 (5 months ago)

CVE-2024-51058

Description: Local File Inclusion (LFI) vulnerability has been discovered in TCPDF 6.7.5. This vulnerability enables a user to read arbitrary files from the server's file system through src tag, potentially exposing sensitive information.

CVSS: MEDIUM (6.2)

EPSS Score: 0.05%

Source: CVE

November 27th, 2024 (5 months ago)

CVE-2024-50377

Description: A CWE-798 "Use of Hard-coded Credentials" was discovered affecting the following devices manufactured by Advantech: EKI-6333AC-2G (<= 1.6.3), EKI-6333AC-2GD (<= v1.6.3) and EKI-6333AC-1GPO (<= v1.2.1). The vulnerability is associated to the backup configuration functionality that by default encrypts the archives using a static password.

CVSS: MEDIUM (6.5)

EPSS Score: 0.04%

Source: CVE

November 27th, 2024 (5 months ago)

CVE-2024-49596

Description: Dell Wyse Management Suite, version WMS 4.4 and prior, contain a Missing Authorization vulnerability. A high privileged attacker with remote access could potentially exploit this vulnerability, leading to Denial of service and arbitrary file deletion

CVSS: MEDIUM (5.9)

EPSS Score: 0.04%

Source: CVE

November 27th, 2024 (5 months ago)

CVE-2024-49351

IBM Workload Scheduler information disclosure

Description: IBM Workload Scheduler 9.5, 10.1, and 10.2 stores user credentials in plain text which can be read by a local user.

CVSS: MEDIUM (5.5)

EPSS Score: 0.04%

Source: CVE

November 27th, 2024 (5 months ago)

Threat and Vulnerability Intelligence Database

Example Searches: