CyberAlerts

CVE-2024-50054

Description: The back-end does not sufficiently verify the user-controlled filename parameter which makes it possible for an attacker to perform a path traversal attack and retrieve arbitrary files from the file system.

CVSS: HIGH (7.5)

EPSS Score: 0.04%

Source: CVE

November 27th, 2024 (6 months ago)

CVE-2024-49597

Description: Dell Wyse Management Suite, versions WMS 4.4 and prior, contain an Improper Restriction of Excessive Authentication Attempts vulnerability. A high privileged attacker with remote access could potentially exploit this vulnerability, leading to Protection mechanism bypass.

CVSS: HIGH (7.6)

EPSS Score: 0.04%

Source: CVE

November 27th, 2024 (6 months ago)

CVE-2024-49596

Description: Dell Wyse Management Suite, version WMS 4.4 and prior, contain a Missing Authorization vulnerability. A high privileged attacker with remote access could potentially exploit this vulnerability, leading to Denial of service and arbitrary file deletion

CVSS: MEDIUM (5.9)

EPSS Score: 0.04%

Source: CVE

November 27th, 2024 (6 months ago)

CVE-2024-49595

Description: Dell Wyse Management Suite, version WMS 4.4 and before, contain an Authentication Bypass by Capture-replay vulnerability. A high privileged attacker with remote access could potentially exploit this vulnerability, leading to Denial of service.

CVSS: HIGH (7.6)

EPSS Score: 0.04%

Source: CVE

November 27th, 2024 (6 months ago)

CVE-2024-49574

SQL Injection

Description: Zohocorp ManageEngine ADAudit Plus versions below 8123 are vulnerable to SQL Injection in the reports module.

CVSS: HIGH (8.3)

EPSS Score: 0.39%

Source: CVE

November 27th, 2024 (6 months ago)

CVE-2024-49353

IBM Watson Speech Services Cartridge for IBM Cloud Pak for Data denial of service

Description: IBM Watson Speech Services Cartridge for IBM Cloud Pak for Data 4.0.0 through 5.0.2 does not properly check inputs to resources that are used concurrently, which might lead to unexpected states, possibly resulting in a crash.

CVSS: HIGH (7.5)

EPSS Score: 0.04%

Source: CVE

November 27th, 2024 (6 months ago)

CVE-2024-49351

IBM Workload Scheduler information disclosure

Description: IBM Workload Scheduler 9.5, 10.1, and 10.2 stores user credentials in plain text which can be read by a local user.

CVSS: MEDIUM (5.5)

EPSS Score: 0.04%

Source: CVE

November 27th, 2024 (6 months ago)

CVE-2024-49060

Azure Stack HCI Elevation of Privilege Vulnerability

Description: Azure Stack HCI Elevation of Privilege Vulnerability

CVSS: HIGH (8.8)

EPSS Score: 0.05%

Source: CVE

November 27th, 2024 (6 months ago)

CVE-2024-49056

Airlift.microsoft.com Elevation of Privilege Vulnerability

Description: Authentication bypass by assumed-immutable data on airlift.microsoft.com allows an authorized attacker to elevate privileges over a network.

CVSS: HIGH (7.3)

EPSS Score: 0.07%

Source: CVE

November 27th, 2024 (6 months ago)

CVE-2024-49054

Microsoft Edge (Chromium-based) Spoofing Vulnerability

Description: Microsoft Edge (Chromium-based) Spoofing Vulnerability

CVSS: MEDIUM (4.3)

EPSS Score: 0.05%

Source: CVE

November 27th, 2024 (6 months ago)

Threat and Vulnerability Intelligence Database

Example Searches:

CVE-2024-50054	mySCADA myPRO Path Traversal Description: The back-end does not sufficiently verify the user-controlled filename parameter which makes it possible for an attacker to perform a path traversal attack and retrieve arbitrary files from the file system. CVSS: HIGH (7.5) EPSS Score: 0.04% Source: CVE November 27th, 2024 (6 months ago)
CVE-2024-49597	Description: Dell Wyse Management Suite, versions WMS 4.4 and prior, contain an Improper Restriction of Excessive Authentication Attempts vulnerability. A high privileged attacker with remote access could potentially exploit this vulnerability, leading to Protection mechanism bypass. CVSS: HIGH (7.6) EPSS Score: 0.04% Source: CVE November 27th, 2024 (6 months ago)
CVE-2024-49596	Description: Dell Wyse Management Suite, version WMS 4.4 and prior, contain a Missing Authorization vulnerability. A high privileged attacker with remote access could potentially exploit this vulnerability, leading to Denial of service and arbitrary file deletion CVSS: MEDIUM (5.9) EPSS Score: 0.04% Source: CVE November 27th, 2024 (6 months ago)
CVE-2024-49595	Description: Dell Wyse Management Suite, version WMS 4.4 and before, contain an Authentication Bypass by Capture-replay vulnerability. A high privileged attacker with remote access could potentially exploit this vulnerability, leading to Denial of service. CVSS: HIGH (7.6) EPSS Score: 0.04% Source: CVE November 27th, 2024 (6 months ago)
CVE-2024-49574	SQL Injection Description: Zohocorp ManageEngine ADAudit Plus versions below 8123 are vulnerable to SQL Injection in the reports module. CVSS: HIGH (8.3) EPSS Score: 0.39% Source: CVE November 27th, 2024 (6 months ago)
CVE-2024-49353	IBM Watson Speech Services Cartridge for IBM Cloud Pak for Data denial of service Description: IBM Watson Speech Services Cartridge for IBM Cloud Pak for Data 4.0.0 through 5.0.2 does not properly check inputs to resources that are used concurrently, which might lead to unexpected states, possibly resulting in a crash. CVSS: HIGH (7.5) EPSS Score: 0.04% Source: CVE November 27th, 2024 (6 months ago)
CVE-2024-49351	IBM Workload Scheduler information disclosure Description: IBM Workload Scheduler 9.5, 10.1, and 10.2 stores user credentials in plain text which can be read by a local user. CVSS: MEDIUM (5.5) EPSS Score: 0.04% Source: CVE November 27th, 2024 (6 months ago)
CVE-2024-49060	Azure Stack HCI Elevation of Privilege Vulnerability Description: Azure Stack HCI Elevation of Privilege Vulnerability CVSS: HIGH (8.8) EPSS Score: 0.05% Source: CVE November 27th, 2024 (6 months ago)
CVE-2024-49056	Airlift.microsoft.com Elevation of Privilege Vulnerability Description: Authentication bypass by assumed-immutable data on airlift.microsoft.com allows an authorized attacker to elevate privileges over a network. CVSS: HIGH (7.3) EPSS Score: 0.07% Source: CVE November 27th, 2024 (6 months ago)
CVE-2024-49054	Microsoft Edge (Chromium-based) Spoofing Vulnerability Description: Microsoft Edge (Chromium-based) Spoofing Vulnerability CVSS: MEDIUM (4.3) EPSS Score: 0.05% Source: CVE November 27th, 2024 (6 months ago)