CyberAlerts

CVE-2024-33039

Description: Memory corruption when PAL client calls PAL service APIs by passing a random value as handle and the handle is not validated by the service.

CVSS: MEDIUM (6.7)

EPSS Score: 0.04%

Source: CVE

December 3rd, 2024 (5 months ago)

CVE-2024-33037

Buffer Over-read in Neural Processing Unit

Description: Information disclosure as NPU firmware can send invalid IPC message to NPU driver as the driver doesn`t validate the IPC message received from the firmware.

CVSS: MEDIUM (6.1)

EPSS Score: 0.04%

Source: CVE

December 3rd, 2024 (5 months ago)

CVE-2024-33036

Use of Out-of-range Pointer Offset in Camera Driver

Description: Memory corruption while parsing sensor packets in camera driver, user-space variable is used while allocating memory in kernel and parsing which can lead to huge allocation or invalid memory access.

CVSS: MEDIUM (6.7)

EPSS Score: 0.04%

Source: CVE

December 3rd, 2024 (5 months ago)

CVE-2024-22272

VMware Cloud Director contains an Improper Privilege Management vulnerability. An authenticated tenant administrator for a given organization...

Description: VMware Cloud Director contains an Improper Privilege Management vulnerability. An authenticated tenant administrator for a given organization within VMware Cloud Director may be able to accidentally disable their organization leading to a Denial of Service for active sessions within their own organization's scope.

CVSS: MEDIUM (4.9)

EPSS Score: 0.04%

Source: CVE

December 3rd, 2024 (5 months ago)

CVE-2024-11703

On Android, Firefox may have inadvertently allowed viewing saved passwords without the required device PIN authentication. This vulnerability...

Description: On Android, Firefox may have inadvertently allowed viewing saved passwords without the required device PIN authentication. This vulnerability affects Firefox < 133.

CVSS: MEDIUM (5.7)

EPSS Score: 0.04%

Source: CVE

December 3rd, 2024 (5 months ago)

CVE-2024-11696

The application failed to account for exceptions thrown by the `loadManifestFromFile` method during add-on signature verification. This flaw,...

Description: The application failed to account for exceptions thrown by the `loadManifestFromFile` method during add-on signature verification. This flaw, triggered by an invalid or unsupported extension manifest, could have caused runtime errors that disrupted the signature validation process. As a result, the enforcement of signature validation for unrelated add-ons may have been bypassed. Signature validation in this context is used to ensure that third-party applications on the user's computer have not tampered with the user's extensions, limiting the impact of this issue. This vulnerability affects Firefox < 133, Firefox ESR < 128.5, Thunderbird < 133, and Thunderbird < 128.5.

CVSS: MEDIUM (5.4)

EPSS Score: 0.05%

Source: CVE

December 3rd, 2024 (5 months ago)

CVE-2024-11488

115cms web_user.html cross site scripting

Description: A vulnerability was found in 115cms up to 20240807 and classified as problematic. This issue affects some unknown processing of the file /app/admin/view/web_user.html. The manipulation of the argument ks leads to cross site scripting. The attack may be initiated remotely. The exploit has been disclosed to the public and may be used. The vendor was contacted early about this disclosure but did not respond in any way. Eine problematische Schwachstelle wurde in 115cms bis 20240807 gefunden. Betroffen davon ist ein unbekannter Prozess der Datei /app/admin/view/web_user.html. Durch das Beeinflussen des Arguments ks mit unbekannten Daten kann eine cross site scripting-Schwachstelle ausgenutzt werden. Die Umsetzung des Angriffs kann dabei über das Netzwerk erfolgen. Der Exploit steht zur öffentlichen Verfügung.

CVSS: MEDIUM (5.3)

EPSS Score: 0.05%

Source: CVE

December 3rd, 2024 (5 months ago)

CVE-2024-11487

Code4Berry Decoration Management System Between Dates Reports btndates_report.php sql injection

Description: A vulnerability has been found in Code4Berry Decoration Management System 1.0 and classified as critical. This vulnerability affects unknown code of the file /decoration/admin/btndates_report.php of the component Between Dates Reports. The manipulation of the argument fromdate/todate leads to sql injection. The attack can be initiated remotely. The exploit has been disclosed to the public and may be used. The vendor was contacted early about this disclosure but did not respond in any way. In Code4Berry Decoration Management System 1.0 wurde eine kritische Schwachstelle gefunden. Betroffen ist eine unbekannte Verarbeitung der Datei /decoration/admin/btndates_report.php der Komponente Between Dates Reports. Durch Manipulieren des Arguments fromdate/todate mit unbekannten Daten kann eine sql injection-Schwachstelle ausgenutzt werden. Der Angriff kann über das Netzwerk passieren. Der Exploit steht zur öffentlichen Verfügung.

