CyberAlerts

CVE-2024-38834

Stored cross-site scripting vulnerability (CVE-2024-38834)

Description: VMware Aria Operations contains a stored cross-site scripting vulnerability. A malicious actor with editing access to cloud provider might be able to inject malicious script leading to stored cross-site scripting in the product VMware Aria Operations.

CVSS: MEDIUM (6.5)

EPSS Score: 0.04%

Source: CVE

November 27th, 2024 (5 months ago)

CVE-2024-38833

Stored cross-site scripting vulnerability (CVE-2024-38833)

Description: VMware Aria Operations contains a stored cross-site scripting vulnerability. A malicious actor with editing access to email templates might inject malicious script leading to stored cross-site scripting in the product VMware Aria Operations.

CVSS: MEDIUM (6.8)

EPSS Score: 0.04%

Source: CVE

November 27th, 2024 (5 months ago)

CVE-2024-38832

Stored cross-site scripting vulnerability (CVE-2024-38832)

Description: VMware Aria Operations contains a stored cross-site scripting vulnerability. A malicious actor with editing access to views may be able to inject malicious script leading to stored cross-site scripting in the product VMware Aria Operations.

CVSS: HIGH (7.1)

EPSS Score: 0.04%

Source: CVE

November 27th, 2024 (5 months ago)

CVE-2024-38831

Local privilege escalation vulnerability (CVE-2024-38831)

Description: VMware Aria Operations contains a local privilege escalation vulnerability.  A malicious actor with local administrative privileges can insert malicious commands into the properties file to escalate privileges to  a root user on the appliance running VMware Aria Operations.

CVSS: HIGH (7.8)

EPSS Score: 0.04%

Source: CVE

November 27th, 2024 (5 months ago)

CVE-2024-38830

Local privilege escalation vulnerability

Description: VMware Aria Operations contains a local privilege escalation vulnerability. A malicious actor with local administrative privileges may trigger this vulnerability to escalate privileges to root user on the appliance running VMware Aria Operations.

CVSS: HIGH (7.8)

EPSS Score: 0.04%

Source: CVE

November 27th, 2024 (5 months ago)

CVE-2024-38264

Microsoft Virtual Hard Disk (VHDX) Denial of Service Vulnerability

Description: Microsoft Virtual Hard Disk (VHDX) Denial of Service Vulnerability

CVSS: MEDIUM (5.9)

EPSS Score: 0.07%

Source: CVE

November 27th, 2024 (5 months ago)

CVE-2024-38255

SQL Server Native Client Remote Code Execution Vulnerability

Description: SQL Server Native Client Remote Code Execution Vulnerability

CVSS: HIGH (8.8)

EPSS Score: 0.15%

Source: CVE

November 27th, 2024 (5 months ago)

CVE-2024-38203

Windows Package Library Manager Information Disclosure Vulnerability

Description: Windows Package Library Manager Information Disclosure Vulnerability

CVSS: MEDIUM (6.2)

EPSS Score: 0.05%

Source: CVE

November 27th, 2024 (5 months ago)

CVE-2024-36463

Description: The implementation of atob in "Zabbix JS" allows to create a string with arbitrary content and use it to access internal properties of objects.

CVSS: MEDIUM (6.5)

EPSS Score: 0.04%

Source: CVE

November 27th, 2024 (5 months ago)

CVE-2024-36254

Description: Out-of-bounds read vulnerability exists in Sharp Corporation and Toshiba Tec Corporation multiple MFPs (multifunction printers), which may lead to a denial-of-service (DoS) condition.

CVSS: HIGH (7.5)

EPSS Score: 0.05%

Source: CVE

November 27th, 2024 (5 months ago)

Threat and Vulnerability Intelligence Database

Example Searches: