Threat and Vulnerability Intelligence Database
Example Searches:
CVE
Threat Actors
Countries
Vendors
Severity
Known Exploited
CVE-2023-21174 |
Description: In isPageSearchEnabled of BillingCycleSettings.java, there is a possible way for the guest user to change data limits due to a permissions bypass. This could lead to local escalation of privilege with no additional execution privileges needed. User interaction is not needed for exploitation.Product: AndroidVersions: Android-13Android ID: A-235822222
CVSS: LOW (0.0) EPSS Score: 0.04%
December 6th, 2024 (5 months ago)
|
|
CVE-2023-21173 |
Description: In multiple methods of DataUsageList.java, there is a possible way to learn about admin user's network activities due to a missing permission check. This could lead to local information disclosure with no additional execution privileges needed. User interaction is not needed for exploitation.Product: AndroidVersions: Android-13Android ID: A-262741858
CVSS: LOW (0.0) EPSS Score: 0.04%
December 6th, 2024 (5 months ago)
|
|
CVE-2023-21172 |
Description: In multiple functions of WifiCallingSettings.java, there is a possible way to change calling preferences for the admin user due to a permissions bypass. This could lead to local escalation of privilege with no additional execution privileges needed. User interaction is not needed for exploitation.Product: AndroidVersions: Android-13Android ID: A-262243015
CVSS: LOW (0.0) EPSS Score: 0.04%
December 6th, 2024 (5 months ago)
|
|
CVE-2024-6232 |
Description: There is a MEDIUM severity vulnerability affecting CPython.
Regular expressions that allowed excessive backtracking during tarfile.TarFile header parsing are vulnerable to ReDoS via specifically-crafted tar archives.
CVSS: LOW (0.0) EPSS Score: 0.11%
December 5th, 2024 (5 months ago)
|
|
CVE-2024-54675 |
Description: app/webroot/js/workflows-editor/workflows-editor.js in MISP through 2.5.2 has stored XSS in the editor interface for an ad-hoc workflow.
CVSS: LOW (0.0) EPSS Score: 0.04%
December 5th, 2024 (5 months ago)
|
|
CVE-2024-54674 |
Description: app/View/GalaxyClusters/cluster_export_misp_galaxy.ctp in MISP through 2.5.2 has stored XSS when exporting custom clusters into the misp-galaxy format.
CVSS: LOW (0.0) EPSS Score: 0.04%
December 5th, 2024 (5 months ago)
|
|
CVE-2024-54661 |
Description: readline.sh in socat through 1.8.0.1 relies on the /tmp/$USER/stderr2 file.
CVSS: LOW (0.0) EPSS Score: 0.04%
December 5th, 2024 (5 months ago)
|
|
CVE-2024-54158 |
Description: In JetBrains YouTrack before 2024.3.52635 potential spoofing attack was possible via lack of Punycode encoding
CVSS: LOW (3.5) EPSS Score: 0.05%
December 5th, 2024 (5 months ago)
|
|
CVE-2024-54155 |
Description: In JetBrains YouTrack before 2024.3.51866 improper access control allowed listing of project names during app import without authentication
CVSS: LOW (3.7) EPSS Score: 0.05%
December 5th, 2024 (5 months ago)
|
|
CVE-2024-54153 |
Description: In JetBrains YouTrack before 2024.3.51866 unauthenticated database backup download was possible via vulnerable query parameter
CVSS: LOW (3.1) EPSS Score: 0.09%
December 5th, 2024 (5 months ago)
|