| CVE ID | Title | Vendor | Product | Severity | CVSS Score | Published At | AI Analysis |
|---|---|---|---|---|---|---|---|
| CVE-2024-45739 | Sensitive information disclosure in AdminManager logging channel | Splunk | Splunk Enterprise | Medium | 4.9 | 2024-10-14 17:03:39 | Deep Dive |
| CVE-2024-45738 | Sensitive information disclosure in REST_Calls logging channel | Splunk | Splunk Enterprise | Medium | 4.9 | 2024-10-14 17:03:38 | Deep Dive |
| CVE-2024-45737 | Maintenance mode state change of App Key Value Store (KVStore) through Cross-Site Request Forgery (CSRF) | Splunk | Splunk Enterprise | Medium | 4.3 | 2024-10-14 17:03:37 | Deep Dive |
| CVE-2024-45733 | Remote Code Execution (RCE) due to insecure session storage configuration in Splunk Enterprise on Windows | Splunk | Splunk Enterprise | High | 8.8 | 2024-10-14 17:03:36 | Deep Dive |
| CVE-2024-45732 | Low-privileged user could run search as nobody in SplunkDeploymentServerConfig app | Splunk | Splunk Enterprise | High | 7.1 | 2024-10-14 17:03:36 | Deep Dive |
| CVE-2024-45736 | Improperly Formatted ‘INGEST_EVAL’ Parameter Crashes Splunk Daemon | Splunk | Splunk Enterprise | Medium | 6.5 | 2024-10-14 17:03:35 | Deep Dive |
| CVE-2024-45741 | Persistent Cross-Site Scripting (XSS) via props.conf on Splunk Enterprise | Splunk | Splunk Enterprise | Medium | 5.4 | 2024-10-14 17:03:34 | Deep Dive |
| CVE-2024-45734 | Low Privilege User can View Images on the Host Machine by using the PDF Export feature in Splunk Classic Dashboard | Splunk | Splunk Enterprise | Medium | 4.3 | 2024-10-14 17:03:30 | Deep Dive |
| CVE-2024-45740 | Persistent Cross-Site Scripting (XSS) through Scheduled Views on Splunk Enterprise | Splunk | Splunk Enterprise | Medium | 5.4 | 2024-10-14 17:03:29 | Deep Dive |
| CVE-2024-45731 | Potential Remote Command Execution (RCE) through arbitrary file write to Windows system root directory when Splunk Enterprise for Windows is installed on a separate disk | Splunk | Splunk Enterprise | High | 8.0 | 2024-10-14 16:46:02 | Deep Dive |
| CVE-2024-45735 | Improper Access Control for low-privileged user in Splunk Secure Gateway App | Splunk | Splunk Enterprise | Medium | 4.3 | 2024-10-14 16:45:55 | Deep Dive |
| CVE-2024-9539 | GitHub Enterprise Server 安全漏洞 | GitHub | GitHub Enterprise Server | - | - | 2024-10-11 17:52:35 | Deep Dive |
| CVE-2024-9487 | An Improper Verification of Cryptographic Signature vulnerability was identified in GitHub Enterprise Server that allowed SAML SSO authentication to be bypassed when the encrypted assertions feature was enabled | GitHub | Enterprise Server | - | - | 2024-10-10 21:08:49 | Deep Dive |
| CVE-2024-9180 | Vault Operators in Root Namespace May Elevate Their Privileges | HashiCorp | Vault | High | 7.2 | 2024-10-10 20:54:57 | Deep Dive |
| CVE-2024-8264 | Sensitive information in agent log file when detailed logging is enabled with Robot Schedule Enterprise prior to version 3.05 | Fortra | Robot Schedule Enterprise | Medium | 5.5 | 2024-10-09 22:44:35 | Deep Dive |
| CVE-2024-3656 | Keycloak: unguarded admin rest api endpoints allows low privilege users to use administrative functionalities | - | - | High | 8.1 | 2024-10-09 18:59:11 | Deep Dive |
| CVE-2024-9675 | Buildah: buildah allows arbitrary directory mount | - | - | High | 7.8 | 2024-10-09 14:32:12 | Deep Dive |
| CVE-2024-43616 | Microsoft Office Remote Code Execution Vulnerability | Microsoft | Microsoft Office 2019 | High | 7.8 | 2024-10-08 17:35:37 | Deep Dive |
| CVE-2024-43609 | Microsoft Office Spoofing Vulnerability | Microsoft | Microsoft Office LTSC 2024 | Medium | 6.5 | 2024-10-08 17:35:35 | Deep Dive |
| CVE-2024-43576 | Microsoft Office Remote Code Execution Vulnerability | Microsoft | Microsoft 365 Apps for Enterprise | High | 7.8 | 2024-10-08 17:35:32 | Deep Dive |