CyberAlerts

CVE-2024-38832

Stored cross-site scripting vulnerability (CVE-2024-38832)

Description: VMware Aria Operations contains a stored cross-site scripting vulnerability. A malicious actor with editing access to views may be able to inject malicious script leading to stored cross-site scripting in the product VMware Aria Operations.

CVSS: HIGH (7.1)

EPSS Score: 0.04%

Source: CVE

November 27th, 2024 (6 months ago)

CVE-2024-38831

Local privilege escalation vulnerability (CVE-2024-38831)

Description: VMware Aria Operations contains a local privilege escalation vulnerability.  A malicious actor with local administrative privileges can insert malicious commands into the properties file to escalate privileges to  a root user on the appliance running VMware Aria Operations.

CVSS: HIGH (7.8)

EPSS Score: 0.04%

Source: CVE

November 27th, 2024 (6 months ago)

CVE-2024-38830

Local privilege escalation vulnerability

Description: VMware Aria Operations contains a local privilege escalation vulnerability. A malicious actor with local administrative privileges may trigger this vulnerability to escalate privileges to root user on the appliance running VMware Aria Operations.

CVSS: HIGH (7.8)

EPSS Score: 0.04%

Source: CVE

November 27th, 2024 (6 months ago)

CVE-2024-38264

Microsoft Virtual Hard Disk (VHDX) Denial of Service Vulnerability

Description: Microsoft Virtual Hard Disk (VHDX) Denial of Service Vulnerability

CVSS: MEDIUM (5.9)

EPSS Score: 0.07%

Source: CVE

November 27th, 2024 (6 months ago)

CVE-2024-38255

SQL Server Native Client Remote Code Execution Vulnerability

Description: SQL Server Native Client Remote Code Execution Vulnerability

CVSS: HIGH (8.8)

EPSS Score: 0.15%

Source: CVE

November 27th, 2024 (6 months ago)

CVE-2024-38203

Windows Package Library Manager Information Disclosure Vulnerability

Description: Windows Package Library Manager Information Disclosure Vulnerability

CVSS: MEDIUM (6.2)

EPSS Score: 0.05%

Source: CVE

November 27th, 2024 (6 months ago)

CVE-2024-36463

Description: The implementation of atob in "Zabbix JS" allows to create a string with arbitrary content and use it to access internal properties of objects.

CVSS: MEDIUM (6.5)

EPSS Score: 0.04%

Source: CVE

November 27th, 2024 (6 months ago)

CVE-2024-36254

Description: Out-of-bounds read vulnerability exists in Sharp Corporation and Toshiba Tec Corporation multiple MFPs (multifunction printers), which may lead to a denial-of-service (DoS) condition.

CVSS: HIGH (7.5)

EPSS Score: 0.05%

Source: CVE

November 27th, 2024 (6 months ago)

CVE-2024-36251

Description: The web interface of the affected devices process some crafted HTTP requests improperly, leading to a device crash. More precisely, a crafted parameter to billcodedef_sub_sel.html is not processed properly and device-crash happens. As for the details of affected product names, model numbers, and versions, refer to the information provided by the respective vendors listed under [References].

CVSS: HIGH (7.5)

EPSS Score: 0.04%

Source: CVE

November 27th, 2024 (6 months ago)

CVE-2024-36249

Description: Cross-site scripting vulnerability exists in Sharp Corporation and Toshiba Tech Corporation multiple MFPs (multifunction printers). If this vulnerability is exploited, an arbitrary script may be executed on the administrative page of the affected MFPs. As for the details of affected product names, model numbers, and versions, refer to the information provided by the respective vendors listed under [References].

CVSS: HIGH (7.4)

EPSS Score: 0.05%

Source: CVE

November 27th, 2024 (6 months ago)

Threat and Vulnerability Intelligence Database

Example Searches: