CyberAlerts is shutting down on June 30th, 2025. Thank you for your support!
Threat and Vulnerability Intelligence Database
Example Searches:
CVE
Threat Actors
Countries
Vendors
Severity
Known Exploited
CVE-2024-25581 |
Description: When incoming DNS over HTTPS support is enabled using the nghttp2 provider, and queries are routed to a tcp-only or DNS over TLS backend, an attacker can trigger an assertion failure in DNSdist by sending a request for a zone transfer (AXFR or IXFR) over DNS over HTTPS, causing the process to stop and thus leading to a Denial of Service. DNS over HTTPS is not enabled by default, and backends are using plain DNS (Do53) by default.
CVSS: HIGH (7.5) EPSS Score: 0.04%
February 14th, 2025 (5 months ago)
|
|
CVE-2024-25111 |
Description: Squid is a web proxy cache. Starting in version 3.5.27 and prior to version 6.8, Squid may be vulnerable to a Denial of Service attack against HTTP Chunked decoder due to an uncontrolled recursion bug. This problem allows a remote attacker to cause Denial of Service when sending a crafted, chunked, encoded HTTP Message. This bug is fixed in Squid version 6.8. In addition, patches addressing this problem for the stable releases can be found in Squid's patch archives. There is no workaround for this issue.
CVSS: HIGH (8.6) EPSS Score: 0.18%
February 14th, 2025 (5 months ago)
|
|
CVE-2024-25047 |
Description: IBM Cognos Analytics 11.2.0 through 11.2.4 and 12.0.0 through 12.0.2 is vulnerable to injection attacks in application logging by not sanitizing user provided data. This could lead to further attacks against the system. IBM X-Force ID: 282956.
CVSS: HIGH (8.6) EPSS Score: 0.05%
February 14th, 2025 (5 months ago)
|
|
CVE-2024-24990 |
Description: When NGINX Plus or NGINX OSS are configured to use the HTTP/3 QUIC module, undisclosed requests can cause NGINX worker processes to terminate.
Note: The HTTP/3 QUIC module is not enabled by default and is considered experimental. For more information, refer to Support for QUIC and HTTP/3 https://nginx.org/en/docs/quic.html .
Note: Software versions which have reached End of Technical Support (EoTS) are not evaluated
CVSS: HIGH (7.5) EPSS Score: 0.08%
February 14th, 2025 (5 months ago)
|
|
CVE-2024-24989 |
Description: When NGINX Plus or NGINX OSS are configured to use the HTTP/3 QUIC module, undisclosed requests can cause NGINX worker processes to terminate.
Note: The HTTP/3 QUIC module is not enabled by default and is considered experimental. For more information, refer to Support for QUIC and HTTP/3 https://nginx.org/en/docs/quic.html .
NOTE: Software versions which have reached End of Technical Support (EoTS) are not evaluated
CVSS: HIGH (7.5) EPSS Score: 0.08%
February 14th, 2025 (5 months ago)
|
|
CVE-2024-24959 |
Description: Several out-of-bounds write vulnerabilities exist in the Programming Software Connection FileSystem API functionality of AutomationDirect P3-550E 1.2.10.9. Specially crafted network packets can lead to heap-based memory corruption. An attacker can send malicious packets to trigger these vulnerabilities.This CVE tracks the arbitrary null-byte write vulnerability located in firmware 1.2.10.9 of the P3-550E at offset `0xb6c18`.
CVSS: HIGH (8.2) EPSS Score: 0.05%
February 14th, 2025 (5 months ago)
|
|
CVE-2024-24958 |
Description: Several out-of-bounds write vulnerabilities exist in the Programming Software Connection FileSystem API functionality of AutomationDirect P3-550E 1.2.10.9. Specially crafted network packets can lead to heap-based memory corruption. An attacker can send malicious packets to trigger these vulnerabilities.This CVE tracks the arbitrary null-byte write vulnerability located in firmware 1.2.10.9 of the P3-550E at offset `0xb6bdc`.
CVSS: HIGH (8.2) EPSS Score: 0.05%
February 14th, 2025 (5 months ago)
|
|
CVE-2024-24957 |
Description: Several out-of-bounds write vulnerabilities exist in the Programming Software Connection FileSystem API functionality of AutomationDirect P3-550E 1.2.10.9. Specially crafted network packets can lead to heap-based memory corruption. An attacker can send malicious packets to trigger these vulnerabilities.This CVE tracks the arbitrary null-byte write vulnerability located in firmware 1.2.10.9 of the P3-550E at offset `0xb6aa4`.
CVSS: HIGH (8.2) EPSS Score: 0.05%
February 14th, 2025 (5 months ago)
|
|
CVE-2024-24956 |
Description: Several out-of-bounds write vulnerabilities exist in the Programming Software Connection FileSystem API functionality of AutomationDirect P3-550E 1.2.10.9. Specially crafted network packets can lead to heap-based memory corruption. An attacker can send malicious packets to trigger these vulnerabilities.This CVE tracks the arbitrary null-byte write vulnerability located in firmware 1.2.10.9 of the P3-550E at offset `0xb6a38`.
CVSS: HIGH (8.2) EPSS Score: 0.05%
February 14th, 2025 (5 months ago)
|
|
CVE-2024-24955 |
Description: Several out-of-bounds write vulnerabilities exist in the Programming Software Connection FileSystem API functionality of AutomationDirect P3-550E 1.2.10.9. Specially crafted network packets can lead to heap-based memory corruption. An attacker can send malicious packets to trigger these vulnerabilities.This CVE tracks the arbitrary null-byte write vulnerability located in firmware 1.2.10.9 of the P3-550E at offset `0xb69fc`.
CVSS: HIGH (8.2) EPSS Score: 0.05%
February 14th, 2025 (5 months ago)
|