Threat and Vulnerability Intelligence Database
Example Searches:
CVE
Threat Actors
Countries
Vendors
Severity
Known Exploited
CVE-2024-46625 |
Description: An authenticated arbitrary file upload vulnerability in the /documentCache/upload endpoint of InfoDom Performa 365 v4.0.1 allows attackers to execute arbitrary code via uploading a crafted SVG file.
CVSS: LOW (0.0) EPSS Score: 0.04%
December 4th, 2024 (5 months ago)
|
|
CVE-2024-46624 |
Description: An issue in InfoDom Performa 365 v4.0.1 allows authenticated attackers to elevate their privileges to Administrator via a crafted payload sent to /api/users.
EPSS Score: 0.04%
December 4th, 2024 (5 months ago)
|
|
CVE-2024-45842 |
Description: Sharp and Toshiba Tec MFPs improperly process URI data in HTTP PUT requests resulting in a path Traversal vulnerability.
Unintended internal files may be retrieved when processing crafted HTTP requests.
CVSS: MEDIUM (5.3) EPSS Score: 0.05%
December 4th, 2024 (5 months ago)
|
|
CVE-2024-45757 |
Description: An issue was discovered in Centreon centreon-bam 24.04, 23.10, 23.04, and 22.10. SQL injection can occur in the user-settings form. Exploitation is only accessible to authenticated users with high-privileged access.
CVSS: LOW (0.0) EPSS Score: 0.04%
December 4th, 2024 (5 months ago)
|
|
CVE-2024-45676 |
Description: IBM Cognos Controller 11.0.0 and 11.0.1
could allow an authenticated user to upload insecure files, due to insufficient file type distinction.
CVSS: MEDIUM (4.3) EPSS Score: 0.05%
December 4th, 2024 (5 months ago)
|
|
CVE-2024-45106 |
Description: Improper authentication of an HTTP endpoint in the S3 Gateway of Apache Ozone 1.4.0 allows any authenticated Kerberos user to revoke and regenerate the S3 secrets of any other user. This is only possible if:
* ozone.s3g.secret.http.enabled is set to true. The default value of this configuration is false.
* The user configured in ozone.s3g.kerberos.principal is also configured in ozone.s3.administrators or ozone.administrators.
Users are recommended to upgrade to Apache Ozone version 1.4.1 which disables the affected endpoint.
EPSS Score: 0.04%
December 4th, 2024 (5 months ago)
|
|
CVE-2024-45068 |
Description: Authentication credentials leakage vulnerability in Hitachi Ops Center Common Services within Hitachi Ops Center OVA.
This issue affects Hitachi Ops Center Common Services: from 10.9.3-00 before 11.0.3-00; Hitachi Ops Center OVA: from 10.9.3-00 before 11.0.2-01.
CVSS: HIGH (7.1) EPSS Score: 0.04%
December 4th, 2024 (5 months ago)
|
|
CVE-2024-44759 |
Description: An arbitrary file download vulnerability in the component /Doc/DownloadFile of NUS-M9 ERP Management Software v3.0.0 allows attackers to download arbitrary files and access sensitive information via a crafted interface request.
CVSS: LOW (0.0) EPSS Score: 0.04%
December 4th, 2024 (5 months ago)
|
|
CVE-2024-42422 |
Description: Dell NetWorker, version(s) 19.10, contain(s) an Authorization Bypass Through User-Controlled Key vulnerability. An unauthenticated attacker with remote access could potentially exploit this vulnerability, leading to Information disclosure.
CVSS: HIGH (8.3) EPSS Score: 0.04%
December 4th, 2024 (5 months ago)
|
|
CVE-2024-41777 |
Description: IBM Cognos Controller 11.0.0 and 11.0.1
contains hard-coded credentials, such as a password or cryptographic key, which it uses for its own inbound authentication, outbound communication to external components, or encryption of internal data.
CVSS: HIGH (7.5) EPSS Score: 0.09%
December 4th, 2024 (5 months ago)
|