CVSS: MEDIUM (5.3)

EPSS Score: 0.09%

Source: CVE

December 3rd, 2024 (5 months ago)

CVE-2024-11486

Code4Berry Decoration Management System User Permission user_permission.php

Description: A vulnerability, which was classified as problematic, was found in Code4Berry Decoration Management System 1.0. This affects an unknown part of the file /decoration/admin/user_permission.php of the component User Permission Handler. The manipulation leads to permission issues. It is possible to initiate the attack remotely. The exploit has been disclosed to the public and may be used. The vendor was contacted early about this disclosure but did not respond in any way. Es wurde eine problematische Schwachstelle in Code4Berry Decoration Management System 1.0 gefunden. Hiervon betroffen ist ein unbekannter Codeblock der Datei /decoration/admin/user_permission.php der Komponente User Permission Handler. Durch das Manipulieren mit unbekannten Daten kann eine permission issues-Schwachstelle ausgenutzt werden. Der Angriff kann über das Netzwerk angegangen werden. Der Exploit steht zur öffentlichen Verfügung.

CVSS: MEDIUM (5.3)

EPSS Score: 0.05%

Source: CVE

December 3rd, 2024 (5 months ago)

CVE-2024-11485

Code4Berry Decoration Management System User userregister.php permission

Description: A vulnerability, which was classified as critical, has been found in Code4Berry Decoration Management System 1.0. Affected by this issue is some unknown functionality of the file /decoration/admin/userregister.php of the component User Handler. The manipulation leads to permission issues. The attack may be launched remotely. The exploit has been disclosed to the public and may be used. The vendor was contacted early about this disclosure but did not respond in any way. Eine kritische Schwachstelle wurde in Code4Berry Decoration Management System 1.0 entdeckt. Davon betroffen ist unbekannter Code der Datei /decoration/admin/userregister.php der Komponente User Handler. Mittels Manipulieren mit unbekannten Daten kann eine permission issues-Schwachstelle ausgenutzt werden. Der Angriff kann über das Netzwerk erfolgen. Der Exploit steht zur öffentlichen Verfügung.

CVSS: MEDIUM (5.3)

EPSS Score: 0.07%

Source: CVE

December 3rd, 2024 (5 months ago)

Threat and Vulnerability Intelligence Database

Example Searches:

