Threat and Vulnerability Intelligence Database
Example Searches:
CVE
Threat Actors
Countries
Vendors
Severity
Known Exploited
CVE-2024-28038 |
Description: The web interface of the affected devices processes a cookie value improperly, leading to a stack buffer overflow. More precisely, giving too long character string to MFPSESSIONID parameter results in a stack buffer overflow. As for the details of affected product names, model numbers, and versions, refer to the information provided by the respective vendors listed under [References].
CVSS: CRITICAL (9.0) EPSS Score: 0.04%
November 27th, 2024 (6 months ago)
|
|
CVE-2024-11705 |
Description: `NSC_DeriveKey` inadvertently assumed that the `phKey` parameter is always non-NULL. When it was passed as NULL, a segmentation fault (SEGV) occurred, leading to crashes. This behavior conflicted with the PKCS#11 v3.0 specification, which allows `phKey` to be NULL for certain mechanisms. This vulnerability affects Firefox < 133 and Thunderbird < 133.
CVSS: CRITICAL (9.1) EPSS Score: 0.05%
November 27th, 2024 (6 months ago)
|
|
CVE-2024-11704 |
Description: A double-free issue could have occurred in `sec_pkcs7_decoder_start_decrypt()` when handling an error path. Under specific conditions, the same symmetric key could have been freed twice, potentially leading to memory corruption. This vulnerability affects Firefox < 133 and Thunderbird < 133.
CVSS: CRITICAL (9.8) EPSS Score: 0.05%
November 27th, 2024 (6 months ago)
|
|
CVE-2024-11698 |
Description: A flaw in handling fullscreen transitions may have inadvertently caused the application to become stuck in fullscreen mode when a modal dialog was opened during the transition. This issue left users unable to exit fullscreen mode using standard actions like pressing "Esc" or accessing right-click menus, resulting in a disrupted browsing experience until the browser is restarted.
*This bug only affects the application when running on macOS. Other operating systems are unaffected.* This vulnerability affects Firefox < 133, Firefox ESR < 128.5, Thunderbird < 133, and Thunderbird < 128.5.
CVSS: CRITICAL (9.8) EPSS Score: 0.05%
November 27th, 2024 (6 months ago)
|
|
CVE-2023-2834 |
Description: The BookIt plugin for WordPress is vulnerable to authentication bypass in versions up to, and including, 2.3.7. This is due to insufficient verification on the user being supplied during booking an appointment through the plugin. This makes it possible for unauthenticated attackers to log in as any existing user on the site, such as an administrator, if they have access to the email.
CVSS: CRITICAL (9.8) EPSS Score: 0.05%
November 27th, 2024 (6 months ago)
|
|
CVE-2024-53915 |
Description: An issue was discovered in the server in Veritas Enterprise Vault before 15.2, ZDI-CAN-24405. It allows remote attackers to execute arbitrary code because untrusted data, received on a .NET Remoting TCP port, is deserialized.
CVSS: CRITICAL (9.8) EPSS Score: 0.07%
November 27th, 2024 (6 months ago)
|
|
CVE-2024-53914 |
Description: An issue was discovered in the server in Veritas Enterprise Vault before 15.2, ZDI-CAN-24344. It allows remote attackers to execute arbitrary code because untrusted data, received on a .NET Remoting TCP port, is deserialized.
CVSS: CRITICAL (9.8) EPSS Score: 0.07%
November 27th, 2024 (6 months ago)
|
|
CVE-2024-53913 |
Description: An issue was discovered in the server in Veritas Enterprise Vault before 15.2, ZDI-CAN-24343. It allows remote attackers to execute arbitrary code because untrusted data, received on a .NET Remoting TCP port, is deserialized.
CVSS: CRITICAL (9.8) EPSS Score: 0.07%
November 27th, 2024 (6 months ago)
|
|
CVE-2024-53912 |
Description: An issue was discovered in the server in Veritas Enterprise Vault before 15.2, ZDI-CAN-24341. It allows remote attackers to execute arbitrary code because untrusted data, received on a .NET Remoting TCP port, is deserialized.
CVSS: CRITICAL (9.8) EPSS Score: 0.07%
November 27th, 2024 (6 months ago)
|
|
CVE-2024-53911 |
Description: An issue was discovered in the server in Veritas Enterprise Vault before 15.2, ZDI-CAN-24339. It allows remote attackers to execute arbitrary code because untrusted data, received on a .NET Remoting TCP port, is deserialized.
CVSS: CRITICAL (9.8) EPSS Score: 0.07%
November 27th, 2024 (6 months ago)
|