Threat and Vulnerability Intelligence Database

RSS Feed

Example Searches:

CVE
Threat Actors
Countries
Vendors
Severity
Known Exploited

CVE-2024-53426
Description: A heap-buffer-overflow vulnerability has been identified in ntopng 6.2 in the Flow::dissectMDNS function.

CVSS: MEDIUM (6.2)

EPSS Score: 0.04%

Source: CVE
November 27th, 2024 (6 months ago)

CVE-2024-43451
NTLM Hash Disclosure Spoofing Vulnerability
Description: NTLM Hash Disclosure Spoofing Vulnerability

CVSS: MEDIUM (6.5)

EPSS Score: 1.33%

Source: CVE
November 27th, 2024 (6 months ago)

CVE-2024-43449
Windows USB Video Class System Driver Elevation of Privilege Vulnerability
Description: Windows USB Video Class System Driver Elevation of Privilege Vulnerability

CVSS: MEDIUM (6.8)

EPSS Score: 0.05%

Source: CVE
November 27th, 2024 (6 months ago)

CVE-2024-42412
Description: Cross-site scripting vulnerability exists in ELECOM wireless access points due to improper processing of input values in menu.cgi. If a user views a malicious web page while logged in to the product, an arbitrary script may be executed on the user's web browser.

CVSS: MEDIUM (6.1)

EPSS Score: 0.05%

Source: CVE
November 27th, 2024 (6 months ago)

CVE-2024-34162
Description: The web interface of the affected devices is designed to hide the LDAP credentials even for administrative users. But configuring LDAP authentication to "SIMPLE", the device communicates with the LDAP server in clear-text. The LDAP password can be retrieved from this clear-text communication. As for the details of affected product names, model numbers, and versions, refer to the information provided by the respective vendors listed under [References].

CVSS: MEDIUM (5.3)

EPSS Score: 0.04%

Source: CVE
November 27th, 2024 (6 months ago)

CVE-2024-32151
Description: User passwords are decrypted and stored on memory before any user logged in. Those decrypted passwords can be retrieved from the coredump file. As for the details of affected product names, model numbers, and versions, refer to the information provided by the respective vendors listed under [References].

CVSS: MEDIUM (5.9)

EPSS Score: 0.04%

Source: CVE
November 27th, 2024 (6 months ago)

CVE-2024-29978
Description: User passwords are decrypted and stored on memory before any user logged in. Those decrypted passwords can be retrieved from the coredump file. As for the details of affected product names, model numbers, and versions, refer to the information provided by the respective vendors listed under [References].

CVSS: MEDIUM (5.9)

EPSS Score: 0.04%

Source: CVE
November 27th, 2024 (6 months ago)

CVE-2024-29146
Description: User passwords are decrypted and stored on memory before any user logged in. Those decrypted passwords can be retrieved from the coredump file. As for the details of affected product names, model numbers, and versions, refer to the information provided by the respective vendors listed under [References].

CVSS: MEDIUM (5.9)

EPSS Score: 0.04%

Source: CVE
November 27th, 2024 (6 months ago)

CVE-2024-28955
Description: Affected devices create coredump files when crashed, storing them with world-readable permission. Any local user of the device can examine the coredump files, and research the memory contents. As for the details of affected product names, model numbers, and versions, refer to the information provided by the respective vendors listed under [References].

CVSS: MEDIUM (5.9)

EPSS Score: 0.04%

Source: CVE
November 27th, 2024 (6 months ago)

CVE-2024-26258
Description: OS command injection vulnerability in ELECOM wireless LAN routers allows a network-adjacent attacker with credentials to execute arbitrary OS commands by sending a specially crafted request to the product.

CVSS: MEDIUM (6.8)

EPSS Score: 0.04%

Source: CVE
November 27th, 2024 (6 months ago)