CVE-2017-3506

Known exploited
Vulnerability in the Oracle WebLogic Server component of Oracle Fusion Middleware (subcomponent: Web Services). Supported versions that are affected are 10.3.6.0, 12.1.3.0, 12.2.1.0, 12.2.1.1 and 12.2.1.2. Difficult to exploit vulnerability allows unauthenticated attacker with network access via HTTP to compromise Oracle WebLogic Server. Successful attacks of this vulnerability can result in unauthorized creation, deletion or modification access to critical data or all Oracle WebLogic Server accessible data as well as unauthorized access to critical data or complete access to all Oracle WebLogic Server accessible data. CVSS 3.0 Base Score 7.4 (Confidentiality and Integrity impacts). CVSS Vector: (CVSS:3.0/AV:N/AC:H/PR:N/UI:N/S:U/C:H/I:H/A:N).
Source: Oracle
Max CVSS
7.4
EPSS Score
86.86%
Published
2017-04-24
Updated
2024-06-07
CISA KEV Added
2024-06-03

CVE-2024-24919

Known exploited
Public exploit
Potentially allowing an attacker to read certain information on Check Point Security Gateways once connected to the internet and enabled with remote Access VPN or Mobile Access Software Blades. A Security fix that mitigates this vulnerability is available.
Source: Check Point Software Technologies Ltd.
Max CVSS
8.6
EPSS Score
94.50%
Published
2024-05-28
Updated
2024-05-31
CISA KEV Added
2024-05-30

CVE-2024-1086

Known exploited
A use-after-free vulnerability in the Linux kernel's netfilter: nf_tables component can be exploited to achieve local privilege escalation. The nft_verdict_init() function allows positive values as drop error within the hook verdict, and hence the nf_hook_slow() function can cause a double free vulnerability when NF_DROP is issued with a drop error which resembles NF_ACCEPT. We recommend upgrading past commit f342de4e2f33e0e39165d8639387aa6c19dff660.
Source: Google Inc.
Max CVSS
7.8
EPSS Score
1.09%
Published
2024-01-31
Updated
2024-06-14
CISA KEV Added
2024-05-30

CVE-2024-4978

Known exploited
Justice AV Solutions Viewer Setup 8.3.7.250-1 contains a malicious binary when executed and is signed with an unexpected authenticode signature. A remote, privileged threat actor may exploit this vulnerability to execute of unauthorized PowerShell commands.
Source: Cybersecurity and Infrastructure Security Agency (CISA) U.S. Civilian Government
Max CVSS
8.4
EPSS Score
2.83%
Published
2024-05-23
Updated
2024-05-31
CISA KEV Added
2024-05-29

CVE-2024-5274

Known exploited
Type Confusion in V8 in Google Chrome prior to 125.0.6422.112 allowed a remote attacker to execute arbitrary code inside a sandbox via a crafted HTML page. (Chromium security severity: High)
Source: Chrome
Max CVSS
8.8
EPSS Score
0.30%
Published
2024-05-28
Updated
2024-06-10
CISA KEV Added
2024-05-28

CVE-2020-17519

Known exploited
Public exploit
A change introduced in Apache Flink 1.11.0 (and released in 1.11.1 and 1.11.2 as well) allows attackers to read any file on the local filesystem of the JobManager through the REST interface of the JobManager process. Access is restricted to files accessible by the JobManager process. All users should upgrade to Flink 1.11.3 or 1.12.0 if their Flink instance(s) are exposed. The issue was fixed in commit b561010b0ee741543c3953306037f00d7a9f0801 from apache/flink:master.
Source: Apache Software Foundation
Max CVSS
7.5
EPSS Score
97.23%
Published
2021-01-05
Updated
2024-06-10
CISA KEV Added
2024-05-23

CVE-2024-4947

Known exploited
Type Confusion in V8 in Google Chrome prior to 125.0.6422.60 allowed a remote attacker to execute arbitrary code inside a sandbox via a crafted HTML page. (Chromium security severity: High)
Source: Chrome
Max CVSS
8.8
EPSS Score
0.23%
Published
2024-05-15
Updated
2024-06-10
CISA KEV Added
2024-05-20

CVE-2023-43208

Known exploited
Public exploit
NextGen Healthcare Mirth Connect before version 4.4.1 is vulnerable to unauthenticated remote code execution. Note that this vulnerability is caused by the incomplete patch of CVE-2023-37679.
Source: MITRE
Max CVSS
9.8
EPSS Score
95.98%
Published
2023-10-26
Updated
2024-05-23
CISA KEV Added
2024-05-20

CVE-2024-4761

Known exploited
Out of bounds write in V8 in Google Chrome prior to 124.0.6367.207 allowed a remote attacker to perform an out of bounds memory write via a crafted HTML page. (Chromium security severity: High)
Source: Chrome
Max CVSS
8.8
EPSS Score
0.27%
Published
2024-05-14
Updated
2024-06-10
CISA KEV Added
2024-05-16

CVE-2021-40655

Known exploited
An informtion disclosure issue exists in D-LINK-DIR-605 B2 Firmware Version : 2.01MT. An attacker can obtain a user name and password by forging a post request to the / getcfg.php page
Source: MITRE
Max CVSS
7.5
EPSS Score
8.62%
Published
2021-09-24
Updated
2024-05-18
CISA KEV Added
2024-05-16

CVE-2014-100005

Known exploited
Public exploit
Multiple cross-site request forgery (CSRF) vulnerabilities in D-Link DIR-600 router (rev. Bx) with firmware before 2.17b02 allow remote attackers to hijack the authentication of administrators for requests that (1) create an administrator account or (2) enable remote management via a crafted configuration module to hedwig.cgi, (3) activate new configuration settings via a SETCFG,SAVE,ACTIVATE action to pigwidgeon.cgi, or (4) send a ping via a ping action to diagnostic.php.
Source: MITRE
Max CVSS
6.8
EPSS Score
86.06%
Published
2015-01-13
Updated
2024-05-18
CISA KEV Added
2024-05-16

CVE-2024-30051

Known exploited
Windows DWM Core Library Elevation of Privilege Vulnerability
Source: Microsoft Corporation
Max CVSS
7.8
EPSS Score
0.05%
Published
2024-05-14
Updated
2024-05-16
CISA KEV Added
2024-05-14

CVE-2024-30040

Known exploited
Windows MSHTML Platform Security Feature Bypass Vulnerability
Source: Microsoft Corporation
Max CVSS
8.8
EPSS Score
0.75%
Published
2024-05-14
Updated
2024-05-16
CISA KEV Added
2024-05-14

CVE-2024-4671

Known exploited
Use after free in Visuals in Google Chrome prior to 124.0.6367.201 allowed a remote attacker who had compromised the renderer process to potentially perform a sandbox escape via a crafted HTML page. (Chromium security severity: High)
Source: Chrome
Max CVSS
9.6
EPSS Score
0.10%
Published
2024-05-09
Updated
2024-06-10
CISA KEV Added
2024-05-13
Toggle Search Form
This web site uses cookies for managing your session, storing preferences, website analytics and additional purposes described in our privacy policy.
By using this web site you are agreeing to CVEdetails.com terms of use!