CyberAlerts is shutting down on June 30th, 2025. Thank you for your support!
Threat and Vulnerability Intelligence Database
Example Searches:
CVE
Threat Actors
Countries
Vendors
Severity
Known Exploited
CVE-2025-0425 |
Description: Via the GUI of the "bestinformed Infoclient", a low-privileged user is by default able to change the server address of the "bestinformed Server" to which this client connects. This is dangerous as the "bestinformed Infoclient" runs with elevated permissions ("nt authority\system"). By changing the server address to a malicious server, or a script simulating a server, the user is able to escalate his privileges by abusing certain features of the "bestinformed Web" server. Those features include:
* Pushing of malicious update packages
* Arbitrary Registry Read as "nt authority\system"
An attacker is able to escalate his privileges to "nt authority\system" on the Windows client running the "bestinformed Infoclient".
This attack is not possible if a custom configuration ("Infoclient.ini") containing the flags "ShowOnTaskbar=false" or "DisabledItems=stPort,stAddress" is deployed.
CVSS: HIGH (8.5) EPSS Score: 0.01%
February 19th, 2025 (5 months ago)
|
|
CVE-2025-0422 |
Description: An authenticated user in the "bestinformed Web" application can execute commands on the underlying server running the application. (Remote Code Execution) For this, the user must be able to create "ScriptVars" with the type „script" and preview them by, for example, creating a new "Info". By default, admin users have those permissions, but with the granular permission system, those permissions may be assigned to other users. An attacker is able to execute commands on the server running the "bestinformed Web" application if an account with the correct permissions was compromised before.
CVSS: HIGH (8.6) EPSS Score: 0.11%
February 19th, 2025 (5 months ago)
|
|
CVE-2024-57964 |
Description: Insecure Loading of Dynamic Link Libraries have been discovered in HVAC Energy Saving Program, which could allow local attackers to potentially disclose information or execute arbitray code on affected systems.
This issue affects HVAC Energy Saving Program:.
CVSS: HIGH (7.3) EPSS Score: 0.01%
February 19th, 2025 (5 months ago)
|
|
CVE-2024-57963 |
Description: Insecure Loading of Dynamic Link Libraries have been discovered in USB-CONVERTERCABLE DRIVER, which could allow local attackers to potentially disclose information or execute arbitray code on affected systems.
This issue affects USB-CONVERTERCABLE DRIVER:.
CVSS: HIGH (7.3) EPSS Score: 0.01%
February 19th, 2025 (5 months ago)
|
|
CVE-2024-57256 |
Description: An integer overflow in ext4fs_read_symlink in Das U-Boot before 2025.01-rc1 occurs for zalloc (adding one to an le32 variable) via a crafted ext4 filesystem with an inode size of 0xffffffff, resulting in a malloc of zero and resultant memory overwrite.
CVSS: HIGH (7.1) EPSS Score: 0.03%
February 19th, 2025 (5 months ago)
|
|
CVE-2024-57255 |
Description: An integer overflow in sqfs_resolve_symlink in Das U-Boot before 2025.01-rc1 occurs via a crafted squashfs filesystem with an inode size of 0xffffffff, resulting in a malloc of zero and resultant memory overwrite.
CVSS: HIGH (7.1) EPSS Score: 0.03%
February 19th, 2025 (5 months ago)
|
|
CVE-2024-57254 |
Description: An integer overflow in sqfs_inode_size in Das U-Boot before 2025.01-rc1 occurs in the symlink size calculation via a crafted squashfs filesystem.
CVSS: HIGH (7.1) EPSS Score: 0.03%
February 19th, 2025 (5 months ago)
|
|
CVE-2024-56171 |
Description: libxml2 before 2.12.10 and 2.13.x before 2.13.6 has a use-after-free in xmlSchemaIDCFillNodeTables and xmlSchemaBubbleIDCNodeTables in xmlschemas.c. To exploit this, a crafted XML document must be validated against an XML schema with certain identity constraints, or a crafted XML schema must be used.
CVSS: HIGH (7.8) EPSS Score: 0.01%
February 19th, 2025 (5 months ago)
|
|
CVE-2024-51505 |
Description: An issue was discovered in Atos Eviden IDRA before 2.7.1. A highly trusted role (Config Admin) could leverage a race condition to escalate privileges.
CVSS: HIGH (8.0) EPSS Score: 0.05%
February 19th, 2025 (5 months ago)
|
|
CVE-2024-46740 |
Description: In the Linux kernel, the following vulnerability has been resolved:
binder: fix UAF caused by offsets overwrite
Binder objects are processed and copied individually into the target
buffer during transactions. Any raw data in-between these objects is
copied as well. However, this raw data copy lacks an out-of-bounds
check. If the raw data exceeds the data section size then the copy
overwrites the offsets section. This eventually triggers an error that
attempts to unwind the processed objects. However, at this point the
offsets used to index these objects are now corrupted.
Unwinding with corrupted offsets can result in decrements of arbitrary
nodes and lead to their premature release. Other users of such nodes are
left with a dangling pointer triggering a use-after-free. This issue is
made evident by the following KASAN report (trimmed):
==================================================================
BUG: KASAN: slab-use-after-free in _raw_spin_lock+0xe4/0x19c
Write of size 4 at addr ffff47fc91598f04 by task binder-util/743
CPU: 9 UID: 0 PID: 743 Comm: binder-util Not tainted 6.11.0-rc4 #1
Hardware name: linux,dummy-virt (DT)
Call trace:
_raw_spin_lock+0xe4/0x19c
binder_free_buf+0x128/0x434
binder_thread_write+0x8a4/0x3260
binder_ioctl+0x18f0/0x258c
[...]
Allocated by task 743:
__kmalloc_cache_noprof+0x110/0x270
binder_new_node+0x50/0x700
binder_transaction+0x413c/0x6da8
binder_thread_write+0x978/0x3260
binder_ioctl+0x18f0...
CVSS: HIGH (7.8) EPSS Score: 0.06%
February 19th, 2025 (5 months ago)
|