Threat and Vulnerability Intelligence Database
Example Searches:
CVE
Threat Actors
Countries
Vendors
Severity
Known Exploited
CVE-2024-6249 |
Description: Wyze Cam v3 TCP Traffic Handling Stack-Based Buffer Overflow Remote Code Execution Vulnerability. This vulnerability allows network-adjacent attackers to execute arbitrary code on affected installations of Wyze Cam v3 IP cameras. Authentication is not required to exploit this vulnerability.
The specific flaw exists within the TUTK P2P library. The issue results from the lack of proper validation of the length of user-supplied data prior to copying it to a fixed-length stack-based buffer. An attacker can leverage this vulnerability to execute code in the context of root. Was ZDI-CAN-22419.
CVSS: HIGH (8.8) EPSS Score: 0.05%
December 5th, 2024 (5 months ago)
|
|
CVE-2024-6248 |
Description: Wyze Cam v3 Cloud Infrastructure Improper Authentication Remote Code Execution Vulnerability. This vulnerability allows network-adjacent attackers to execute arbitrary code on affected installations of Wyze Cam v3 IP cameras. Authentication is not required to exploit this vulnerability.
The specific flaw exists within the run_action_batch endpoint of the cloud infrastructure. The issue results from the use of the device's MAC address as a sole credential for authentication. An attacker can leverage this in conjunction with other vulnerabilities to execute arbitrary code in the context of root. Was ZDI-CAN-22393.
CVSS: HIGH (7.5) EPSS Score: 0.05%
December 5th, 2024 (5 months ago)
|
|
CVE-2024-54664 |
Description: An issue was discovered in Veritas NetBackup before 10.5. This only applies to NetBackup components running on a Windows Operating System. If a user executes specific NetBackup commands or an attacker uses social engineering techniques to impel the user to execute the commands, a malicious DLL could be loaded, resulting in execution of the attacker's code in the user's security context, a different vulnerability than CVE-2024-52945.
CVSS: HIGH (7.8) EPSS Score: 0.04%
December 5th, 2024 (5 months ago)
|
|
CVE-2024-54154 |
Description: In JetBrains YouTrack before 2024.3.51866 system takeover was possible through path traversal in plugin sandbox
CVSS: HIGH (8.0) EPSS Score: 0.09%
December 5th, 2024 (5 months ago)
|
|
CVE-2024-54134 |
Description: A publish-access account was compromised for `@solana/web3.js`, a JavaScript library that is commonly used by Solana dapps. This allowed an attacker to publish unauthorized and malicious packages that were modified, allowing them to steal private key material and drain funds from dapps, like bots, that handle private keys directly. This issue should not affect non-custodial wallets, as they generally do not expose private keys during transactions. This is not an issue with the Solana protocol itself, but with a specific JavaScript client library and only appears to affect projects that directly handle private keys and that updated within the window of 3:20pm UTC and 8:25pm UTC on Tuesday, December 3, 2024. These two unauthorized versions (1.95.6 and 1.95.7) were caught within hours and have since been unpublished. All Solana app developers should upgrade to version 1.95.8. Developers that suspect they might be compromised should rotate any suspect authority keys, including multisigs, program authorities, server keypairs, and so on.
CVSS: HIGH (8.3) EPSS Score: 0.04%
December 5th, 2024 (5 months ago)
|
|
CVE-2024-53982 |
Description: ZOO-Project is a C-based WPS (Web Processing Service) implementation. A path traversal vulnerability was discovered in Zoo-Project Echo example. The Echo example available by default in Zoo installs implements file caching, which can be controlled by user-given parameters. No input validation is performed in this parameter, which allows an attacker to fully control the file which is returned in the response. Patch was committed in November 22nd, 2024.
CVSS: HIGH (8.7) EPSS Score: 0.04%
December 5th, 2024 (5 months ago)
|
|
CVE-2024-53979 |
Description: ibm.ibm_zhmc is an Ansible collection for the IBM Z HMC. The Ansible collection "ibm.ibm_zhmc" writes password-like properties in clear text into its log file and into the output returned by some of its Ansible module in the following cases: 1. The 'boot_ftp_password' and 'ssc_master_pw' properties are passed as input to the zhmc_partition Ansible module. 2. The 'ssc_master_pw' and 'zaware_master_pw' properties are passed as input to the zhmc_lpar Ansible module. 3. The 'password' property is passed as input to the zhmc_user Ansible module (just in log file, not in module output). 4. The 'bind_password' property is passed as input to the zhmc_ldap_server_definition Ansible module. These properties appear in the module output only when they were specified in the module input and when creating or updating the corresponding resources. They do not appear in the output when retrieving facts for the corresponding resources. These properties appear in the log file only when the "log_file" module input parameter is used. By default, no log file is created. This issue has been fixed in ibm.ibm_zhmc version 1.9.3. Users are advised to upgrade. There are no known workarounds for this vulnerability.
CVSS: HIGH (8.3) EPSS Score: 0.04%
December 5th, 2024 (5 months ago)
|
|
CVE-2024-52277 |
Description: User Interface (UI) Misrepresentation of Critical Information vulnerability in DocuSeal allows Content Spoofing.This issue affects DocuSeal: through 1.8.1, >1.8.1.
CVSS: HIGH (8.2) EPSS Score: 0.05%
December 5th, 2024 (5 months ago)
|
|
CVE-2024-52276 |
Description: ** INITIAL LIMITED RELEASE **
User Interface (UI) Misrepresentation of Critical Information vulnerability in [WITHHELD] allows Content Spoofing.This issue affects [WITHHELD]: through 2024-12-04.
CVSS: HIGH (8.2) EPSS Score: 0.05%
December 5th, 2024 (5 months ago)
|
|
CVE-2024-52275 |
Description: Stack-based Buffer Overflow vulnerability in Shenzhen Tenda Technology Co Tenda AC6V2 (fromWizardHandle modules) allows Overflow Buffers.This issue affects Tenda AC6V2: through 15.03.06.50.
CVSS: HIGH (8.3) EPSS Score: 0.05%
December 5th, 2024 (5 months ago)
|