CyberAlerts

CVE-2024-30081

Windows NTLM Spoofing Vulnerability

Description: Windows NTLM Spoofing Vulnerability

CVSS: HIGH (7.1)

EPSS Score: 0.35%

Source: CVE

December 11th, 2024 (5 months ago)

CVE-2024-30079

Windows Remote Access Connection Manager Elevation of Privilege Vulnerability

Description: Windows Remote Access Connection Manager Elevation of Privilege Vulnerability

CVSS: HIGH (7.8)

EPSS Score: 0.05%

Source: CVE

December 11th, 2024 (5 months ago)

CVE-2024-30071

Windows Remote Access Connection Manager Information Disclosure Vulnerability

Description: Windows Remote Access Connection Manager Information Disclosure Vulnerability

CVSS: MEDIUM (4.7)

EPSS Score: 0.05%

Source: CVE

December 11th, 2024 (5 months ago)

CVE-2024-30061

Microsoft Dynamics 365 (On-Premises) Information Disclosure Vulnerability

Description: Microsoft Dynamics 365 (On-Premises) Information Disclosure Vulnerability

CVSS: HIGH (7.3)

EPSS Score: 0.05%

Source: CVE

December 11th, 2024 (5 months ago)

CVE-2024-29945

Splunk Authentication Token Exposure in Debug Log in Splunk Enterprise

Description: In Splunk Enterprise versions below 9.2.1, 9.1.4, and 9.0.9, the software potentially exposes authentication tokens during the token validation process. This exposure happens when either Splunk Enterprise runs in debug mode or the JsonWebToken component has been configured to log its activity at the DEBUG logging level.

CVSS: HIGH (7.2)

EPSS Score: 0.05%

Source: CVE

December 11th, 2024 (5 months ago)

CVE-2024-28928

SQL Server Native Client OLE DB Provider Remote Code Execution Vulnerability

Description: SQL Server Native Client OLE DB Provider Remote Code Execution Vulnerability

CVSS: HIGH (8.8)

EPSS Score: 0.05%

Source: CVE

December 11th, 2024 (5 months ago)

CVE-2024-28899

Secure Boot Security Feature Bypass Vulnerability

Description: Secure Boot Security Feature Bypass Vulnerability

CVSS: HIGH (8.8)

EPSS Score: 0.05%

Source: CVE

December 11th, 2024 (5 months ago)

CVE-2024-28166

Multiple Unrestricted File Upload vulnerabilities in SAP BusinessObjects Business Intelligence Platform

Description: SAP BusinessObjects Business Intelligence Platform allows an authenticated attacker to upload malicious code over the network, that could be executed by the application. On successful exploitation, the attacker can cause a low impact on the Integrity of the application.

CVSS: LOW (3.7)

EPSS Score: 0.05%

Source: CVE

December 11th, 2024 (5 months ago)

CVE-2024-28138

OS Command Injection

Description: An unauthenticated attacker with network access to the affected device's web interface can execute any system command via the "msg_events.php" script as the www-data user. The HTTP GET parameter "data" is not properly sanitized.

CVSS: LOW (0.0)

EPSS Score: 0.04%

Source: CVE

December 11th, 2024 (5 months ago)

CVE-2024-28038

The web interface of the affected devices processes a cookie value improperly, leading to a stack buffer overflow. More precisely, giving too long...

Description: The web interface of the affected devices processes a cookie value improperly, leading to a stack buffer overflow. More precisely, giving too long character string to MFPSESSIONID parameter results in a stack buffer overflow. As for the details of affected product names, model numbers, and versions, refer to the information provided by the respective vendors listed under [References].

CVSS: CRITICAL (9.0)

EPSS Score: 0.04%

Source: CVE

December 11th, 2024 (5 months ago)

Threat and Vulnerability Intelligence Database

Example Searches:

CVE-2024-30081	Windows NTLM Spoofing Vulnerability Description: Windows NTLM Spoofing Vulnerability CVSS: HIGH (7.1) EPSS Score: 0.35% Source: CVE December 11th, 2024 (5 months ago)
CVE-2024-30079	Windows Remote Access Connection Manager Elevation of Privilege Vulnerability Description: Windows Remote Access Connection Manager Elevation of Privilege Vulnerability CVSS: HIGH (7.8) EPSS Score: 0.05% Source: CVE December 11th, 2024 (5 months ago)
CVE-2024-30071	Windows Remote Access Connection Manager Information Disclosure Vulnerability Description: Windows Remote Access Connection Manager Information Disclosure Vulnerability CVSS: MEDIUM (4.7) EPSS Score: 0.05% Source: CVE December 11th, 2024 (5 months ago)
CVE-2024-30061	Microsoft Dynamics 365 (On-Premises) Information Disclosure Vulnerability Description: Microsoft Dynamics 365 (On-Premises) Information Disclosure Vulnerability CVSS: HIGH (7.3) EPSS Score: 0.05% Source: CVE December 11th, 2024 (5 months ago)
CVE-2024-29945	Splunk Authentication Token Exposure in Debug Log in Splunk Enterprise Description: In Splunk Enterprise versions below 9.2.1, 9.1.4, and 9.0.9, the software potentially exposes authentication tokens during the token validation process. This exposure happens when either Splunk Enterprise runs in debug mode or the JsonWebToken component has been configured to log its activity at the DEBUG logging level. CVSS: HIGH (7.2) EPSS Score: 0.05% Source: CVE December 11th, 2024 (5 months ago)
CVE-2024-28928	SQL Server Native Client OLE DB Provider Remote Code Execution Vulnerability Description: SQL Server Native Client OLE DB Provider Remote Code Execution Vulnerability CVSS: HIGH (8.8) EPSS Score: 0.05% Source: CVE December 11th, 2024 (5 months ago)
CVE-2024-28899	Secure Boot Security Feature Bypass Vulnerability Description: Secure Boot Security Feature Bypass Vulnerability CVSS: HIGH (8.8) EPSS Score: 0.05% Source: CVE December 11th, 2024 (5 months ago)
CVE-2024-28166	Multiple Unrestricted File Upload vulnerabilities in SAP BusinessObjects Business Intelligence Platform Description: SAP BusinessObjects Business Intelligence Platform allows an authenticated attacker to upload malicious code over the network, that could be executed by the application. On successful exploitation, the attacker can cause a low impact on the Integrity of the application. CVSS: LOW (3.7) EPSS Score: 0.05% Source: CVE December 11th, 2024 (5 months ago)
CVE-2024-28138	OS Command Injection Description: An unauthenticated attacker with network access to the affected device's web interface can execute any system command via the "msg_events.php" script as the www-data user. The HTTP GET parameter "data" is not properly sanitized. CVSS: LOW (0.0) EPSS Score: 0.04% Source: CVE December 11th, 2024 (5 months ago)
CVE-2024-28038	The web interface of the affected devices processes a cookie value improperly, leading to a stack buffer overflow. More precisely, giving too long... Description: The web interface of the affected devices processes a cookie value improperly, leading to a stack buffer overflow. More precisely, giving too long character string to MFPSESSIONID parameter results in a stack buffer overflow. As for the details of affected product names, model numbers, and versions, refer to the information provided by the respective vendors listed under [References]. CVSS: CRITICAL (9.0) EPSS Score: 0.04% Source: CVE December 11th, 2024 (5 months ago)