Threat and Vulnerability Intelligence Database
Example Searches:
CVE
Threat Actors
Countries
Vendors
Severity
Known Exploited
CVE-2024-49412 |
Description: Improper input validation in Settings prior to SMR Dec-2024 Release 1 allows local attackers to broadcast signal for discovering Bluetooth on Galaxy Watch.
CVSS: MEDIUM (5.5) EPSS Score: 0.04%
December 4th, 2024 (5 months ago)
|
|
CVE-2024-49411 |
Description: Path Traversal in ThemeCenter prior to SMR Dec-2024 Release 1 allows physical attackers to copy apk files to arbitrary path with ThemeCenter privilege.
CVSS: MEDIUM (4.3) EPSS Score: 0.04%
December 4th, 2024 (5 months ago)
|
|
CVE-2024-49410 |
Description: Out-of-bounds write in libswmfextractor.so prior to SMR Dec-2024 Release 1 allows local attackers to execute arbitrary code.
CVSS: MEDIUM (5.9) EPSS Score: 0.04%
December 4th, 2024 (5 months ago)
|
|
CVE-2024-45842 |
Description: Sharp and Toshiba Tec MFPs improperly process URI data in HTTP PUT requests resulting in a path Traversal vulnerability.
Unintended internal files may be retrieved when processing crafted HTTP requests.
CVSS: MEDIUM (5.3) EPSS Score: 0.05%
December 4th, 2024 (5 months ago)
|
|
CVE-2024-45676 |
Description: IBM Cognos Controller 11.0.0 and 11.0.1
could allow an authenticated user to upload insecure files, due to insufficient file type distinction.
CVSS: MEDIUM (4.3) EPSS Score: 0.05%
December 4th, 2024 (5 months ago)
|
|
CVE-2024-41776 |
Description: IBM Cognos Controller 11.0.0 and 11.0.1
is vulnerable to cross-site request forgery which could allow an attacker to execute malicious and unauthorized actions transmitted from a user that the website trusts.
CVSS: MEDIUM (6.5) EPSS Score: 0.05%
December 4th, 2024 (5 months ago)
|
|
CVE-2024-41775 |
Description: IBM Cognos Controller 11.0.0 and 11.0.1 uses weaker than expected cryptographic algorithms that could allow an attacker to decrypt highly sensitive information.
CVSS: MEDIUM (5.9) EPSS Score: 0.09%
December 4th, 2024 (5 months ago)
|
|
CVE-2024-38496 |
Description: The vulnerability allows a malicious low-privileged PAM user to access information about other PAM users and their group memberships.
CVSS: MEDIUM (5.1) EPSS Score: 0.04%
December 4th, 2024 (5 months ago)
|
|
CVE-2024-38036 |
Description: There is a reflected XSS vulnerability in Esri Portal for ArcGIS versions 10.9.1, 10.8.1 and 10.7.1 which may allow a remote, unauthenticated attacker to create a crafted link which when clicked could potentially execute arbitrary JavaScript code in the victim’s browser.
CVSS: MEDIUM (5.4) EPSS Score: 0.05%
December 4th, 2024 (5 months ago)
|
|
CVE-2024-37303 |
Description: Synapse is an open-source Matrix homeserver. Synapse before version 1.106 allows, by design, unauthenticated remote participants to trigger a download and caching of remote media from a remote homeserver to the local media repository. Such content then also becomes available for download from the local homeserver in an unauthenticated way. The implication is that unauthenticated remote adversaries can use this functionality to plant problematic content into the media repository. Synapse 1.106 introduces a partial mitigation in the form of new endpoints which require authentication for media downloads. The unauthenticated endpoints will be frozen in a future release, closing the attack vector.
CVSS: MEDIUM (5.3) EPSS Score: 0.04%
December 4th, 2024 (5 months ago)
|