CVE-2024-49035 |
Description: The U.S. Cybersecurity and Infrastructure Security Agency (CISA) on Tuesday placed two security flaws impacting Microsoft Partner Center and Synacor Zimbra Collaboration Suite (ZCS) to its Known Exploited Vulnerabilities (KEV) catalog, based on evidence of active exploitation.
The vulnerabilities in question are as follows -
CVE-2024-49035 (CVSS score: 8.7) - An improper access control
CVSS: HIGH (8.7)
February 26th, 2025 (5 months ago)
|
CVE-2025-22881 |
Description: Delta Electronics CNCSoft-G2 lacks proper validation of the length of user-supplied data prior to copying it to a fixed-length heap-based buffer. If a target visits a malicious page or opens a malicious file an attacker can leverage this vulnerability to execute code in the context of the current process.
CVSS: HIGH (8.4) EPSS Score: 0.02%
February 26th, 2025 (5 months ago)
|
CVE-2025-0889 |
Description: Prior to 25.2, a local authenticated attacker can elevate privileges on a system with Privilege Management for Windows installed, via the manipulation of COM objects under certain circumstances where an EPM policy allows for automatic privilege elevation of a user process.
CVSS: HIGH (7.2) EPSS Score: 0.01%
February 26th, 2025 (5 months ago)
|
CVE-2025-0514 |
Description: Improper Input Validation vulnerability in The Document Foundation LibreOffice allows Windows Executable hyperlink targets to be executed unconditionally on activation.This issue affects LibreOffice: from 24.8 before < 24.8.5.
CVSS: HIGH (7.2) EPSS Score: 0.04% SSVC Exploitation: none
February 25th, 2025 (5 months ago)
|
CVE-2025-27148 |
Description: Gradle is a build automation tool, and its native-platform tool provides Java bindings for native APIs. On Unix-like systems, the system temporary directory can be created with open permissions that allow multiple users to create and delete files within it. This library initialization could be vulnerable to a local privilege escalation from an attacker quickly deleting and recreating files in the system temporary directory. Gradle builds that rely on versions of net.rubygrapefruit:native-platform prior to 0.22-milestone-28 could be vulnerable to a local privilege escalation from an attacker quickly deleting and recreating files in the system temporary directory.
In net.rubygrapefruit:native-platform prior to version 0.22-milestone-28, if the `Native.get(Class<>)` method was called, without calling `Native.init(File)` first, with a non-`null` argument used as working file path, then the library would initialize itself using the system temporary directory and NativeLibraryLocator.java lines 68 through 78. Version 0.22-milestone-28 has been released with changes that fix the problem. Initialization is now mandatory and no longer uses the system temporary directory, unless such a path is passed for initialization. The only workaround for affected versions is to make sure to do a proper initialization, using a location that is safe.
Gradle 8.12, only that exact version, had codepaths where the initialization of the underlying native integration library took a default path, re...
CVSS: HIGH (8.8) EPSS Score: 0.02%
February 25th, 2025 (5 months ago)
|
CVE-2025-27110 |
Description: Libmodsecurity is one component of the ModSecurity v3 project. The library codebase serves as an interface to ModSecurity Connectors taking in web traffic and applying traditional ModSecurity processing. A bug that exists only in Libmodsecurity3 version 3.0.13 means that, in 3.0.13, Libmodsecurity3 can't decode encoded HTML entities if they contains leading zeroes. Version 3.0.14 contains a fix. No known workarounds are available.
CVSS: HIGH (7.9) EPSS Score: 0.04%
February 25th, 2025 (5 months ago)
|
CVE-2024-0148 |
Description: NVIDIA Jetson Linux and IGX OS image contains a vulnerability in the UEFI firmware RCM boot mode, where an unprivileged attacker with physical access to the device could load untrusted code. A successful exploit might lead to code execution, escalation of privileges, data tampering, denial of service, and information disclosure. The scope of the impacts can extend to other components.
CVSS: HIGH (7.6) EPSS Score: 0.02%
February 25th, 2025 (5 months ago)
|
CVE-2024-45421 |
Description: CVE-2024-45421: Zoom Apps - Buffer Overflow
CVSS: HIGH (8.5) EPSS Score: 0.05%
February 25th, 2025 (5 months ago)
|
CVE-2024-45421 |
Description: Buffer overflow in some Zoom Apps may allow an authenticated user to conduct an escalation of privilege via network access.
CVSS: HIGH (8.5) EPSS Score: 0.05%
February 25th, 2025 (5 months ago)
|
CVE-2024-36259 |
Description: Improper access control in mail module of Odoo Community 17.0 and Odoo Enterprise 17.0 allows remote authenticated attackers to extract sensitive information via an oracle-based (yes/no response) crafted attack.
CVSS: HIGH (7.5) EPSS Score: 0.05% SSVC Exploitation: none
February 25th, 2025 (5 months ago)
|