Threat and Vulnerability Intelligence Database
Example Searches:
CVE
Threat Actors
Countries
Vendors
Severity
Known Exploited
CVE-2024-12694 |
Description: Use after free in Compositing in Google Chrome prior to 131.0.6778.204 allowed a remote attacker to potentially exploit heap corruption via a crafted HTML page. (Chromium security severity: High)
EPSS Score: 0.04%
December 19th, 2024 (4 months ago)
|
|
CVE-2024-12693 |
Description: Out of bounds memory access in V8 in Google Chrome prior to 131.0.6778.204 allowed a remote attacker to execute arbitrary code inside a sandbox via a crafted HTML page. (Chromium security severity: High)
EPSS Score: 0.04%
December 19th, 2024 (4 months ago)
|
|
CVE-2024-12692 |
Description: Type Confusion in V8 in Google Chrome prior to 131.0.6778.204 allowed a remote attacker to potentially exploit heap corruption via a crafted HTML page. (Chromium security severity: High)
EPSS Score: 0.04%
December 19th, 2024 (4 months ago)
|
|
CVE-2024-11614 |
Description: An out-of-bounds read vulnerability was found in DPDK's Vhost library checksum offload feature. This issue enables an untrusted or compromised guest to crash the hypervisor's vSwitch by forging Virtio descriptors to cause out-of-bounds reads. This flaw allows an attacker with a malicious VM using a virtio driver to cause the vhost-user side to crash by sending a packet with a Tx checksum offload request and an invalid csum_start offset.
EPSS Score: 0.04%
December 19th, 2024 (4 months ago)
|
|
CVE-2024-10892 |
Description: The Cost Calculator Builder WordPress plugin before 3.2.43 does not have CSRF checks in some AJAX actions, which could allow attackers to make logged in users perform unwanted actions via CSRF attacks.
EPSS Score: 0.04%
December 19th, 2024 (4 months ago)
|
|
CVE-2023-6228 |
Description: An issue was found in the tiffcp utility distributed by the libtiff package where a crafted TIFF file on processing may cause a heap-based buffer overflow leads to an application crash.
EPSS Score: 0.06%
December 19th, 2024 (4 months ago)
|
|
CVE-2023-52748 |
Description: In the Linux kernel, the following vulnerability has been resolved:
f2fs: avoid format-overflow warning
With gcc and W=1 option, there's a warning like this:
fs/f2fs/compress.c: In function ‘f2fs_init_page_array_cache’:
fs/f2fs/compress.c:1984:47: error: ‘%u’ directive writing between
1 and 7 bytes into a region of size between 5 and 8
[-Werror=format-overflow=]
1984 | sprintf(slab_name, "f2fs_page_array_entry-%u:%u", MAJOR(dev),
MINOR(dev));
| ^~
String "f2fs_page_array_entry-%u:%u" can up to 35. The first "%u" can up
to 4 and the second "%u" can up to 7, so total size is "24 + 4 + 7 = 35".
slab_name's size should be 35 rather than 32.
EPSS Score: 0.04%
December 19th, 2024 (4 months ago)
|
|
CVE-2023-52355 |
Description: An out-of-memory flaw was found in libtiff that could be triggered by passing a crafted tiff file to the TIFFRasterScanlineSize64() API. This flaw allows a remote attacker to cause a denial of service via a crafted input with a size smaller than 379 KB.
EPSS Score: 0.22%
December 19th, 2024 (4 months ago)
|
|
CVE-2023-38831 |
Description: RARLAB WinRAR before 6.23 allows attackers to execute arbitrary code when a user attempts to view a benign file within a ZIP archive. The issue occurs because a ZIP archive may include a benign file (such as an ordinary .JPG file) and also a folder that has the same name as the benign file, and the contents of the folder (which may include executable content) are processed during an attempt to access only the benign file. This was exploited in the wild in April through October 2023.
EPSS Score: 48.31%
December 19th, 2024 (4 months ago)
|
|
CVE-2023-34880 |
Description: cmseasy v7.7.7.7 20230520 was discovered to contain a path traversal vulnerability via the add_action method at lib/admin/language_admin.php. This vulnerability allows attackers to execute arbitrary code and perform a local file inclusion.
EPSS Score: 0.47%
December 19th, 2024 (4 months ago)
|