Threat and Vulnerability Intelligence Database

RSS Feed

Example Searches:

CVE
Threat Actors
Countries
Vendors
Severity
Known Exploited

CVE-2024-49093
Windows Resilient File System (ReFS) Elevation of Privilege Vulnerability
Description: Windows Resilient File System (ReFS) Elevation of Privilege Vulnerability

CVSS: HIGH (8.8)

EPSS Score: 0.05%

Source: CVE
December 12th, 2024 (4 months ago)

CVE-2024-49091
Windows Domain Name Service Remote Code Execution Vulnerability
Description: Windows Domain Name Service Remote Code Execution Vulnerability

CVSS: HIGH (7.2)

EPSS Score: 0.05%

Source: CVE
December 12th, 2024 (4 months ago)

CVE-2024-48912
GLPI vulnerable to authenticated insecure account deletion
Description: GLPI is a free asset and IT management software package. Starting in version 10.0.0 and prior to version 10.0.17, an authenticated user can use an application endpoint to delete any user account. Version 10.0.17 contains a patch for this issue.

CVSS: HIGH (7.2)

EPSS Score: 0.05%

Source: CVE
December 12th, 2024 (4 months ago)

CVE-2024-47975
Improper access control validation in firmware of some Solidigm DC Products may allow an attacker with physical access to gain unauthorized access...
Description: Improper access control validation in firmware of some Solidigm DC Products may allow an attacker with physical access to gain unauthorized access or an attacker with local access to potentially enable denial of service.

CVSS: HIGH (7.0)

EPSS Score: 0.04%

Source: CVE
December 12th, 2024 (4 months ago)

CVE-2024-47761
GLPI vulnerable to account takeover via the password reset feature
Description: GLPI is a free asset and IT management software package. Starting in version 0.80 and prior to version 10.0.17, an administrator with access to the sent notifications contents can take control of an account with higher privileges. Version 10.0.17 contains a patch for this issue.

CVSS: HIGH (7.5)

EPSS Score: 0.05%

Source: CVE
December 12th, 2024 (4 months ago)

CVE-2024-47760
GLPI vulnerable to account takeover via API
Description: GLPI is a free asset and IT management software package. Starting in version 9.1.0 and prior to version 10.0.17, a technician with an access to the API can take control of an account with higher privileges. Version 10.0.17 contains a patch for this issue.

CVSS: HIGH (7.5)

EPSS Score: 0.05%

Source: CVE
December 12th, 2024 (4 months ago)

CVE-2024-47758
GLPI vulnerable to account takeover without privilege escalation through the API
Description: GLPI is a free asset and IT management software package. Starting in version 9.3.0 and prior to version 10.0.17, an authenticated user can use the API to take control of any user that have the same or a lower level of privileges. Version 10.0.17 contains a patch for this issue.

CVSS: HIGH (7.6)

EPSS Score: 0.04%

Source: CVE
December 12th, 2024 (4 months ago)

CVE-2024-47615
GHSL-2024-117: GStreamer has an out-of-bounds write in Ogg demuxer
Description: GStreamer is a library for constructing graphs of media-handling components. An OOB-Write has been detected in the function gst_parse_vorbis_setup_packet within vorbis_parse.c. The integer size is read from the input file without proper validation. As a result, size can exceed the fixed size of the pad->vorbis_mode_sizes array (which size is 256). When this happens, the for loop overwrites the entire pad structure with 0s and 1s, affecting adjacent memory as well. This OOB-write can overwrite up to 380 bytes of memory beyond the boundaries of the pad->vorbis_mode_sizes array. This vulnerability is fixed in 1.24.10.

CVSS: HIGH (8.6)

EPSS Score: 0.06%

Source: CVE
December 12th, 2024 (4 months ago)

CVE-2024-47613
GHSL-2024-118: GStreamer has a null pointer dereference in gst_gdk_pixbuf_dec_flush
Description: GStreamer is a library for constructing graphs of media-handling components. A stack-buffer overflow has been detected in the vorbis_handle_identification_packet function within gstvorbisdec.c. The position array is a stack-allocated buffer of size 64. If vd->vi.channels exceeds 64, the for loop will write beyond the boundaries of the position array. The value written will always be GST_AUDIO_CHANNEL_POSITION_NONE. This vulnerability allows to overwrite the EIP address allocated in the stack. Additionally, this bug can overwrite the GstAudioInfo info structure. This vulnerability is fixed in 1.24.10.

CVSS: HIGH (8.6)

EPSS Score: 0.06%

Source: CVE
December 12th, 2024 (4 months ago)

CVE-2024-47607
GHSL-2024-116: Stack-buffer overflow in gst_opus_dec_parse_header
Description: GStreamer is a library for constructing graphs of media-handling components. stack-buffer overflow has been detected in the gst_opus_dec_parse_header function within `gstopusdec.c'. The pos array is a stack-allocated buffer of size 64. If n_channels exceeds 64, the for loop will write beyond the boundaries of the pos array. The value written will always be GST_AUDIO_CHANNEL_POSITION_NONE. This bug allows to overwrite the EIP address allocated in the stack. This vulnerability is fixed in 1.24.10.

CVSS: HIGH (8.6)

EPSS Score: 0.09%

Source: CVE
December 12th, 2024 (4 months ago)