Threat and Vulnerability Intelligence Database
Example Searches:
CVE
Threat Actors
Countries
Vendors
Severity
Known Exploited
CVE-2024-49232 |
Description: Improper Neutralization of Input During Web Page Generation (XSS or 'Cross-site Scripting') vulnerability in Javier Loureiro El mejor Cluster allows DOM-Based XSS.This issue affects El mejor Cluster: from n/a through 1.1.15.
CVSS: MEDIUM (6.5) EPSS Score: 0.05%
December 5th, 2024 (5 months ago)
|
|
CVE-2024-45206 |
Description: A vulnerability in Veeam Service Provider Console has been identified, which allows to perform arbitrary HTTP requests to arbitrary hosts of the network and get information about internal resources.
CVSS: MEDIUM (6.5) EPSS Score: 0.04%
December 5th, 2024 (5 months ago)
|
|
CVE-2024-29978 |
Description: User passwords are decrypted and stored on memory before any user logged in. Those decrypted passwords can be retrieved from the coredump file. As for the details of affected product names, model numbers, and versions, refer to the information provided by the respective vendors listed under [References].
CVSS: MEDIUM (5.9) EPSS Score: 0.04%
December 5th, 2024 (5 months ago)
|
|
CVE-2024-27363 |
Description: A vulnerability was discovered in Samsung Mobile Processor Exynos 850, Exynos 9610, Exynos 980, Exynos 1280, Exynos 1380, Exynos 1330, Exynos W920, and Exynos W930 where it does not properly check a pointer address, which can lead to a Information disclosure.
CVSS: MEDIUM (6.0) EPSS Score: 0.04%
December 5th, 2024 (5 months ago)
|
|
CVE-2024-25073 |
Description: An issue was discovered in Samsung Semiconductor Mobile Processor and Modem Exynos 9820, Exynos 9825, Exynos 980, Exynos 990, Exynos 850, Exynos 1080, Exynos 2100, Exynos 2200, Exynos 1280, Exynos 1380, Exynos 1330, Exynos 9110, Exynos W920, Exynos W930, Exynos Modem 5123, Exynos Modem 5300. The baseband software does not properly check a pointer specified by the CC (Call Control module), which can lead to Denial of Service (Untrusted Pointer Dereference).
CVSS: MEDIUM (5.9) EPSS Score: 0.04%
December 5th, 2024 (5 months ago)
|
|
CVE-2024-23559 |
Description: HCL DevOps Deploy / Launch is generating an obsolete HTTP header.
CVSS: MEDIUM (6.1) EPSS Score: 0.04%
December 5th, 2024 (5 months ago)
|
|
CVE-2024-20397 |
Description: A vulnerability in the bootloader of Cisco NX-OS Software could allow an unauthenticated attacker with physical access to an affected device, or an authenticated, local attacker with administrative credentials, to bypass NX-OS image signature verification.
This vulnerability is due to insecure bootloader settings. An attacker could exploit this vulnerability by executing a series of bootloader commands. A successful exploit could allow the attacker to bypass NX-OS image signature verification and load unverified software.
CVSS: MEDIUM (5.2) EPSS Score: 0.05%
December 5th, 2024 (5 months ago)
|
|
CVE-2024-12186 |
Description: A vulnerability was found in code-projects Hotel Management System 1.0 and classified as problematic. This issue affects some unknown processing of the file hotelnew.c of the component Available Room Handler. The manipulation of the argument admin_entry leads to stack-based buffer overflow. Local access is required to approach this attack. The exploit has been disclosed to the public and may be used. Eine problematische Schwachstelle wurde in code-projects Hotel Management System 1.0 gefunden. Dies betrifft einen unbekannten Teil der Datei hotelnew.c der Komponente Available Room Handler. Mittels dem Manipulieren des Arguments admin_entry mit unbekannten Daten kann eine stack-based buffer overflow-Schwachstelle ausgenutzt werden. Umgesetzt werden muss der Angriff lokal. Der Exploit steht zur öffentlichen Verfügung.
CVSS: MEDIUM (4.8) EPSS Score: 0.04%
December 5th, 2024 (5 months ago)
|
|
CVE-2024-12185 |
Description: A vulnerability has been found in code-projects Hotel Management System 1.0 and classified as problematic. This vulnerability affects unknown code of the component Administrator Login Password Handler. The manipulation of the argument Str2 leads to stack-based buffer overflow. An attack has to be approached locally. The exploit has been disclosed to the public and may be used. In code-projects Hotel Management System 1.0 wurde eine problematische Schwachstelle gefunden. Das betrifft eine unbekannte Funktionalität der Komponente Administrator Login Password Handler. Durch Manipulation des Arguments Str2 mit unbekannten Daten kann eine stack-based buffer overflow-Schwachstelle ausgenutzt werden. Die Umsetzung des Angriffs hat dabei lokal zu erfolgen. Der Exploit steht zur öffentlichen Verfügung.
CVSS: MEDIUM (4.8) EPSS Score: 0.04%
December 5th, 2024 (5 months ago)
|
|
CVE-2024-12183 |
Description: A vulnerability, which was classified as problematic, was found in DedeCMS 5.7.116. This affects the function RemoveXSS of the file /plus/carbuyaction.php of the component HTTP POST Request Handler. The manipulation leads to cross site scripting. It is possible to initiate the attack remotely. The exploit has been disclosed to the public and may be used. Es wurde eine problematische Schwachstelle in DedeCMS 5.7.116 gefunden. Es betrifft die Funktion RemoveXSS der Datei /plus/carbuyaction.php der Komponente HTTP POST Request Handler. Durch die Manipulation mit unbekannten Daten kann eine cross site scripting-Schwachstelle ausgenutzt werden. Der Angriff kann über das Netzwerk erfolgen. Der Exploit steht zur öffentlichen Verfügung.
CVSS: MEDIUM (5.3) EPSS Score: 0.07%
December 5th, 2024 (5 months ago)
|