Threat and Vulnerability Intelligence Database

RSS Feed

Example Searches:

CVE
Threat Actors
Countries
Vendors
Severity
Known Exploited

CVE-2024-54101
Denial of service (DoS) vulnerability in the installation module Impact: Successful exploitation of this vulnerability will affect availability.
Description: Denial of service (DoS) vulnerability in the installation module Impact: Successful exploitation of this vulnerability will affect availability.

CVSS: MEDIUM (6.2)

EPSS Score: 0.04%

Source: CVE
December 13th, 2024 (6 months ago)

CVE-2024-54100
Vulnerability of improper access control in the secure input module Impact: Successful exploitation of this vulnerability may cause features to...
Description: Vulnerability of improper access control in the secure input module Impact: Successful exploitation of this vulnerability may cause features to perform abnormally.

CVSS: MEDIUM (6.2)

EPSS Score: 0.05%

Source: CVE
December 13th, 2024 (6 months ago)

CVE-2024-54099
File replacement vulnerability on some devices Impact: Successful exploitation of this vulnerability will affect integrity and confidentiality.
Description: File replacement vulnerability on some devices Impact: Successful exploitation of this vulnerability will affect integrity and confidentiality.

CVSS: MEDIUM (6.7)

EPSS Score: 0.04%

Source: CVE
December 13th, 2024 (6 months ago)

CVE-2024-54096
Vulnerability of improper access control in the MTP module Impact: Successful exploitation of this vulnerability may affect integrity and accuracy.
Description: Vulnerability of improper access control in the MTP module Impact: Successful exploitation of this vulnerability may affect integrity and accuracy.

CVSS: MEDIUM (5.3)

EPSS Score: 0.04%

Source: CVE
December 13th, 2024 (6 months ago)

CVE-2024-52901
IBM InfoSphere Information Server denial of service
Description: IBM InfoSphere Information Server 11.7 could allow an authenticated user to GUI to not load or stop working due to improper input validation.

CVSS: MEDIUM (6.5)

EPSS Score: 0.04%

Source: CVE
December 13th, 2024 (6 months ago)

CVE-2024-45119
Adobe Commerce | Server-Side Request Forgery (SSRF) (CWE-918)
Description: Adobe Commerce versions 2.4.7-p2, 2.4.6-p7, 2.4.5-p9, 2.4.4-p10 (and earlier) are affected by a Server-Side Request Forgery (SSRF) vulnerability that could lead to arbitrary file system read. An admin-privilege authenticated attacker can force the application to make arbitrary requests via injection of arbitrary URLs. Exploitation of this issue does not require user interaction.

CVSS: MEDIUM (4.9)

EPSS Score: 0.06%

Source: CVE
December 13th, 2024 (6 months ago)

CVE-2024-41871
Media Encoder | Out-of-bounds Read (CWE-125)
Description: Media Encoder versions 24.5, 23.6.8 and earlier are affected by an out-of-bounds read vulnerability that could lead to disclosure of sensitive memory. An attacker could leverage this vulnerability to bypass mitigations such as ASLR. Exploitation of this issue requires user interaction in that a victim must open a malicious file.

CVSS: MEDIUM (5.5)

EPSS Score: 0.06%

Source: CVE
December 13th, 2024 (6 months ago)

CVE-2024-41836
InDesign Desktop | NULL Pointer Dereference (CWE-476)
Description: InDesign Desktop versions ID18.5.2, ID19.3 and earlier are affected by a NULL Pointer Dereference vulnerability that could lead to an application denial-of-service (DoS) condition. An attacker could exploit this vulnerability to crash the application, resulting in a DoS. Exploitation of this issue requires user interaction in that a victim must open a malicious file.

CVSS: MEDIUM (5.5)

EPSS Score: 0.05%

Source: CVE
December 13th, 2024 (6 months ago)

CVE-2024-41146
Use of Multiple Resources with Duplicate Identifier (CWE-694) in the Controller 6000 and Controller 7000 Platforms could allow an attacker with...
Description: Use of Multiple Resources with Duplicate Identifier (CWE-694) in the Controller 6000 and Controller 7000 Platforms could allow an attacker with physical access to HBUS communication cabling to perform a Denial-of-Service attack against HBUS connected devices, require a device reboot to resolve. This issue affects: Controller 6000 and Controller 7000 firmware versions 9.10 prior to vCR9.10.241108a (distributed in 9.10.2149 (MR4)), 9.00 prior to vCR9.00.241108a (distributed in 9.00.2374 (MR5)), 8.90 prior to vCR8.90.241107a (distributed in 8.90.2356 (MR6)), all versions of 8.80 and prior.

CVSS: MEDIUM (4.6)

EPSS Score: 0.04%

Source: CVE
December 13th, 2024 (6 months ago)

CVE-2024-31204
mailcow Cross-site Scripting Vulnerability via Exception Handler
Description: mailcow: dockerized is an open source groupware/email suite based on docker. A security vulnerability has been identified in mailcow affecting versions prior to 2024-04. This vulnerability resides in the exception handling mechanism, specifically when not operating in DEV_MODE. The system saves exception details into a session array without proper sanitization or encoding. These details are later rendered into HTML and executed in a JavaScript block within the user's browser, without adequate escaping of HTML entities. This flaw allows for Cross-Site Scripting (XSS) attacks, where attackers can inject malicious scripts into the admin panel by triggering exceptions with controlled input. The exploitation method involves using any function that might throw an exception with user-controllable argument. This issue can lead to session hijacking and unauthorized administrative actions, posing a significant security risk. Version 2024-04 contains a fix for the issue.

CVSS: MEDIUM (6.1)

EPSS Score: 0.04%

Source: CVE
December 13th, 2024 (6 months ago)