Vulnerabilities

DATE CVE VULNERABILITY TITLE RISK
2024-12-18 CVE-2024-47480 Link Following vulnerability in Dell Inventory Collector 12.3.0.6
Dell Inventory Collector Client, versions prior to 12.7.0, contains an Improper Link Resolution Before File Access vulnerability.
local
low complexity
dell CWE-59
7.8
2024-12-17 CVE-2024-10973 A vulnerability was found in Keycloak.
low complexity
CWE-319
5.7
2024-12-17 CVE-2024-9779 A flaw was found in Open Cluster Management (OCM) when a user has access to the worker nodes which contain the cluster-manager or klusterlet deployments.
network
high complexity
CWE-501
7.5
2024-12-17 CVE-2023-37940 Cross-site Scripting vulnerability in Liferay Portal
Cross-site scripting (XSS) vulnerability in the edit Service Access Policy page in Liferay Portal 7.0.0 through 7.4.3.87, and Liferay DXP 7.4 GA through update 87, 7.3 GA through update 29, and older unsupported versions allows remote attackers to inject arbitrary web script or HTML via a crafted payload injected into a service access policy's `Service Class` text field.
network
low complexity
liferay CWE-79
4.8
2024-12-17 CVE-2024-11993 Unspecified vulnerability in Liferay Portal
Reflected cross-site scripting (XSS) vulnerability in Liferay Portal 7.4.0 through 7.4.3.38, and Liferay DXP 7.4 GA through update 38 allows remote attackers to execute arbitrary web script or HTML via Dispatch name field
network
low complexity
liferay
6.1
2024-12-17 CVE-2024-12539 Incorrect Authorization vulnerability in Elastic Elasticsearch 8.16.0/8.16.1
An issue was discovered where improper authorization controls affected certain queries that could allow a malicious actor to circumvent Document Level Security in Elasticsearch and get access to documents that their roles would normally not allow.
network
low complexity
elastic CWE-863
6.5
2024-12-17 CVE-2024-49816 Information Exposure Through Log Files vulnerability in IBM Security Guardium KEY Lifecycle Manager
IBM Security Guardium Key Lifecycle Manager 4.1, 4.1.1, 4.2.0, and 4.2.1 stores potentially sensitive information in log files that could be read by a local privileged user.
local
low complexity
ibm CWE-532
4.4
2024-12-17 CVE-2024-49817 Insufficiently Protected Credentials vulnerability in IBM Security Guardium KEY Lifecycle Manager
IBM Security Guardium Key Lifecycle Manager 4.1, 4.1.1, 4.2.0, and 4.2.1 stores user credentials in configuration files which can be read by a local privileged user.
local
low complexity
ibm CWE-522
4.4
2024-12-17 CVE-2024-49818 Information Exposure Through an Error Message vulnerability in IBM Security Guardium KEY Lifecycle Manager
IBM Security Guardium Key Lifecycle Manager 4.1, 4.1.1, 4.2.0, and 4.2.1 could allow a remote attacker to obtain sensitive information when a detailed technical error message is returned in the browser.
network
low complexity
ibm CWE-209
4.3
2024-12-17 CVE-2024-49819 Cleartext Transmission of Sensitive Information vulnerability in IBM Security Guardium KEY Lifecycle Manager
IBM Security Guardium Key Lifecycle Manager 4.1, 4.1.1, 4.2.0, and 4.2.1 could allow a remote attacker to obtain sensitive information in cleartext in a communication channel that can be sniffed by unauthorized actors.
network
low complexity
ibm CWE-319
7.5