Threat and Vulnerability Intelligence Database

Example Searches:

CVE-2024-29292	Description: Multiple OS Command Injection vulnerabilities affecting Kasda LinkSmart Router KW6512 <= v1.3 enable an authenticated remote attacker to execute arbitrary OS commands via various cgi parameters. EPSS Score: 0.04% Source: CVE November 28th, 2024 (5 months ago)
CVE-2024-21703	Description: This Medium severity Security Misconfiguration vulnerability was introduced in version 8.8.1 of Confluence Data Center and Server for Windows installations. This Security Misconfiguration vulnerability, with a CVSS Score of 6.4 allows an authenticated attacker of the Windows host to read sensitive information about the Confluence Data Center configuration which has high impact to confidentiality, high impact to integrity, high impact to availability, and no user interaction. Atlassian recommends that Confluence Data Center and Server customers upgrade to the latest version, if you are unable to do so, upgrade your instance to one of the specified supported fixed versions: * Confluence Data Center and Server 7.19: Upgrade to a release greater than or equal to 7.19.18 * Confluence Data Center and Server 8.5: Upgrade to a release greater than or equal to 8.5.5 * Confluence Data Center and Server 8.7: Upgrade to a release greater than or equal to 8.7.2 * Confluence Data Center and Server 8.8: Upgrade to a release greater than or equal to 8.8.0 See the release notes (https://confluence.atlassian.com/conf88/confluence-release-notes-1354501008.html ). You can download the latest version of Confluence Data Center and Server from the download center (https://www.atlassian.com/software/confluence/download-archives ). This vulnerability was reported via our Atlassian Bug Bounty Program by Chris Elliot. EPSS Score: 0.04% Source: CVE November 28th, 2024 (5 months ago)
CVE-2024-10492	Keycloak-quarkus-server: keycloak path trasversal Description: A vulnerability was found in Keycloak. A user with high privileges could read sensitive information from a Vault file that is not within the expected context. This attacker must have previous high access to the Keycloak server in order to perform resource creation, for example, an LDAP provider configuration and set up a Vault read file, which will only inform whether that file exists or not. EPSS Score: 0.04% Source: CVE November 28th, 2024 (5 months ago)
CVE-2024-10451	Org.keycloak:keycloak-quarkus-server: sensitive data exposure in keycloak build process Description: A flaw was found in Keycloak. This issue occurs because sensitive runtime values, such as passwords, may be captured during the Keycloak build process and embedded as default values in bytecode, leading to unintended information disclosure. In Keycloak 26, sensitive data specified directly in environment variables during the build process is also stored as a default values, making it accessible during runtime. Indirect usage of environment variables for SPI options and Quarkus properties is also vulnerable due to unconditional expansion by PropertyMapper logic, capturing sensitive data as default values in all Keycloak versions up to 26.0.2. EPSS Score: 0.04% Source: CVE November 28th, 2024 (5 months ago)
CVE-2024-10270	Org.keycloak:keycloak-services: keycloak denial of service Description: A vulnerability was found in the Keycloak-services package. If untrusted data is passed to the SearchQueryUtils method, it could lead to a denial of service (DoS) scenario by exhausting system resources due to a Regex complexity. EPSS Score: 0.09% Source: CVE November 28th, 2024 (5 months ago)
CVE-2024-0232	Sqlite: use-after-free bug in jsonparseaddnodearray Description: A heap use-after-free issue has been identified in SQLite in the jsonParseAddNodeArray() function in sqlite3.c. This flaw allows a local attacker to leverage a victim to pass specially crafted malicious input to the application, potentially causing a crash and leading to a denial of service. EPSS Score: 0.04% Source: CVE November 28th, 2024 (5 months ago)
CVE-2024-0217	Packagekitd: use-after-free in idle function callback Description: A use-after-free flaw was found in PackageKitd. In some conditions, the order of cleanup mechanics for a transaction could be impacted. As a result, some memory access could occur on memory regions that were previously freed. Once freed, a memory region can be reused for other allocations and any previously stored data in this memory region is considered lost. EPSS Score: 0.08% Source: CVE November 28th, 2024 (5 months ago)
CVE-2023-47038	Perl: write past buffer end via illegal user-defined unicode property Description: A vulnerability was found in perl 5.30.0 through 5.38.0. This issue occurs when a crafted regular expression is compiled by perl, which can allow an attacker controlled byte buffer overflow in a heap allocated buffer. EPSS Score: 0.04% Source: CVE November 28th, 2024 (5 months ago)
	Microsoft re-releases Exchange updates after fixing mail delivery Description: Microsoft has re-released the November 2024 security updates for Exchange Server after pulling them earlier this month due to email delivery issues on servers using custom mail flow rules. [...] Source: BleepingComputer November 27th, 2024 (5 months ago)
	Hackers abuse popular Godot game engine to infect thousands of PCs Description: Hackers have used new GodLoader malware exploiting the capabilities of the widely used Godot game engine to evade detection and infect over 17,000 systems in just three months. [...] Source: BleepingComputer November 27th, 2024 (5 months ago)