Threat and Vulnerability Intelligence Database
Example Searches:
CVE
Threat Actors
Countries
Vendors
Severity
Known Exploited
CVE-2024-8809 |
Description: Cohesive Networks VNS3 Command Injection Remote Code Execution Vulnerability. This vulnerability allows remote attackers to execute arbitrary code on affected installations of Cohesive Networks VNS3. Authentication is required to exploit this vulnerability.
The specific flaw exists within the web service, which listens on TCP port 8000 by default. The issue results from the lack of proper validation of a user-supplied string before using it to execute a system call. An attacker can leverage this vulnerability to execute code in the context of root. Was ZDI-CAN-24178.
CVSS: HIGH (8.8) EPSS Score: 0.07%
December 4th, 2024 (5 months ago)
|
|
CVE-2024-8808 |
Description: Cohesive Networks VNS3 Command Injection Remote Code Execution Vulnerability. This vulnerability allows remote attackers to execute arbitrary code on affected installations of Cohesive Networks VNS3. Authentication is required to exploit this vulnerability.
The specific flaw exists within the web service, which listens on TCP port 8000 by default. The issue results from the lack of proper validation of a user-supplied string before using it to execute a system call. An attacker can leverage this vulnerability to execute code in the context of root. Was ZDI-CAN-24177.
CVSS: HIGH (8.8) EPSS Score: 0.07%
December 4th, 2024 (5 months ago)
|
|
CVE-2024-8748 |
Description: A buffer overflow vulnerability in the packet parser of the third-party library "libclinkc" in Zyxel VMG8825-T50K firmware versions through V5.50(ABOM.8.4)C0 could allow an attacker to cause a temporary denial of service (DoS) condition against the web management interface by sending a crafted HTTP POST request to a vulnerable device.
CVSS: HIGH (7.5) EPSS Score: 0.04%
December 4th, 2024 (5 months ago)
|
|
CVE-2024-7675 |
Description: A maliciously crafted DWF file, when parsed in w3dtk.dll through Autodesk Navisworks, can force a Use-After-Free. A malicious actor can leverage this vulnerability to cause a crash or execute arbitrary code in the context of the current process.
CVSS: HIGH (7.8) EPSS Score: 0.07%
December 4th, 2024 (5 months ago)
|
|
CVE-2024-7674 |
Description: A maliciously crafted DWF file, when parsed in dwfcore.dll through Autodesk Navisworks, can force a Heap-based Buffer Overflow. A malicious actor can leverage this vulnerability to cause a crash or execute arbitrary code in the context of the current process.
CVSS: HIGH (7.8) EPSS Score: 0.07%
December 4th, 2024 (5 months ago)
|
|
CVE-2024-7673 |
Description: A maliciously crafted DWFX file, when parsed in w3dtk.dll through Autodesk Navisworks, can force a Heap-based Buffer Overflow. A malicious actor can leverage this vulnerability to cause a crash or execute arbitrary code in the context of the current process.
CVSS: HIGH (7.8) EPSS Score: 0.07%
December 4th, 2024 (5 months ago)
|
|
CVE-2024-7672 |
Description: A maliciously crafted DWF file, when parsed in dwfcore.dll through Autodesk Navisworks, can force an Out-of-Bounds Write. A malicious actor can leverage this vulnerability to cause a crash, write sensitive data, or execute arbitrary code in the context of the current process.
CVSS: HIGH (7.8) EPSS Score: 0.07%
December 4th, 2024 (5 months ago)
|
|
CVE-2024-7671 |
Description: A maliciously crafted DWFX file, when parsed in dwfcore.dll through Autodesk Navisworks, can force an Out-of-Bounds Write. A malicious actor can leverage this vulnerability to cause a crash, write sensitive data, or execute arbitrary code in the context of the current process.
CVSS: HIGH (7.8) EPSS Score: 0.07%
December 4th, 2024 (5 months ago)
|
|
CVE-2024-7670 |
Description: A maliciously crafted DWFX file, when parsed in w3dtk.dll through Autodesk Navisworks, can force an Out-of-Bounds Read. A malicious actor can leverage this vulnerability to cause a crash, read sensitive data, or execute arbitrary code in the context of the current process.
CVSS: HIGH (7.8) EPSS Score: 0.06%
December 4th, 2024 (5 months ago)
|
|
CVE-2024-7244 |
Description: Panda Security Dome VPN DLL Hijacking Local Privilege Escalation Vulnerability. This vulnerability allows local attackers to escalate privileges on affected installations of Panda Security Dome. An attacker must first obtain the ability to execute low-privileged code on the target system in order to exploit this vulnerability.
The specific flaw exists within the VPN process. The process does not restrict DLL search to trusted paths, which can result in the loading of a malicious DLL. An attacker can leverage this vulnerability to escalate privileges and execute arbitrary code in the context of SYSTEM. Was ZDI-CAN-23428.
CVSS: HIGH (7.8) EPSS Score: 0.05%
December 4th, 2024 (5 months ago)
|