Threat and Vulnerability Intelligence Database
Example Searches:
CVE
Threat Actors
Countries
Vendors
Severity
Known Exploited
CVE-2024-5011 |
Description: In WhatsUp Gold versions released before 2023.1.3, an uncontrolled resource consumption vulnerability exists. A specially crafted unauthenticated HTTP request to the TestController Chart functionality can lead to denial of service.
CVSS: HIGH (7.5) EPSS Score: 0.05%
December 3rd, 2024 (5 months ago)
|
|
CVE-2024-5010 |
Description: In WhatsUp Gold versions released before 2023.1.3, a vulnerability exists in the TestController functionality. A specially crafted
unauthenticated
HTTP request can lead to a disclosure of sensitive information.
CVSS: HIGH (7.5) EPSS Score: 0.06%
December 3rd, 2024 (5 months ago)
|
|
CVE-2024-49974 |
Description: In the Linux kernel, the following vulnerability has been resolved:
NFSD: Limit the number of concurrent async COPY operations
Nothing appears to limit the number of concurrent async COPY
operations that clients can start. In addition, AFAICT each async
COPY can copy an unlimited number of 4MB chunks, so can run for a
long time. Thus IMO async COPY can become a DoS vector.
Add a restriction mechanism that bounds the number of concurrent
background COPY operations. Start simple and try to be fair -- this
patch implements a per-namespace limit.
An async COPY request that occurs while this limit is exceeded gets
NFS4ERR_DELAY. The requesting client can choose to send the request
again after a delay or fall back to a traditional read/write style
copy.
If there is need to make the mechanism more sophisticated, we can
visit that in future patches.
CVSS: LOW (0.0) EPSS Score: 0.04%
December 3rd, 2024 (5 months ago)
|
|
CVE-2024-49763 |
Description: PlexRipper is a cross-platform media downloader for Plex. PlexRipper’s open CORS policy allows attackers to gain sensitive information from PlexRipper by getting the user to access the attacker’s domain. This allows an attacking website to access the /api/PlexAccount endpoint and steal the user’s Plex login. This vulnerability is fixed in 0.24.0.
CVSS: HIGH (8.7) EPSS Score: 0.04%
December 3rd, 2024 (5 months ago)
|
|
CVE-2024-49581 |
Description: Restricted Views backed objects (OSV1) could be bypassed under specific circumstances due to a software bug, this could have allowed users that didn't have permission to see such objects to view them via Object Explorer directly. This software bug did not impact or otherwise make data available across organizational boundaries nor did it allow for data to be viewed or accessed by unauthenticated users.
The affected service have been patched and automatically deployed to all Apollo-managed Foundry instances.
CVSS: MEDIUM (6.5) EPSS Score: 0.04%
December 3rd, 2024 (5 months ago)
|
|
CVE-2024-49360 |
Description: Sandboxie is a sandbox-based isolation software for 32-bit and 64-bit Windows NT-based operating systems. An authenticated user (**UserA**) with no privileges is authorized to read all files created in sandbox belonging to other users in the sandbox folders `C:\Sandbox\UserB\xxx`. An authenticated attacker who can use `explorer.exe` or `cmd.exe` outside any sandbox can read other users' files in `C:\Sandbox\xxx`. By default in Windows 7+, the `C:\Users\UserA` folder is not readable by **UserB**.
All files edited or created during the sandbox processing are affected by the vulnerability. All files in C:\Users are safe. If `UserB` runs a cmd in a sandbox, he will be able to access `C:\Sandox\UserA`. In addition, if **UserB** create a folder `C:\Sandbox\UserA` with malicious ACLs, when **UserA** will user the sandbox, Sandboxie doesn't reset ACLs ! This issue has not yet been fixed. Users are advised to limit access to their systems using Sandboxie.
CVSS: CRITICAL (9.2) EPSS Score: 0.04%
December 3rd, 2024 (5 months ago)
|
|
CVE-2024-46909 |
Description: In WhatsUp Gold versions released before 2024.0.1, a remote unauthenticated attacker could leverage this vulnerability to execute code in the context of the service account.
CVSS: CRITICAL (9.8) EPSS Score: 0.07%
December 3rd, 2024 (5 months ago)
|
|
CVE-2024-46908 |
Description: In WhatsUp Gold versions released before 2024.0.1, a SQL Injection vulnerability allows an authenticated low-privileged user (at least Report Viewer permissions required)
to achieve privilege escalation to the admin account.
CVSS: HIGH (8.8) EPSS Score: 0.06%
December 3rd, 2024 (5 months ago)
|
|
CVE-2024-46907 |
Description: In WhatsUp Gold versions released before 2024.0.1, a SQL Injection vulnerability allows an authenticated low-privileged user (at least Report Viewer permissions required) to achieve privilege escalation to the admin account.
CVSS: HIGH (8.8) EPSS Score: 0.06%
December 3rd, 2024 (5 months ago)
|
|
CVE-2024-46906 |
Description: In WhatsUp Gold versions released before 2024.0.1, a SQL Injection vulnerability allows an authenticated low-privileged user (at least Report Viewer permissions required) to achieve privilege escalation to the admin account.
CVSS: HIGH (8.8) EPSS Score: 0.06%
December 3rd, 2024 (5 months ago)
|