CyberAlerts is shutting down on June 30th, 2025. Thank you for your support!

Threat and Vulnerability Intelligence Database

RSS Feed

Example Searches:

CVE-2025-1882

Description: A vulnerability was found in i-Drive i11 and i12 up to 20250227. It has been rated as critical. Affected by this issue is some unknown functionality of the component Device Setting Handler. The manipulation leads to improper access control for register interface. The attack needs to be done within the local network. The complexity of an attack is rather high. The exploitation is known to be difficult. It was not possible to identify the current maintainer of the product. It must be assumed that the product is end-of-life. Eine kritische Schwachstelle wurde in i-Drive i11 and i12 bis 20250227 ausgemacht. Es geht hierbei um eine nicht näher spezifizierte Funktion der Komponente Device Setting Handler. Durch Manipulieren mit unbekannten Daten kann eine improper access control for register interface-Schwachstelle ausgenutzt werden. Der Angriff kann im lokalen Netzwerk angegangen werden. Die Komplexität eines Angriffs ist eher hoch. Sie ist schwierig ausnutzbar.

CVSS: LOW (2.3)

EPSS Score: 0.02%

Source: CVE
March 3rd, 2025 (4 months ago)

CVE-2024-55064

Description: Multiple cross-site scripting (XSS) vulnerabilities in EasyVirt DC NetScope <= 8.6.4 allow remote attackers to inject arbitrary JavaScript or HTML code via the (1) smtp_server, (2) smtp_account, (3) smtp_password, or (4) email_recipients parameter to /smtp/update; the (5) ntp or (6) dns parameter to /proxy/ntp/change; the (7) newVcenterAddress parameter to /process_new_vcenter.

EPSS Score: 0.03%

Source: CVE
March 3rd, 2025 (4 months ago)

CVE-2025-1881

Description: A vulnerability was found in i-Drive i11 and i12 up to 20250227. It has been declared as problematic. Affected by this vulnerability is an unknown functionality of the component Video Footage/Live Video Stream. The manipulation leads to improper access controls. The attack can be launched remotely. It was not possible to identify the current maintainer of the product. It must be assumed that the product is end-of-life. In i-Drive i11 and i12 bis 20250227 wurde eine problematische Schwachstelle ausgemacht. Es geht um eine nicht näher bekannte Funktion der Komponente Video Footage/Live Video Stream. Durch das Manipulieren mit unbekannten Daten kann eine improper access controls-Schwachstelle ausgenutzt werden. Der Angriff kann über das Netzwerk erfolgen.

CVSS: MEDIUM (5.3)

EPSS Score: 0.04%

Source: CVE
March 3rd, 2025 (4 months ago)

CVE-2025-1880

Description: A vulnerability was found in i-Drive i11 and i12 up to 20250227. It has been classified as problematic. Affected is an unknown function of the component Device Pairing. The manipulation leads to authentication bypass by primary weakness. It is possible to launch the attack on the physical device. The complexity of an attack is rather high. The exploitability is told to be difficult. It was not possible to identify the current maintainer of the product. It must be assumed that the product is end-of-life. Es wurde eine problematische Schwachstelle in i-Drive i11 and i12 bis 20250227 ausgemacht. Betroffen hiervon ist ein unbekannter Ablauf der Komponente Device Pairing. Mittels Manipulieren mit unbekannten Daten kann eine authentication bypass by primary weakness-Schwachstelle ausgenutzt werden. Ein Angriff setzt physischen Zugriff auf dem Zielobjekt voraus. Die Komplexität eines Angriffs ist eher hoch. Sie gilt als schwierig auszunutzen.

CVSS: LOW (1.0)

EPSS Score: 0.02%

SSVC Exploitation: none

Source: CVE
March 3rd, 2025 (4 months ago)

CVE-2025-1841

Description: A vulnerability classified as critical has been found in ESAFENET CDG 5.6.3.154.205. This affects an unknown part of the file /CDGServer3/logManagement/ClientSortLog.jsp. The manipulation of the argument startDate/endDate leads to sql injection. It is possible to initiate the attack remotely. The exploit has been disclosed to the public and may be used. Es wurde eine Schwachstelle in ESAFENET CDG 5.6.3.154.205 entdeckt. Sie wurde als kritisch eingestuft. Es geht dabei um eine nicht klar definierte Funktion der Datei /CDGServer3/logManagement/ClientSortLog.jsp. Durch das Manipulieren des Arguments startDate/endDate mit unbekannten Daten kann eine sql injection-Schwachstelle ausgenutzt werden. Der Angriff kann über das Netzwerk passieren. Der Exploit steht zur öffentlichen Verfügung.

CVSS: MEDIUM (6.9)

EPSS Score: 0.05%

SSVC Exploitation: poc

Source: CVE
March 3rd, 2025 (4 months ago)

CVE-2024-51966

Description: There is a path traversal vulnerability in ESRI ArcGIS Server versions 10.9.1 thru 11.3. Successful exploitation may allow a remote authenticated attacker with admin privileges to traverse the file system to access files outside of the intended directory. There is no impact to integrity or availability due to the nature of the files that can be accessed, but there is a potential high impact to confidentiality.

CVSS: MEDIUM (4.9)

EPSS Score: 0.05%

SSVC Exploitation: none

Source: CVE
March 3rd, 2025 (4 months ago)

CVE-2024-51963

Description: There is a stored Cross-site Scripting vulnerability in ArcGIS Server for versions 10.9.1 – 11.3 that may allow a remote, authenticated attacker to create a stored crafted link which when clicked could potentially execute arbitrary JavaScript code in the victim’s browser. The privileges required to execute this attack are high, requiring publisher capabilities. The impact is low to both confidentiality and integrity while having no impact to availability.

CVSS: MEDIUM (4.8)

EPSS Score: 0.03%

SSVC Exploitation: none

Source: CVE
March 3rd, 2025 (4 months ago)

CVE-2024-51962

Description: A SQL injection vulnerability in ArcGIS Server allows an EDIT operation to modify Column properties allowing for the execution of a SQL Injection by a remote authenticated user with elevated (non admin) privileges.  There is a high impact to integrity and confidentiality and no impact to availability.

CVSS: HIGH (8.7)

EPSS Score: 0.05%

SSVC Exploitation: none

Source: CVE
March 3rd, 2025 (4 months ago)

CVE-2024-51961

Description: There is a local file inclusion vulnerability in ArcGIS Server 10.9.1 thru 11.3 that may allow a remote, unauthenticated attacker to craft a URL that could potentially disclose sensitive configuration information by reading internal files from the remote server.  Due to the nature of the files accessible in this vulnerability the impact to confidentiality is High there is no impact to both integrity or availability.

CVSS: HIGH (7.5)

EPSS Score: 0.05%

SSVC Exploitation: none

Source: CVE
March 3rd, 2025 (4 months ago)

CVE-2024-51960

Description: There is a stored Cross-site Scripting vulnerability in ArcGIS Server for versions 10.9.1 – 11.3 that may allow a remote, authenticated attacker to create a stored crafted link which when clicked could potentially execute arbitrary JavaScript code in the victim’s browser. The privileges required to execute this attack are high, requiring publisher capabilities. The impact is low to both confidentiality and integrity while having no impact to availability.

CVSS: MEDIUM (4.8)

EPSS Score: 0.03%

SSVC Exploitation: none

Source: CVE
March 3rd, 2025 (4 months ago)