Search Results (363531 CVEs found)

CVE Vendors Products Updated CVSS v3.1
CVE-2024-29068 1 Canonical 1 Snapd 2024-11-21 5.8 Medium
In snapd versions prior to 2.62, snapd failed to properly check the file type when extracting a snap. The snap format is a squashfs file-system image and so can contain files that are non-regular files (such as pipes or sockets etc). Various file entries within the snap squashfs image (such as icons etc) are directly read by snapd when it is extracted. An attacker who could convince a user to install a malicious snap which contained non-regular files at these paths could then cause snapd to block indefinitely trying to read from such files and cause a denial of service.
CVE-2024-29004 1 Solarwinds 1 Solarwinds Platform 2024-11-21 7.1 High
The SolarWinds Platform was determined to be affected by a stored cross-site scripting vulnerability affecting the web console. A high-privileged user and user interaction is required to exploit this vulnerability.
CVE-2024-28999 1 Solarwinds 1 Solarwinds Platform 2024-11-21 6.4 Medium
The SolarWinds Platform was determined to be affected by a Race Condition Vulnerability affecting the web console.
CVE-2024-28996 1 Solarwinds 1 Solarwinds Platform 2024-11-21 7.5 High
The SolarWinds Platform was determined to be affected by a SWQL Injection Vulnerability. Attack complexity is high for this vulnerability.  
CVE-2024-28993 1 Solarwinds 1 Access Rights Manager 2024-11-21 7.6 High
The SolarWinds Access Rights Manager was susceptible to a Directory Traversal and Information Disclosure Vulnerability. This vulnerability allows an unauthenticated user to perform arbitrary file deletion and leak sensitive information.
CVE-2024-28992 1 Solarwinds 1 Access Rights Manager 2024-11-21 7.6 High
The SolarWinds Access Rights Manager was susceptible to a Directory Traversal and Information Disclosure Vulnerability. This vulnerability allows an unauthenticated user to perform arbitrary file deletion and leak sensitive information.
CVE-2024-28984 1 Hitachi 1 Pentaho Business Analytics Server 2024-11-21 8.8 High
Hitachi Vantara Pentaho Business Analytics Server prior to versions 10.1.0.0 and 9.3.0.7, including 8.3.x allow a malicious URL to inject content into the Analyzer plugin interface.
CVE-2024-28982 1 Hitachi 1 Pentaho Business Analytics Server 2024-11-21 7.1 High
Hitachi Vantara Pentaho Business Analytics Server versions before 10.1.0.0 and 9.3.0.7, including 8.3.x do not correctly protect the ACL service endpoint of the Pentaho User Console against XML External Entity Reference.
CVE-2024-28979 1 Dell 1 Openmanage Enterprise 2024-11-21 5.1 Medium
Dell OpenManage Enterprise, versions 4.1.0 and older, contains an Improper Neutralization of Input During Web Page Generation ('Cross-site Scripting') vulnerability. A high privileged attacker with remote access could potentially exploit this vulnerability, leading to Script injection.
CVE-2024-28978 1 Dell 1 Openmanage Enterprise 2024-11-21 5.2 Medium
Dell OpenManage Enterprise, versions 3.10 and 4.0, contains an Improper Access Control vulnerability. A high privileged remote attacker could potentially exploit this vulnerability, leading to unauthorized access to resources.
CVE-2024-28970 1 Dell 28 G7 7500, G7 7500 Firmware, G7 7700 and 25 more 2024-11-21 4.7 Medium
Dell Client BIOS contains an Out-of-bounds Write vulnerability. A local authenticated malicious user with admin privileges could potentially exploit this vulnerability, leading to platform denial of service.
CVE-2024-28969 1 Dell 1 Secure Connect Gateway 2024-11-21 4.3 Medium
Dell SCG, versions prior to 5.24.00.00, contain an Improper Access Control vulnerability in the SCG exposed for an internal update REST API (if enabled by Admin user from UI). A remote low privileged attacker could potentially exploit this vulnerability, leading to the execution of certain APIs applicable only for Admin Users on the application's backend database that could potentially allow an unauthorized user access to restricted resources.
CVE-2024-28968 1 Dell 1 Secure Connect Gateway 2024-11-21 5.4 Medium
Dell SCG, versions prior to 5.24.00.00, contain an Improper Access Control vulnerability in the SCG exposed for internal email and collection settings REST APIs (if enabled by Admin user from UI). A remote low privileged attacker could potentially exploit this vulnerability, leading to the execution of certain APIs applicable only for Admin Users on the application's backend database that could potentially allow an unauthorized user access to restricted resources and change of state.
CVE-2024-28967 1 Dell 1 Secure Connect Gateway 2024-11-21 5.4 Medium
Dell SCG, versions prior to 5.24.00.00, contain an Improper Access Control vulnerability in the SCG exposed for an internal maintenance REST API (if enabled by Admin user from UI). A remote low privileged attacker could potentially exploit this vulnerability, leading to the execution of certain APIs applicable only for Admin Users on the application's backend database that could potentially allow an unauthorized user access to restricted resources and change of state.
CVE-2024-28966 1 Dell 1 Secure Connect Gateway 2024-11-21 5.4 Medium
Dell SCG, versions prior to 5.24.00.00, contain an Improper Access Control vulnerability in the SCG exposed for an internal update REST API (if enabled by Admin user from UI). A remote low privileged attacker could potentially exploit this vulnerability, leading to the execution of certain APIs applicable only for Admin Users on the application's backend database that could potentially allow an unauthorized user access to restricted resources and change of state.
CVE-2024-28965 1 Dell 1 Secure Connect Gateway 2024-11-21 5.4 Medium
Dell SCG, versions prior to 5.24.00.00, contain an Improper Access Control vulnerability in the SCG exposed for an internal enable REST API (if enabled by Admin user from UI). A remote low privileged attacker could potentially exploit this vulnerability, leading to the execution of certain Internal APIs applicable only for Admin Users on the application's backend database that could potentially allow an unauthorized user access to restricted resources and change of state.
CVE-2024-28964 1 Dell 1 Common Event Enabler 2024-11-21 7.8 High
Dell Common Event Enabler, version 8.9.10.0 and prior, contain an insecure deserialization vulnerability in CAVATools. A local unauthenticated attacker could potentially exploit this vulnerability, leading to arbitrary code execution in the context of the logged in user. Exploitation of this issue requires a victim to open a malicious file.
CVE-2024-28833 1 Checkmk 1 Checkmk 2024-11-21 5.9 Medium
Improper restriction of excessive authentication attempts with two factor authentication methods in Checkmk 2.3 before 2.3.0p6 facilitates brute-forcing of second factor mechanisms.
CVE-2024-28828 1 Checkmk 1 Checkmk 2024-11-21 8.8 High
Cross-Site request forgery in Checkmk < 2.3.0p8, < 2.2.0p29, < 2.1.0p45, and <= 2.0.0p39 (EOL) could lead to 1-click compromize of the site.
CVE-2024-28798 1 Ibm 1 Infosphere Information Server 2024-11-21 7.2 High
IBM InfoSphere Information Server 11.7 is vulnerable to stored cross-site scripting. This vulnerability allows users to embed arbitrary JavaScript code in the Web UI thus altering the intended functionality potentially leading to credentials disclosure within a trusted session. IBM X-Force ID: 287172.