CVE-2024-33039	Untrusted Pointer Dereference in Audio Description: Memory corruption when PAL client calls PAL service APIs by passing a random value as handle and the handle is not validated by the service. CVSS: MEDIUM (6.7) EPSS Score: 0.04% Source: CVE December 3rd, 2024 (5 months ago)
CVE-2024-33037	Buffer Over-read in Neural Processing Unit Description: Information disclosure as NPU firmware can send invalid IPC message to NPU driver as the driver doesn`t validate the IPC message received from the firmware. CVSS: MEDIUM (6.1) EPSS Score: 0.04% Source: CVE December 3rd, 2024 (5 months ago)
CVE-2024-33036	Use of Out-of-range Pointer Offset in Camera Driver Description: Memory corruption while parsing sensor packets in camera driver, user-space variable is used while allocating memory in kernel and parsing which can lead to huge allocation or invalid memory access. CVSS: MEDIUM (6.7) EPSS Score: 0.04% Source: CVE December 3rd, 2024 (5 months ago)
CVE-2024-22272	VMware Cloud Director contains an Improper Privilege Management vulnerability. An authenticated tenant administrator for a given organization... Description: VMware Cloud Director contains an Improper Privilege Management vulnerability. An authenticated tenant administrator for a given organization within VMware Cloud Director may be able to accidentally disable their organization leading to a Denial of Service for active sessions within their own organization's scope. CVSS: MEDIUM (4.9) EPSS Score: 0.04% Source: CVE December 3rd, 2024 (5 months ago)
CVE-2024-11703	On Android, Firefox may have inadvertently allowed viewing saved passwords without the required device PIN authentication. This vulnerability... Description: On Android, Firefox may have inadvertently allowed viewing saved passwords without the required device PIN authentication. This vulnerability affects Firefox < 133. CVSS: MEDIUM (5.7) EPSS Score: 0.04% Source: CVE December 3rd, 2024 (5 months ago)
CVE-2024-11696	The application failed to account for exceptions thrown by the `loadManifestFromFile` method during add-on signature verification. This flaw,... Description: The application failed to account for exceptions thrown by the `loadManifestFromFile` method during add-on signature verification. This flaw, triggered by an invalid or unsupported extension manifest, could have caused runtime errors that disrupted the signature validation process. As a result, the enforcement of signature validation for unrelated add-ons may have been bypassed. Signature validation in this context is used to ensure that third-party applications on the user's computer have not tampered with the user's extensions, limiting the impact of this issue. This vulnerability affects Firefox < 133, Firefox ESR < 128.5, Thunderbird < 133, and Thunderbird < 128.5. CVSS: MEDIUM (5.4) EPSS Score: 0.05% Source: CVE December 3rd, 2024 (5 months ago)
CVE-2024-11488	115cms web_user.html cross site scripting Description: A vulnerability was found in 115cms up to 20240807 and classified as problematic. This issue affects some unknown processing of the file /app/admin/view/web_user.html. The manipulation of the argument ks leads to cross site scripting. The attack may be initiated remotely. The exploit has been disclosed to the public and may be used. The vendor was contacted early about this disclosure but did not respond in any way. Eine problematische Schwachstelle wurde in 115cms bis 20240807 gefunden. Betroffen davon ist ein unbekannter Prozess der Datei /app/admin/view/web_user.html. Durch das Beeinflussen des Arguments ks mit unbekannten Daten kann eine cross site scripting-Schwachstelle ausgenutzt werden. Die Umsetzung des Angriffs kann dabei über das Netzwerk erfolgen. Der Exploit steht zur öffentlichen Verfügung. CVSS: MEDIUM (5.3) EPSS Score: 0.05% Source: CVE December 3rd, 2024 (5 months ago)
CVE-2024-11487	Code4Berry Decoration Management System Between Dates Reports btndates_report.php sql injection Description: A vulnerability has been found in Code4Berry Decoration Management System 1.0 and classified as critical. This vulnerability affects unknown code of the file /decoration/admin/btndates_report.php of the component Between Dates Reports. The manipulation of the argument fromdate/todate leads to sql injection. The attack can be initiated remotely. The exploit has been disclosed to the public and may be used. The vendor was contacted early about this disclosure but did not respond in any way. In Code4Berry Decoration Management System 1.0 wurde eine kritische Schwachstelle gefunden. Betroffen ist eine unbekannte Verarbeitung der Datei /decoration/admin/btndates_report.php der Komponente Between Dates Reports. Durch Manipulieren des Arguments fromdate/todate mit unbekannten Daten kann eine sql injection-Schwachstelle ausgenutzt werden. Der Angriff kann über das Netzwerk passieren. Der Exploit steht zur öffentlichen Verfügung. CVSS: MEDIUM (5.3) EPSS Score: 0.09% Source: CVE December 3rd, 2024 (5 months ago)
CVE-2024-11486	Code4Berry Decoration Management System User Permission user_permission.php Description: A vulnerability, which was classified as problematic, was found in Code4Berry Decoration Management System 1.0. This affects an unknown part of the file /decoration/admin/user_permission.php of the component User Permission Handler. The manipulation leads to permission issues. It is possible to initiate the attack remotely. The exploit has been disclosed to the public and may be used. The vendor was contacted early about this disclosure but did not respond in any way. Es wurde eine problematische Schwachstelle in Code4Berry Decoration Management System 1.0 gefunden. Hiervon betroffen ist ein unbekannter Codeblock der Datei /decoration/admin/user_permission.php der Komponente User Permission Handler. Durch das Manipulieren mit unbekannten Daten kann eine permission issues-Schwachstelle ausgenutzt werden. Der Angriff kann über das Netzwerk angegangen werden. Der Exploit steht zur öffentlichen Verfügung. CVSS: MEDIUM (5.3) EPSS Score: 0.05% Source: CVE December 3rd, 2024 (5 months ago)
CVE-2024-11485	Code4Berry Decoration Management System User userregister.php permission Description: A vulnerability, which was classified as critical, has been found in Code4Berry Decoration Management System 1.0. Affected by this issue is some unknown functionality of the file /decoration/admin/userregister.php of the component User Handler. The manipulation leads to permission issues. The attack may be launched remotely. The exploit has been disclosed to the public and may be used. The vendor was contacted early about this disclosure but did not respond in any way. Eine kritische Schwachstelle wurde in Code4Berry Decoration Management System 1.0 entdeckt. Davon betroffen ist unbekannter Code der Datei /decoration/admin/userregister.php der Komponente User Handler. Mittels Manipulieren mit unbekannten Daten kann eine permission issues-Schwachstelle ausgenutzt werden. Der Angriff kann über das Netzwerk erfolgen. Der Exploit steht zur öffentlichen Verfügung. CVSS: MEDIUM (5.3) EPSS Score: 0.07% Source: CVE December 3rd, 2024 (5 months ago)