CVE-2024-3156 |
Description: Inappropriate implementation in V8 in Google Chrome prior to 123.0.6312.105 allowed a remote attacker to potentially perform out of bounds memory access via a crafted HTML page. (Chromium security severity: High)
EPSS Score: 0.07%
February 14th, 2025 (5 months ago)
|
CVE-2024-31556 |
Description: An issue in Reportico Web before v.8.1.0 allows a local attacker to execute arbitrary code and obtain sensitive information via the sessionid function.
EPSS Score: 0.04%
February 14th, 2025 (5 months ago)
|
CVE-2024-31510 |
Description: An issue in Open Quantum Safe liboqs v.10.0 allows a remote attacker to escalate privileges via the crypto_sign_signature parameter in the /pqcrystals-dilithium-standard_ml-dsa-44-ipd_avx2/sign.c component.
EPSS Score: 0.05%
February 14th, 2025 (5 months ago)
|
CVE-2024-31309 |
Description: HTTP/2 CONTINUATION DoS attack can cause Apache Traffic Server to consume more resources on the server. Version from 8.0.0 through 8.1.9, from 9.0.0 through 9.2.3 are affected.
Users can set a new setting (proxy.config.http2.max_continuation_frames_per_minute) to limit the number of CONTINUATION frames per minute. ATS does have a fixed amount of memory a request can use and ATS adheres to these limits in previous releases.
Users are recommended to upgrade to versions 8.1.10 or 9.2.4 which fixes the issue.
EPSS Score: 0.05%
February 14th, 2025 (5 months ago)
|
CVE-2024-31030 |
Description: An issue in coap_msg.c in Keith Cullen's FreeCoAP v.0.7 allows remote attackers to cause a Denial of Service or potentially disclose information via a specially crafted packet.
EPSS Score: 0.04%
February 14th, 2025 (5 months ago)
|
CVE-2024-30889 |
Description: Cross Site Scripting vulnerability in audimex audimexEE v.15.1.2 and fixed in 15.1.3.9 allows a remote attacker to execute arbitrary code via the service, method, widget_type, request_id, payload parameters.
EPSS Score: 0.05%
February 14th, 2025 (5 months ago)
|
CVE-2024-30801 |
Description: SQL Injection vulnerability in Cloud based customer service management platform v.1.0.0 allows a local attacker to execute arbitrary code via a crafted payload to Login.asp component.
EPSS Score: 0.05%
February 14th, 2025 (5 months ago)
|
CVE-2024-30165 |
Description: Amazon AWS Client VPN before 3.9.1 on macOS has a buffer overflow that could potentially allow a local actor to execute arbitrary commands with elevated permissions, a different vulnerability than CVE-2024-30164.
EPSS Score: 0.04%
February 14th, 2025 (5 months ago)
|
CVE-2024-30164 |
Description: Amazon AWS Client VPN has a buffer overflow that could potentially allow a local actor to execute arbitrary commands with elevated permissions. This is resolved in 3.11.1 on Windows, 3.9.1 on macOS, and 3.12.1 on Linux. NOTE: although the macOS resolution is the same as for CVE-2024-30165, this vulnerability on macOS is not the same as CVE-2024-30165.
EPSS Score: 0.05%
February 14th, 2025 (5 months ago)
|
CVE-2024-29944 |
Description: An attacker was able to inject an event handler into a privileged object that would allow arbitrary JavaScript execution in the parent process. Note: This vulnerability affects Desktop Firefox only, it does not affect mobile versions of Firefox. This vulnerability affects Firefox < 124.0.1 and Firefox ESR < 115.9.1.
EPSS Score: 0.05%
February 14th, 2025 (5 months ago)
|