CyberAlerts is shutting down on June 30th, 2025. Thank you for your support!

Threat and Vulnerability Intelligence Database

Example Searches:

CVE-2024-38831	Local privilege escalation vulnerability (CVE-2024-38831) Description: VMware Aria Operations contains a local privilege escalation vulnerability.  A malicious actor with local administrative privileges can insert malicious commands into the properties file to escalate privileges to  a root user on the appliance running VMware Aria Operations. CVSS: HIGH (7.8) EPSS Score: 0.04% Source: CVE November 27th, 2024 (7 months ago)
CVE-2024-38830	Local privilege escalation vulnerability Description: VMware Aria Operations contains a local privilege escalation vulnerability. A malicious actor with local administrative privileges may trigger this vulnerability to escalate privileges to root user on the appliance running VMware Aria Operations. CVSS: HIGH (7.8) EPSS Score: 0.04% Source: CVE November 27th, 2024 (7 months ago)
CVE-2024-38264	Microsoft Virtual Hard Disk (VHDX) Denial of Service Vulnerability Description: Microsoft Virtual Hard Disk (VHDX) Denial of Service Vulnerability CVSS: MEDIUM (5.9) EPSS Score: 0.07% Source: CVE November 27th, 2024 (7 months ago)
CVE-2024-38255	SQL Server Native Client Remote Code Execution Vulnerability Description: SQL Server Native Client Remote Code Execution Vulnerability CVSS: HIGH (8.8) EPSS Score: 0.15% Source: CVE November 27th, 2024 (7 months ago)
CVE-2024-38203	Windows Package Library Manager Information Disclosure Vulnerability Description: Windows Package Library Manager Information Disclosure Vulnerability CVSS: MEDIUM (6.2) EPSS Score: 0.05% Source: CVE November 27th, 2024 (7 months ago)
CVE-2024-36463	Description: The implementation of atob in "Zabbix JS" allows to create a string with arbitrary content and use it to access internal properties of objects. CVSS: MEDIUM (6.5) EPSS Score: 0.04% Source: CVE November 27th, 2024 (7 months ago)
CVE-2024-36254	Description: Out-of-bounds read vulnerability exists in Sharp Corporation and Toshiba Tec Corporation multiple MFPs (multifunction printers), which may lead to a denial-of-service (DoS) condition. CVSS: HIGH (7.5) EPSS Score: 0.05% Source: CVE November 27th, 2024 (7 months ago)
CVE-2024-36251	Description: The web interface of the affected devices process some crafted HTTP requests improperly, leading to a device crash. More precisely, a crafted parameter to billcodedef_sub_sel.html is not processed properly and device-crash happens. As for the details of affected product names, model numbers, and versions, refer to the information provided by the respective vendors listed under [References]. CVSS: HIGH (7.5) EPSS Score: 0.04% Source: CVE November 27th, 2024 (7 months ago)
CVE-2024-36249	Description: Cross-site scripting vulnerability exists in Sharp Corporation and Toshiba Tech Corporation multiple MFPs (multifunction printers). If this vulnerability is exploited, an arbitrary script may be executed on the administrative page of the affected MFPs. As for the details of affected product names, model numbers, and versions, refer to the information provided by the respective vendors listed under [References]. CVSS: HIGH (7.4) EPSS Score: 0.05% Source: CVE November 27th, 2024 (7 months ago)
CVE-2024-35244	Description: There are several hidden accounts. Some of them are intended for maintenance engineers, and with the knowledge of their passwords (e.g., by examining the coredump), these accounts can be used to re-configure the device. As for the details of affected product names, model numbers, and versions, refer to the information provided by the respective vendors listed under [References]. CVSS: CRITICAL (9.1) EPSS Score: 0.04% Source: CVE November 27th, 2024 (7 months ago)