CyberAlerts

CVE-2024-39702

Description: In lj_str_hash.c in OpenResty 1.19.3.1 through 1.25.3.1, the string hashing function (used during string interning) allows HashDoS (Hash Denial of Service) attacks. An attacker could cause excessive resource usage during proxy operations via crafted requests, potentially leading to a denial of service with relatively few incoming requests. This vulnerability only exists in the OpenResty fork in the openresty/luajit2 GitHub repository. The LuaJIT/LuaJIT repository. is unaffected.

CVSS: LOW (0.0)

EPSS Score: 0.04%

Source: CVE

November 27th, 2024 (5 months ago)

CVE-2024-39607

Description: OS command injection vulnerability exists in ELECOM wireless LAN routers. A specially crafted request may be sent to the affected product by a logged-in user with an administrative privilege to execute an arbitrary OS command.

CVSS: MEDIUM (6.8)

EPSS Score: 0.04%

Source: CVE

November 27th, 2024 (5 months ago)

CVE-2024-39281

Unbounded allocation in ctl(4) CAM Target Layer

Description: The command ctl_persistent_reserve_out allows the caller to specify an arbitrary size which will be passed to the kernel's memory allocator.

CVSS: MEDIUM (5.3)

EPSS Score: 0.04%

Source: CVE

November 27th, 2024 (5 months ago)

CVE-2024-38834

Stored cross-site scripting vulnerability (CVE-2024-38834)

Description: VMware Aria Operations contains a stored cross-site scripting vulnerability. A malicious actor with editing access to cloud provider might be able to inject malicious script leading to stored cross-site scripting in the product VMware Aria Operations.

CVSS: MEDIUM (6.5)

EPSS Score: 0.04%

Source: CVE

November 27th, 2024 (5 months ago)

CVE-2024-38833

Stored cross-site scripting vulnerability (CVE-2024-38833)

Description: VMware Aria Operations contains a stored cross-site scripting vulnerability. A malicious actor with editing access to email templates might inject malicious script leading to stored cross-site scripting in the product VMware Aria Operations.

CVSS: MEDIUM (6.8)

EPSS Score: 0.04%

Source: CVE

November 27th, 2024 (5 months ago)

CVE-2024-38832

Stored cross-site scripting vulnerability (CVE-2024-38832)

Description: VMware Aria Operations contains a stored cross-site scripting vulnerability. A malicious actor with editing access to views may be able to inject malicious script leading to stored cross-site scripting in the product VMware Aria Operations.

CVSS: HIGH (7.1)

EPSS Score: 0.04%

Source: CVE

November 27th, 2024 (5 months ago)

CVE-2024-38831

Local privilege escalation vulnerability (CVE-2024-38831)

Description: VMware Aria Operations contains a local privilege escalation vulnerability.  A malicious actor with local administrative privileges can insert malicious commands into the properties file to escalate privileges to  a root user on the appliance running VMware Aria Operations.

CVSS: HIGH (7.8)

EPSS Score: 0.04%

Source: CVE

November 27th, 2024 (5 months ago)

CVE-2024-38830

Local privilege escalation vulnerability

Description: VMware Aria Operations contains a local privilege escalation vulnerability. A malicious actor with local administrative privileges may trigger this vulnerability to escalate privileges to root user on the appliance running VMware Aria Operations.

CVSS: HIGH (7.8)

EPSS Score: 0.04%

Source: CVE

November 27th, 2024 (5 months ago)

CVE-2024-38264

Microsoft Virtual Hard Disk (VHDX) Denial of Service Vulnerability

Description: Microsoft Virtual Hard Disk (VHDX) Denial of Service Vulnerability

CVSS: MEDIUM (5.9)

EPSS Score: 0.07%

Source: CVE

November 27th, 2024 (5 months ago)

CVE-2024-38255

SQL Server Native Client Remote Code Execution Vulnerability

Description: SQL Server Native Client Remote Code Execution Vulnerability

CVSS: HIGH (8.8)

EPSS Score: 0.15%

Source: CVE

November 27th, 2024 (5 months ago)

Threat and Vulnerability Intelligence Database

Example Searches: