Threat and Vulnerability Intelligence Database
Example Searches:
CVE
Threat Actors
Countries
Vendors
Severity
Known Exploited
CVE-2024-55057 |
Description: Phpgurukul Online Birth Certificate System 1.0 suffers from insufficient password requirements which can lead to unauthorized access to user accounts.
EPSS Score: 0.04%
December 18th, 2024 (4 months ago)
|
|
CVE-2024-55056 |
Description: A stored cross-site scripting (XSS) vulnerability was identified in Phpgurukul Online Birth Certificate System 1.0 in /user/certificate-form.php via the full name field.
EPSS Score: 0.04%
December 18th, 2024 (4 months ago)
|
|
CVE-2024-54677 |
Description: Uncontrolled Resource Consumption vulnerability in the examples web application provided with Apache Tomcat leads to denial of service.
This issue affects Apache Tomcat: from 11.0.0-M1 through 11.0.1, from 10.1.0-M1 through 10.1.33, from 9.0.0.M1 through 9.9.97.
Users are recommended to upgrade to version 11.0.2, 10.1.34 or 9.0.98, which fixes the issue.
EPSS Score: 0.04%
December 18th, 2024 (4 months ago)
|
|
CVE-2024-54662 |
Description: Dante 1.4.0 through 1.4.3 (fixed in 1.4.4) has incorrect access control for some sockd.conf configurations involving socksmethod.
EPSS Score: 0.04%
December 18th, 2024 (4 months ago)
|
|
CVE-2024-53375 |
Description: An Authenticated Remote Code Execution (RCE) vulnerability affects the TP-Link Archer router series. A vulnerability exists in the "tmp_get_sites" function of the HomeShield functionality provided by TP-Link. This vulnerability is still exploitable without the activation of the HomeShield functionality.
EPSS Score: 0.04%
December 18th, 2024 (4 months ago)
|
|
CVE-2024-53144 |
Description: In the Linux kernel, the following vulnerability has been resolved:
Bluetooth: hci_event: Align BR/EDR JUST_WORKS paring with LE
This aligned BR/EDR JUST_WORKS method with LE which since 92516cd97fd4
("Bluetooth: Always request for user confirmation for Just Works")
always request user confirmation with confirm_hint set since the
likes of bluetoothd have dedicated policy around JUST_WORKS method
(e.g. main.conf:JustWorksRepairing).
CVE: CVE-2024-8805
EPSS Score: 0.04%
December 18th, 2024 (4 months ago)
|
|
CVE-2024-53080 |
Description: In the Linux kernel, the following vulnerability has been resolved:
drm/panthor: Lock XArray when getting entries for the VM
Similar to commit cac075706f29 ("drm/panthor: Fix race when converting
group handle to group object") we need to use the XArray's internal
locking when retrieving a vm pointer from there.
v2: Removed part of the patch that was trying to protect fetching
the heap pointer from XArray, as that operation is protected by
the @pool->lock.
EPSS Score: 0.04%
December 18th, 2024 (4 months ago)
|
|
CVE-2024-51175 |
Description: An issue in H3C switch h3c-S1526 allows a remote attacker to obtain sensitive information via the S1526.cfg component.
EPSS Score: 0.04%
December 18th, 2024 (4 months ago)
|
|
CVE-2024-50379 |
Description: Time-of-check Time-of-use (TOCTOU) Race Condition vulnerability during JSP compilation in Apache Tomcat permits an RCE on case insensitive file systems when the default servlet is enabled for write (non-default configuration).
This issue affects Apache Tomcat: from 11.0.0-M1 through 11.0.1, from 10.1.0-M1 through 10.1.33, from 9.0.0.M1 through 9.0.97.
Users are recommended to upgrade to version 11.0.2, 10.1.34 or 9.0.08, which fixes the issue.
EPSS Score: 0.04%
December 18th, 2024 (4 months ago)
|
|
CVE-2024-49194 |
Description: Databricks JDBC Driver before 2.6.40 could potentially allow remote code execution (RCE) by triggering a JNDI injection via a JDBC URL parameter. The vulnerability is rooted in the improper handling of the krbJAASFile parameter. An attacker could potentially exploit this vulnerability to achieve Remote Code Execution in the context of the driver by tricking a victim into using a crafted connection URL that uses the property krbJAASFile.
EPSS Score: 0.04%
December 18th, 2024 (4 months ago)
|