CyberAlerts is shutting down on June 30th, 2025. Thank you for your support!
Threat and Vulnerability Intelligence Database
Example Searches:
CVE
Threat Actors
Countries
Vendors
Severity
Known Exploited
CVE-2024-5462 |
Description: If Brocade Fabric OS before Fabric OS 9.2.0 configuration settings are not set to encrypt SNMP passwords, then the SNMP privsecret / authsecret fields can be exposed in plaintext. The plaintext passwords can be exposed in a configupload capture or a supportsave capture if encryption of passwords is not enabled. An attacker can use these passwords to fetch values of the supported OIDs via SNMPv3 queries. There are also a limited number of MIB objects that can be modified.
CVSS: MEDIUM (5.3) EPSS Score: 0.04%
February 15th, 2025 (5 months ago)
|
|
CVE-2024-52895 |
Description: IBM i 7.4 and 7.5 is vulnerable to a database access denial of service caused by a bypass of a database capabilities restriction check. A privileged bad actor can remove or otherwise impact database infrastructure files resulting in incorrect behavior of software products that rely upon the database.
CVSS: MEDIUM (6.5) EPSS Score: 0.04%
February 15th, 2025 (5 months ago)
|
|
CVE-2024-52577 |
Description: In Apache Ignite versions from 2.6.0 and before 2.17.0, configured Class Serialization Filters are ignored for some Ignite endpoints. The vulnerability could be exploited if an attacker manually crafts an Ignite message containing a vulnerable object whose class is present in the Ignite server classpath and sends it to Ignite server endpoints. Deserialization of such a message by the Ignite server may result in the execution of arbitrary code on the Apache Ignite server side.
CVSS: CRITICAL (9.5) EPSS Score: 0.04%
February 15th, 2025 (5 months ago)
|
|
CVE-2024-52500 |
Description: Missing Authorization vulnerability in monetagwp Monetag Official Plugin allows Exploiting Incorrectly Configured Access Control Security Levels. This issue affects Monetag Official Plugin: from n/a through 1.1.3.
CVSS: HIGH (7.2) EPSS Score: 0.04%
February 15th, 2025 (5 months ago)
|
|
CVE-2024-4282 |
Description: Brocade SANnav OVA before SANnav 2.3.1b enables SHA1 deprecated setting for SSH for port 22.
CVSS: HIGH (8.2) EPSS Score: 0.04%
February 15th, 2025 (5 months ago)
|
|
CVE-2024-3220 |
Description: There is a defect in the CPython standard library module “mimetypes” where on Windows the default list of known file locations are writable meaning other users can create invalid files to cause MemoryError to be raised on Python runtime startup or have file extensions be interpreted as the incorrect file type.
This defect is caused by the default locations of Linux and macOS platforms (such as “/etc/mime.types”) also being used on Windows, where they are user-writable locations (“C:\etc\mime.types”).
To work-around this issue a user can call mimetypes.init() with an empty list (“[]”) on Windows platforms to avoid using the default list of known file locations.
CVSS: LOW (2.3) EPSS Score: 0.04%
February 15th, 2025 (5 months ago)
|
|
CVE-2024-31144 |
Description: For a brief summary of Xapi terminology, see:
https://xapi-project.github.io/xen-api/overview.html#object-model-overview
Xapi contains functionality to backup and restore metadata about Virtual
Machines and Storage Repositories (SRs).
The metadata itself is stored in a Virtual Disk Image (VDI) inside an
SR. This is used for two purposes; a general backup of metadata
(e.g. to recover from a host failure if the filer is still good), and
Portable SRs (e.g. using an external hard drive to move VMs to another
host).
Metadata is only restored as an explicit administrator action, but
occurs in cases where the host has no information about the SR, and must
locate the metadata VDI in order to retrieve the metadata.
The metadata VDI is located by searching (in UUID alphanumeric order)
each VDI, mounting it, and seeing if there is a suitable metadata file
present. The first matching VDI is deemed to be the metadata VDI, and
is restored from.
In the general case, the content of VDIs are controlled by the VM owner,
and should not be trusted by the host administrator.
A malicious guest can manipulate its disk to appear to be a metadata
backup.
A guest cannot choose the UUIDs of its VDIs, but a guest with one disk
has a 50% chance of sorting ahead of the legitimate metadata backup. A
guest with two disks has a 75% chance, etc.
EPSS Score: 0.04%
February 15th, 2025 (5 months ago)
|
|
CVE-2024-2240 |
Description: Docker daemon in Brocade SANnav before SANnav 2.3.1b runs without auditing. The vulnerability could allow a remote authenticated attacker to execute various attacks.
CVSS: HIGH (8.6) EPSS Score: 0.04%
February 15th, 2025 (5 months ago)
|
|
CVE-2024-13791 |
Description: Bit Assist plugin for WordPress is vulnerable to Path Traversal in all versions up to, and including, 1.5.2 via the downloadResponseFile() function. This makes it possible for authenticated attackers, with Administrator-level access and above, to read the contents of arbitrary files on the server, which can contain sensitive information.
CVSS: MEDIUM (4.9) EPSS Score: 0.06%
February 15th, 2025 (5 months ago)
|
|
CVE-2024-13735 |
Description: The HurryTimer – An Scarcity and Urgency Countdown Timer for WordPress & WooCommerce plugin for WordPress is vulnerable to Stored Cross-Site Scripting in all versions up to, and including, 2.11.2 due to insufficient input sanitization and output escaping of a campaign name. This makes it possible for authenticated attackers, with Contributor-level access and above, to inject arbitrary web scripts in pages that will execute whenever a user accesses an injected page.
CVSS: MEDIUM (6.4) EPSS Score: 0.05%
February 15th, 2025 (5 months ago)
|