Threat and Vulnerability Intelligence Database
Example Searches:
CVE
Threat Actors
Countries
Vendors
Severity
Known Exploited
CVE-2024-49581 |
Description: Restricted Views backed objects (OSV1) could be bypassed under specific circumstances due to a software bug, this could have allowed users that didn't have permission to see such objects to view them via Object Explorer directly. This software bug did not impact or otherwise make data available across organizational boundaries nor did it allow for data to be viewed or accessed by unauthenticated users.
The affected service have been patched and automatically deployed to all Apollo-managed Foundry instances.
CVSS: MEDIUM (6.5) EPSS Score: 0.04%
December 3rd, 2024 (5 months ago)
|
|
CVE-2024-38827 |
Description: The usage of String.toLowerCase() and String.toUpperCase() has some Locale dependent exceptions that could potentially result in authorization rules not working properly.
CVSS: MEDIUM (4.8) EPSS Score: 0.04%
December 3rd, 2024 (5 months ago)
|
|
CVE-2024-33053 |
Description: Memory corruption when multiple threads try to unregister the CVP buffer at the same time.
CVSS: MEDIUM (6.7) EPSS Score: 0.04%
December 3rd, 2024 (5 months ago)
|
|
CVE-2024-33040 |
Description: Memory corruption while invoking redundant release command to release one buffer from user space as race condition can occur in kernel space between buffer release and buffer access.
CVSS: MEDIUM (6.7) EPSS Score: 0.04%
December 3rd, 2024 (5 months ago)
|
|
CVE-2024-33039 |
Description: Memory corruption when PAL client calls PAL service APIs by passing a random value as handle and the handle is not validated by the service.
CVSS: MEDIUM (6.7) EPSS Score: 0.04%
December 3rd, 2024 (5 months ago)
|
|
CVE-2024-33037 |
Description: Information disclosure as NPU firmware can send invalid IPC message to NPU driver as the driver doesn`t validate the IPC message received from the firmware.
CVSS: MEDIUM (6.1) EPSS Score: 0.04%
December 3rd, 2024 (5 months ago)
|
|
CVE-2024-33036 |
Description: Memory corruption while parsing sensor packets in camera driver, user-space variable is used while allocating memory in kernel and parsing which can lead to huge allocation or invalid memory access.
CVSS: MEDIUM (6.7) EPSS Score: 0.04%
December 3rd, 2024 (5 months ago)
|
|
CVE-2024-22272 |
Description: VMware Cloud Director contains an Improper Privilege Management vulnerability.
An authenticated tenant administrator for a
given organization within VMware Cloud Director may be able to
accidentally disable their organization leading to a Denial of Service
for active sessions within their own organization's scope.
CVSS: MEDIUM (4.9) EPSS Score: 0.04%
December 3rd, 2024 (5 months ago)
|
|
CVE-2024-11703 |
Description: On Android, Firefox may have inadvertently allowed viewing saved passwords without the required device PIN authentication. This vulnerability affects Firefox < 133.
CVSS: MEDIUM (5.7) EPSS Score: 0.04%
December 3rd, 2024 (5 months ago)
|
|
CVE-2024-11696 |
Description: The application failed to account for exceptions thrown by the `loadManifestFromFile` method during add-on signature verification. This flaw, triggered by an invalid or unsupported extension manifest, could have caused runtime errors that disrupted the signature validation process. As a result, the enforcement of signature validation for unrelated add-ons may have been bypassed. Signature validation in this context is used to ensure that third-party applications on the user's computer have not tampered with the user's extensions, limiting the impact of this issue. This vulnerability affects Firefox < 133, Firefox ESR < 128.5, Thunderbird < 133, and Thunderbird < 128.5.
CVSS: MEDIUM (5.4) EPSS Score: 0.05%
December 3rd, 2024 (5 months ago)
|