Threat and Vulnerability Intelligence Database
Example Searches:
CVE
Threat Actors
Countries
Vendors
Severity
Known Exploited
CVE-2024-53845 |
Description: ESPTouch is a connection protocol for internet of things devices. In the ESPTouchV2 protocol, while there is an option to use a custom AES key, there is no option to set the IV (Initialization Vector) prior to versions 5.3.2, 5.2.4, 5.1.6, and 5.0.8. The IV is set to zero and remains constant throughout the product's lifetime. In AES/CBC mode, if the IV is not properly initialized, the encrypted output becomes deterministic, leading to potential data leakage. To address the aforementioned issues, the application generates a random IV when activating the AES key starting in versions 5.3.2, 5.2.4, 5.1.6, and 5.0.8. This IV is then transmitted along with the provision data to the provision device. The provision device has also been equipped with a parser for the AES IV. The upgrade is applicable for all applications and users of ESPTouch v2 component from ESP-IDF. As it is implemented in the ESP Wi-Fi stack, there is no workaround for the user to fix the application layer without upgrading the underlying firmware.
CVSS: MEDIUM (6.6) EPSS Score: 0.04%
December 12th, 2024 (6 months ago)
|
|
CVE-2024-53273 |
Description: Habitica is an open-source habit-building program. Versions prior to 5.28.5 are vulnerable to reflected cross-site scripting. The `register` function in `RegisterLoginReset.vue` contains a reflected XSS vulnerability due to an incorrect sanitization function. An attacker can specify a malicious `redirectTo` parameter to trigger the vulnerability, giving the attacker control of the victim’s account when a victim registers or logins with a specially crafted link. Version 5.28.5 contains a patch.
CVSS: MEDIUM (5.0) EPSS Score: 0.04%
December 12th, 2024 (6 months ago)
|
|
CVE-2024-53272 |
Description: Habitica is an open-source habit-building program. Versions prior to 5.28.5 are vulnerable to reflected cross-site scripting. The `login` and `social media` function in `RegisterLoginReset.vue` contains two reflected XSS vulnerabilities due to an incorrect sanitization function. An attacker can specify a malicious `redirectTo` parameter to trigger the vulnerability, giving the attacker control of the victim’s account when a victim registers or logins with a specially crafted link. Version 5.28.5 contains a patch.
CVSS: MEDIUM (5.0) EPSS Score: 0.04%
December 12th, 2024 (6 months ago)
|
|
CVE-2024-52537 |
Description: Dell Client Platform Firmware Update Utility contains an Improper Link Resolution vulnerability. A high privileged attacker with local access could potentially exploit this vulnerability, leading to Elevation of Privileges.
CVSS: MEDIUM (6.3) EPSS Score: 0.04%
December 12th, 2024 (6 months ago)
|
|
CVE-2024-51460 |
Description: IBM InfoSphere Information Server 11.7 could allow an authenticated user to obtain sensitive information when a detailed technical error message is returned in a stack trace. This information could be used in further attacks against the system.
CVSS: MEDIUM (4.3) EPSS Score: 0.05%
December 12th, 2024 (6 months ago)
|
|
CVE-2024-49532 |
Description: Acrobat Reader versions 24.005.20307, 24.001.30213, 24.001.30193, 20.005.30730, 20.005.30710 and earlier are affected by an out-of-bounds read vulnerability that could lead to disclosure of sensitive memory. An attacker could leverage this vulnerability to bypass mitigations such as ASLR. Exploitation of this issue requires user interaction in that a victim must open a malicious file.
CVSS: MEDIUM (5.5) EPSS Score: 0.04%
December 12th, 2024 (6 months ago)
|
|
CVE-2024-49111 |
Description: Wireless Wide Area Network Service (WwanSvc) Elevation of Privilege Vulnerability
CVSS: MEDIUM (6.6) EPSS Score: 0.05%
December 12th, 2024 (6 months ago)
|
|
CVE-2024-49110 |
Description: Windows Mobile Broadband Driver Elevation of Privilege Vulnerability
CVSS: MEDIUM (6.8) EPSS Score: 0.05%
December 12th, 2024 (6 months ago)
|
|
CVE-2024-49109 |
Description: Wireless Wide Area Network Service (WwanSvc) Elevation of Privilege Vulnerability
CVSS: MEDIUM (6.6) EPSS Score: 0.05%
December 12th, 2024 (6 months ago)
|
|
CVE-2024-49099 |
Description: Windows Wireless Wide Area Network Service (WwanSvc) Information Disclosure Vulnerability
CVSS: MEDIUM (4.3) EPSS Score: 0.05%
December 12th, 2024 (6 months ago)
|