Vulnerabilities > High

DATE CVE VULNERABILITY TITLE RISK
2024-04-16 CVE-2024-21111 Vulnerability in the Oracle VM VirtualBox product of Oracle Virtualization (component: Core).
local
low complexity
7.8
2024-04-16 CVE-2024-21113 Vulnerability in the Oracle VM VirtualBox product of Oracle Virtualization (component: Core).
local
low complexity
8.8
2024-04-16 CVE-2024-21114 Vulnerability in the Oracle VM VirtualBox product of Oracle Virtualization (component: Core).
local
low complexity
8.8
2024-04-16 CVE-2024-21115 Vulnerability in the Oracle VM VirtualBox product of Oracle Virtualization (component: Core).
local
low complexity
8.8
2024-04-16 CVE-2024-21116 Vulnerability in the Oracle VM VirtualBox product of Oracle Virtualization (component: Core).
local
low complexity
7.8
2024-04-15 CVE-2023-4855 A command injection vulnerability was identified in SMM/SMM2 and FPC that could allow an authenticated user with elevated privileges to execute unauthorized commands via IPMI.
network
low complexity
7.2
2024-04-15 CVE-2023-4856 A format string vulnerability was identified in SMM/SMM2 and FPC that could allow an authenticated user to execute arbitrary commands on a specific API endpoint.
network
low complexity
8.8
2024-04-15 CVE-2023-4857 An authentication bypass vulnerability was identified in SMM/SMM2 and FPC that could allow an authenticated user to execute certain IPMI calls that could lead to exposure of limited system information.
network
low complexity
7.5
2024-04-15 CVE-2024-2659 A command injection vulnerability was identified in SMM/SMM2 and FPC that could allow an authenticated user with elevated privileges to execute system commands when performing a specific administrative function.
network
low complexity
7.2
2024-04-15 CVE-2024-3778 The file upload functionality of Ai3 QbiBot does not properly restrict types of uploaded files, allowing remote attackers with administrator privilege to upload files with dangerous type containing malicious code.
network
low complexity
CWE-434
7.2