Threat and Vulnerability Intelligence Database
Example Searches:
CVE
Threat Actors
Countries
Vendors
Severity
Known Exploited
CVE-2024-28565 |
Description: Buffer Overflow vulnerability in open source FreeImage v.3.19.0 [r1909] allows a local attacker to cause a denial of service (DoS) via the psdParser::ReadImageData() function when reading images in PSD format.
CVSS: LOW (0.0) EPSS Score: 0.05%
December 5th, 2024 (5 months ago)
|
|
CVE-2024-26886 |
Description: In the Linux kernel, the following vulnerability has been resolved:
Bluetooth: af_bluetooth: Fix deadlock
Attemting to do sock_lock on .recvmsg may cause a deadlock as shown
bellow, so instead of using sock_sock this uses sk_receive_queue.lock
on bt_sock_ioctl to avoid the UAF:
INFO: task kworker/u9:1:121 blocked for more than 30 seconds.
Not tainted 6.7.6-lemon #183
Workqueue: hci0 hci_rx_work
Call Trace:
__schedule+0x37d/0xa00
schedule+0x32/0xe0
__lock_sock+0x68/0xa0
? __pfx_autoremove_wake_function+0x10/0x10
lock_sock_nested+0x43/0x50
l2cap_sock_recv_cb+0x21/0xa0
l2cap_recv_frame+0x55b/0x30a0
? psi_task_switch+0xeb/0x270
? finish_task_switch.isra.0+0x93/0x2a0
hci_rx_work+0x33a/0x3f0
process_one_work+0x13a/0x2f0
worker_thread+0x2f0/0x410
? __pfx_worker_thread+0x10/0x10
kthread+0xe0/0x110
? __pfx_kthread+0x10/0x10
ret_from_fork+0x2c/0x50
? __pfx_kthread+0x10/0x10
ret_from_fork_asm+0x1b/0x30
CVSS: LOW (0.0) EPSS Score: 0.05%
December 5th, 2024 (5 months ago)
|
|
CVE-2024-26469 |
Description: Server-Side Request Forgery (SSRF) vulnerability in Tunis Soft "Product Designer" (productdesigner) module for PrestaShop before version 1.178.36, allows remote attackers to cause a denial of service (DoS) and escalate privileges via the url parameter in the postProcess() method.
CVSS: LOW (0.0) EPSS Score: 0.04%
December 5th, 2024 (5 months ago)
|
|
CVE-2024-26450 |
Description: An issue exists within Piwigo before v.14.2.0 allowing a malicious user to take over the application. This exploit involves chaining a Cross Site Request Forgery vulnerability to issue a Stored Cross Site Scripting payload stored within an Admin user's dashboard, executing remote JavaScript. This can be used to upload a new PHP file under an administrator and directly call that file from the victim's instance to connect back to a malicious listener.
CVSS: LOW (0.0) EPSS Score: 0.04%
December 5th, 2024 (5 months ago)
|
|
CVE-2024-23735 |
Description: Cross Site Scripting (XSS) vulnerability in in the S/MIME certificate upload functionality of the User Profile pages in savignano S/Notify before 4.0.0 for Confluence allows attackers to manipulate user data via specially crafted certificate.
CVSS: LOW (0.0) EPSS Score: 0.04%
December 5th, 2024 (5 months ago)
|
|
CVE-2024-23290 |
Description: A logic issue was addressed with improved restrictions. This issue is fixed in tvOS 17.4, iOS 17.4 and iPadOS 17.4, macOS Sonoma 14.4, watchOS 10.4. An app may be able to access user-sensitive data.
CVSS: LOW (0.0) EPSS Score: 0.05%
December 5th, 2024 (5 months ago)
|
|
CVE-2024-23254 |
Description: The issue was addressed with improved UI handling. This issue is fixed in tvOS 17.4, macOS Sonoma 14.4, visionOS 1.1, iOS 17.4 and iPadOS 17.4, watchOS 10.4, Safari 17.4. A malicious website may exfiltrate audio data cross-origin.
CVSS: LOW (0.0) EPSS Score: 0.1%
December 5th, 2024 (5 months ago)
|
|
CVE-2024-23249 |
Description: The issue was addressed with improved memory handling. This issue is fixed in macOS Sonoma 14.4. Processing a file may lead to a denial-of-service or potentially disclose memory contents.
CVSS: LOW (0.0) EPSS Score: 0.05%
December 5th, 2024 (5 months ago)
|
|
CVE-2024-22910 |
Description: Cross Site Scripting (XSS) vulnerability in CrushFTP v.10.6.0 and v.10.5.5 allows an attacker to execute arbitrary code via a crafted payload.
CVSS: LOW (0.0)
December 5th, 2024 (5 months ago)
|
|
CVE-2024-22780 |
Description: Cross Site Scripting vulnerability in CA17 TeamsACS v.1.0.1 allows a remote attacker to execute arbitrary code via a crafted script to the errmsg parameter.
CVSS: LOW (0.0) EPSS Score: 0.05%
December 5th, 2024 (5 months ago)
|