Threat and Vulnerability Intelligence Database

RSS Feed

Example Searches:

CVE
Threat Actors
Countries
Vendors
Severity
Known Exploited

CVE-2024-54010
Unauthenticated Traffic Handling Flaw Allows Packet Leakage on HPE Aruba Networking CX 10000 series switches
Description: A vulnerability in the firewall component of HPE Aruba Networking CX 10000 Series Switches exists. It could allow an unauthenticated adjacent attacker to conduct a packet forwarding attack against the ICMP and UDP protocol. For this attack to be successful an attacker requires a switch configuration that allows packets routing (at layer 3). Configurations that do not allow network traffic routing are not impacted. Successful exploitation could allow an attacker to bypass security policies, potentially leading to unauthorized data exposure.

CVSS: LOW (3.4)

EPSS Score: 0.04%

Source: CVE
January 9th, 2025 (3 months ago)

CVE-2024-53995
GHSL-2024-288: SickChill open redirect in login
Description: SickChill is an automatic video library manager for TV shows. A user-controlled `login` endpoint's `next_` parameter takes arbitrary content. Prior to commit c7128a8946c3701df95c285810eb75b2de18bf82, an authenticated attacker may use this to redirect the user to arbitrary destinations, leading to open redirect. Commit c7128a8946c3701df95c285810eb75b2de18bf82 changes the login page to redirect to `settings.DEFAULT_PAGE` instead of to the `next` parameter.

CVSS: LOW (1.9)

EPSS Score: 0.05%

Source: CVE
January 9th, 2025 (3 months ago)

CVE-2024-53995
[sickchill] GHSL-2024-288: SickChill open redirect in login
Description: SickChill is an automatic video library manager for TV shows. A user-controlled login endpoint's next_ parameter takes arbitrary content. Prior to commit c7128a8946c3701df95c285810eb75b2de18bf82, an authenticated attacker may use this to redirect the user to arbitrary destinations, leading to open redirect. Commit c7128a8946c3701df95c285810eb75b2de18bf82 changes the login page to redirect to settings.DEFAULT_PAGE instead of to the next parameter. References https://nvd.nist.gov/vuln/detail/CVE-2024-53995 https://github.com/SickChill/sickchill/pull/8811 https://github.com/SickChill/sickchill/commit/c7128a8946c3701df95c285810eb75b2de18bf82 https://github.com/SickChill/sickchill/blob/846adafdfab579281353ea08a27bbb813f9a9872/sickchill/views/authentication.py#L33 https://securitylab.github.com/advisories/GHSL-2024-283_GHSL-2024-291_sickchill_sickchill https://github.com/advisories/GHSA-6gf2-ffq8-gcww

CVSS: LOW (1.9)

EPSS Score: 0.05%

Source: Github Advisory Database (PIP)
January 8th, 2025 (3 months ago)

CVE-2024-5445
Ecosystem Agent Insufficient Transport Layer Security
Description: Ecosystem Agent version 4 < 4.1.5.2597 and Ecosystem Agent version 5 < 5.1.4.2473 did not properly validate SSL/TLS certificates, which could allow a malicious actor to perform a Man-in-the-Middle and intercept traffic between the agent and N-able servers from a privileged network position.

CVSS: LOW (3.8)

EPSS Score: 0.05%

Source: CVE
January 8th, 2025 (3 months ago)

CVE-2024-12425
Path traversal leading to arbitrary .ttf file write
Description: Improper Limitation of a Pathname to a Restricted Directory ('Path Traversal') vulnerability in The Document Foundation LibreOffice allows Absolute Path Traversal. An attacker can write to arbitrary locations, albeit suffixed with ".ttf", by supplying a file in a format that supports embedded font files. This issue affects LibreOffice: from 24.8 before < 24.8.4.

CVSS: LOW (2.4)

EPSS Score: 0.04%

Source: CVE
January 8th, 2025 (3 months ago)

CVE-2024-10527
Spacer <= 3.0.7 - Missing Authorization to Authenticated (Subscriber+) Limited Information Disclosure
Description: The Spacer plugin for WordPress is vulnerable to unauthorized access of data due to a missing capability check on the motech_spacer_callback() function in all versions up to, and including, 3.0.7. This makes it possible for authenticated attackers, with Subscriber-level access and above, to view limited setting information.

CVSS: LOW (3.1)

EPSS Score: 0.05%

Source: CVE
January 8th, 2025 (3 months ago)

CVE-2024-55626
Suricata oversized bpf file can lead to buffer overflow
Description: Suricata is a network Intrusion Detection System, Intrusion Prevention System and Network Security Monitoring engine. Prior to 7.0.8, a large BPF filter file provided to Suricata at startup can lead to a buffer overflow at Suricata startup. The issue has been addressed in Suricata 7.0.8.

CVSS: LOW (3.3)

EPSS Score: 0.05%

Source: CVE
January 7th, 2025 (3 months ago)

CVE-2024-51472
IBM DevOps Deploy / IBM UrbanCode Deploy HTML injection
Description: IBM UrbanCode Deploy (UCD) 7.2 through 7.2.3.13, 7.3 through 7.3.2.8, and IBM DevOps Deploy 8.0 through 8.0.1.3 are vulnerable to HTML injection. This vulnerability may allow a user to embed arbitrary HTML tags in the Web UI potentially leading to sensitive information disclosure.

CVSS: LOW (3.1)

EPSS Score: 0.05%

Source: CVE
January 7th, 2025 (3 months ago)

CVE-2024-12970
OS Command Injection in TUBITAK BILGEM's Pardus OS My Computer
Description: Improper Neutralization of Special Elements used in an OS Command ('OS Command Injection') vulnerability in TUBITAK BILGEM Pardus OS My Computer allows OS Command Injection.This issue affects Pardus OS My Computer: before 0.7.2.

CVSS: LOW (3.9)

EPSS Score: 0.04%

Source: CVE
January 7th, 2025 (3 months ago)

CVE-2024-11319
Stored XSS in Open Source Project "django-cms"
Description: Improper Neutralization of Input During Web Page Generation (XSS or 'Cross-site Scripting') vulnerability in django CMS Association django-cms allows Cross-Site Scripting (XSS).This issue affects django-cms: 3.11.7, 3.11.8, 4.1.2, 4.1.3.

CVSS: LOW (3.8)

EPSS Score: 0.06%

Source: CVE
January 7th, 2025 (3 months ago)