Threat and Vulnerability Intelligence Database

Example Searches:

CVE-2023-4527	Glibc: stack read overflow in getaddrinfo in no-aaaa mode Description: A flaw was found in glibc. When the getaddrinfo function is called with the AF_UNSPEC address family and the system is configured with no-aaaa mode via /etc/resolv.conf, a DNS response via TCP larger than 2048 bytes can potentially disclose stack contents through the function returned address data, and may cause a crash. EPSS Score: 0.15% Source: CVE December 4th, 2024 (5 months ago)
CVE-2023-43787	Libx11: integer overflow in xcreateimage() leading to a heap overflow Description: A vulnerability was found in libX11 due to an integer overflow within the XCreateImage() function. This flaw allows a local user to trigger an integer overflow and execute arbitrary code with elevated privileges. EPSS Score: 0.04% Source: CVE December 4th, 2024 (5 months ago)
CVE-2023-39418	Postgresql: merge fails to enforce update or select row security policies Description: A vulnerability was found in PostgreSQL with the use of the MERGE command, which fails to test new rows against row security policies defined for UPDATE and SELECT. If UPDATE and SELECT policies forbid some rows that INSERT policies do not forbid, a user could store such rows. EPSS Score: 0.5% Source: CVE December 4th, 2024 (5 months ago)
CVE-2023-3750	Libvirt: improper locking in virstoragepoolobjlistsearch may lead to denial of service Description: A flaw was found in libvirt. The virStoragePoolObjListSearch function does not return a locked pool as expected, resulting in a race condition and denial of service when attempting to lock the same object from another thread. This issue could allow clients connecting to the read-only socket to crash the libvirt daemon. EPSS Score: 0.07% Source: CVE December 4th, 2024 (5 months ago)
CVE-2023-3106	Kernel: netlink socket crash (null pointer deref) in netlink_dump function Description: A NULL pointer dereference vulnerability was found in netlink_dump. This issue can occur when the Netlink socket receives the message(sendmsg) for the XFRM_MSG_GETSA, XFRM_MSG_GETPOLICY type message, and the DUMP flag is set and can cause a denial of service or possibly another unspecified impact. Due to the nature of the flaw, privilege escalation cannot be fully ruled out, although it is unlikely. EPSS Score: 0.04% Source: CVE December 4th, 2024 (5 months ago)
CVE-2023-3019	Qemu: e1000e: heap use-after-free in e1000e_write_packet_to_guest() Description: A DMA reentrancy issue leading to a use-after-free error was found in the e1000e NIC emulation code in QEMU. This issue could allow a privileged guest user to crash the QEMU process on the host, resulting in a denial of service. EPSS Score: 0.05% Source: CVE December 4th, 2024 (5 months ago)
CVE-2023-25584	Out of bounds read in parse_module function in bfd/vms-alpha.c Description: An out-of-bounds read flaw was found in the parse_module function in bfd/vms-alpha.c in Binutils. EPSS Score: 0.06% Source: CVE December 4th, 2024 (5 months ago)
	Misconfigured WAFs Heighten DoS, Breach Risks Description: Organizations that rely on their content delivery network provider for Web application firewall services may be inadvertently leaving themselves open to attack. Source: Dark Reading December 3rd, 2024 (5 months ago)
	Vodka maker Stoli files for bankruptcy in US after ransomware attack Description: Stoli Group's U.S. companies have filed for bankruptcy following an August ransomware attack and Russian authorities seizing the company's remaining distilleries in the country. [...] Source: BleepingComputer December 3rd, 2024 (5 months ago)
	Cloudflare’s developer domains increasingly abused by threat actors Description: Cloudflare's 'pages.dev' and 'workers.dev' domains, used for deploying web pages and facilitating serverless computing, are being increasingly abused by cybercriminals for phishing and other malicious activities. [...] Source: BleepingComputer December 3rd, 2024 (5 months ago)