Threat and Vulnerability Intelligence Database
Example Searches:
CVE
Threat Actors
Countries
Vendors
Severity
Known Exploited
CVE-2024-5511 |
Description: Kofax Power PDF JP2 File Parsing Out-Of-Bounds Read Remote Code Execution Vulnerability. This vulnerability allows remote attackers to execute arbitrary code on affected installations of Kofax Power PDF. User interaction is required to exploit this vulnerability in that the target must visit a malicious page or open a malicious file.
The specific flaw exists within the parsing of JP2 files. The issue results from the lack of proper validation of user-supplied data, which can result in a read past the end of an allocated object. An attacker can leverage this vulnerability to execute code in the context of the current process. Was ZDI-CAN-22020.
CVSS: HIGH (7.8) EPSS Score: 0.07%
December 6th, 2024 (5 months ago)
|
|
CVE-2024-5510 |
Description: Kofax Power PDF JP2 File Parsing Out-Of-Bounds Read Remote Code Execution Vulnerability. This vulnerability allows remote attackers to execute arbitrary code on affected installations of Kofax Power PDF. User interaction is required to exploit this vulnerability in that the target must visit a malicious page or open a malicious file.
The specific flaw exists within the parsing of JP2 files. The issue results from the lack of proper validation of user-supplied data, which can result in a read past the end of an allocated object. An attacker can leverage this vulnerability to execute code in the context of the current process. Was ZDI-CAN-22019.
CVSS: HIGH (7.8) EPSS Score: 0.07%
December 6th, 2024 (5 months ago)
|
|
CVE-2024-54126 |
Description: This vulnerability exists in the TP-Link Archer C50 due to improper signature verification mechanism in the firmware upgrade process at its web interface. An attacker with administrative privileges within the router’s Wi-Fi range could exploit this vulnerability by uploading and executing malicious firmware which could lead to complete compromise of the targeted device.
CVSS: HIGH (8.5) EPSS Score: 0.04%
December 6th, 2024 (5 months ago)
|
|
CVE-2024-53857 |
Description: rPGP is a pure Rust implementation of OpenPGP. Prior to 0.14.1, rPGP allows attackers to trigger resource exhaustion vulnerabilities in rpgp by providing crafted messages. This affects general message parsing and decryption with symmetric keys.
CVSS: HIGH (7.5) EPSS Score: 0.04%
December 6th, 2024 (5 months ago)
|
|
CVE-2024-53856 |
Description: rPGP is a pure Rust implementation of OpenPGP. Prior to 0.14.1, rPGP allows an attacker to trigger rpgp crashes by providing crafted data. This vulnerability is fixed in 0.14.1.
CVSS: HIGH (7.5) EPSS Score: 0.04%
December 6th, 2024 (5 months ago)
|
|
CVE-2024-52276 |
Description: User Interface (UI) Misrepresentation of Critical Information vulnerability in DocuSign allows Content Spoofing.
1. Displayed version does not show the layer flattened version, which is provided when the "Print" option is used.
2. Displayed version does not show the layer flattened version, which is provided when the combined download option is used.
3. Displayed version does not show the layer flattened version, which is also the provided version when downloading the result in the uncombined option.
Once download, If printed (e.g. via Google Chrome -> Examine the print preview): Will render the vulnerability only, not all layers are flattened.
This issue affects DocuSign: through 2024-12-04.
CVSS: HIGH (8.2) EPSS Score: 0.05%
December 6th, 2024 (5 months ago)
|
|
CVE-2024-52271 |
Description: User Interface (UI) Misrepresentation of Critical Information vulnerability in Documenso allows Content Spoofing.Displayed version does not show the layer flattened version, once download, If printed (e.g. via Google Chrome -> Examine the print preview): Will render the vulnerability only, not all layers are flattened.
This issue affects Documenso: through 1.8.0, >1.8.0 and Documenso SaaS (Hosted) as of 2024-12-05.
CVSS: HIGH (8.2) EPSS Score: 0.05%
December 6th, 2024 (5 months ago)
|
|
CVE-2024-52270 |
Description: User Interface (UI) Misrepresentation of Critical Information vulnerability in DropBox Sign(HelloSign) allows Content Spoofing.
Displayed version does not show the layer flattened version, once download, If printed (e.g. via Google Chrome -> Examine the print preview): Will render the vulnerability only, not all layers are flattened.
This issue affects DropBox Sign(HelloSign): through 2024-12-04.
CVSS: HIGH (8.2) EPSS Score: 0.04%
December 6th, 2024 (5 months ago)
|
|
CVE-2024-51554 |
Description: Default Credentail vulnerabilities in ASPECT on Linux allows access to the product using publicly available default credentials.
Affected products:
ABB ASPECT - Enterprise v3.08.02;
NEXUS Series v3.08.02;
MATRIX Series v3.08.02
CVSS: HIGH (8.8) EPSS Score: 0.04%
December 6th, 2024 (5 months ago)
|
|
CVE-2024-51548 |
Description: Dangerous File Upload vulnerabilities allow upload of malicious scripts.
Affected products:
ABB ASPECT - Enterprise v3.08.02;
NEXUS Series v3.08.02;
MATRIX Series v3.08.02
CVSS: HIGH (8.7) EPSS Score: 0.04%
December 6th, 2024 (5 months ago)
|