Security Vulnerabilities - CVEs Published In December 2024
Dell Power Manager (DPM), versions prior to 3.17, contain an improper access control vulnerability. A low privileged attacker with local access could potentially exploit this vulnerability, leading to Code execution and Elevation of Privileges.
CVSS Score
7.8
EPSS Score
0.001
Published
2024-12-09
Dell PowerScale OneFS Versions 8.2.2.x through 9.8.0.x contain an improper resource unlocking vulnerability. A remote low privileged attacker could potentially exploit this vulnerability, leading to denial of service.
CVSS Score
6.5
EPSS Score
0.006
Published
2024-12-09
Dell PowerScale OneFS Versions 8.2.2.x through 9.9.0.x contain an incorrect specified argument vulnerability. A remote low privileged legitimate user could potentially exploit this vulnerability, leading to information disclosure.
CVSS Score
4.3
EPSS Score
0.003
Published
2024-12-09
Dell PowerScale OneFS Versions 9.5.0.x through 9.8.0.x contain an uncontrolled resource consumption vulnerability. A low privilege remote attacker could potentially exploit this vulnerability, leading to denial of service.
CVSS Score
4.3
EPSS Score
0.006
Published
2024-12-09
Dell ECS, versions prior to 3.8.0, contain(s) a Host Header Injection Vulnerability. A remote low-privileged attacker could potentially exploit this vulnerability to trigger redirections that leads to sensitive information leakage.
CVSS Score
4.3
EPSS Score
0.002
Published
2024-12-09
Motoko's incremental garbage collector is impacted by an uninitialized memory access bug, caused by incorrect use of write barriers in a few locations. This vulnerability could potentially allow unauthorized read or write access to a Canister's memory. However, exploiting this bug requires the Canister to enable the incremental garbage collector or enhanced orthogonal persistence, which are non-default features in Motoko.
CVSS Score
5.6
EPSS Score
0.002
Published
2024-12-09
A maliciously crafted FBX file, when parsed through Autodesk FBX SDK, may force an Out-of-Bounds Write vulnerability. A malicious actor may leverage this vulnerability to cause a crash, cause data corruption, or execute arbitrary code in the context of the current process.
CVSS Score
4.4
EPSS Score
0.002
Published
2024-12-09
A Stored Cross-Site Scripting (XSS) vulnerability was found in /send_message.php of Kashipara E-learning Management System v1.0. This vulnerability allows remote attackers to execute arbitrary scripts via the my_message parameter.
CVSS Score
5.4
EPSS Score
0.004
Published
2024-12-09
A Directory Listing issue was found in Kashipara E-Learning Management System v1.0, which allows remote attackers to access sensitive files and directories via /admin/assets.
CVSS Score
5.3
EPSS Score
0.004
Published
2024-12-09
Exposure of Sensitive System Information to an Unauthorized Control Sphere vulnerability in Adnan Analytify wp-analytify.This issue affects Analytify: from n/a through <= 5.4.3.
CVSS Score
6.5
EPSS Score
0.008
Published
2024-12-09