Threat and Vulnerability Intelligence Database
Example Searches:
CVE
Threat Actors
Countries
Vendors
Severity
Known Exploited
CVE-2024-45494 |
Description: An issue was discovered in MSA FieldServer Gateway 5.0.0 through 6.5.2 (Fixed in 7.0.0). The FieldServer Gateway has an internally used shared administrative user account on all devices. The authentication for this user is implemented through an unsafe shared secret that is static in all affected firmware versions.
EPSS Score: 0.04%
December 18th, 2024 (4 months ago)
|
|
CVE-2024-45493 |
Description: An issue was discovered in MSA FieldServer Gateway 5.0.0 through 6.5.2 (Fixed in 7.0.0). The FieldServer Gateway has internal users, whose access is supposed to be restricted to login locally on the device. However, an attacker can bypass the check for this, which might allow them to authenticate with an internal user account from the network (if they know their password).
EPSS Score: 0.04%
December 18th, 2024 (4 months ago)
|
|
CVE-2024-37607 |
Description: A Buffer overflow vulnerability in D-Link DAP-2555 REVA_FIRMWARE_1.20 allows remote attackers to cause a Denial of Service (DoS) via a crafted HTTP request.
EPSS Score: 0.05%
December 18th, 2024 (4 months ago)
|
|
CVE-2024-37606 |
Description: A Stack overflow vulnerability in D-Link DCS-932L REVB_FIRMWARE_2.18.01 allows attackers to cause a Denial of Service (DoS) via a crafted HTTP request.
EPSS Score: 0.05%
December 18th, 2024 (4 months ago)
|
|
CVE-2024-37605 |
Description: A NULL pointer dereference in D-Link DIR-860L REVB_FIRMWARE_2.04.B04_ic5b allows attackers to cause a Denial of Service (DoS) via a crafted HTTP request.
EPSS Score: 0.05%
December 18th, 2024 (4 months ago)
|
|
CVE-2024-36832 |
Description: A NULL pointer dereference in D-Link DAP-1513 REVA_FIRMWARE_1.01 allows attackers to cause a Denial of Service (DoS) via a crafted web request without authentication. The vulnerability occurs in the /bin/webs binary of the firmware. When /bin/webs receives a carefully constructed HTTP request, it will crash and exit due to a null pointer reference, leading to a denial of service attack to the device.
EPSS Score: 0.05%
December 18th, 2024 (4 months ago)
|
|
CVE-2024-36831 |
Description: A NULL pointer dereference in the plugins_call_handle_uri_clean function of D-Link DAP-1520 REVA_FIRMWARE_1.10B04_BETA02_HOTFIX allows attackers to cause a Denial of Service (DoS) via a crafted HTTP request without authentication.
EPSS Score: 0.05%
December 18th, 2024 (4 months ago)
|
|
CVE-2024-31668 |
Description: rizin before v0.6.3 is vulnerable to Improper Neutralization of Special Elements via meta_set function in librz/analysis/meta.
EPSS Score: 0.04%
December 18th, 2024 (4 months ago)
|
|
CVE-2024-29646 |
Description: Buffer Overflow vulnerability in radarorg radare2 v.5.8.8 allows an attacker to execute arbitrary code via the name, type, or group fields.
EPSS Score: 0.04%
December 18th, 2024 (4 months ago)
|
|
CVE-2024-10973 |
Description: A vulnerability was found in Keycloak. The environment option `KC_CACHE_EMBEDDED_MTLS_ENABLED` does not work and the JGroups replication configuration is always used in plain text which can allow an attacker that has access to adjacent networks related to JGroups to read sensitive information.
EPSS Score: 0.04%
December 18th, 2024 (4 months ago)
|