Threat and Vulnerability Intelligence Database
Example Searches:
CVE
Threat Actors
Countries
Vendors
Severity
Known Exploited
CVE-2024-50089 |
Description: In the Linux kernel, the following vulnerability has been resolved:
unicode: Don't special case ignorable code points
We don't need to handle them separately. Instead, just let them
decompose/casefold to themselves.
EPSS Score: 0.04%
December 5th, 2024 (5 months ago)
|
|
CVE-2024-47554 |
Description: Uncontrolled Resource Consumption vulnerability in Apache Commons IO.
The org.apache.commons.io.input.XmlStreamReader class may excessively consume CPU resources when processing maliciously crafted input.
This issue affects Apache Commons IO: from 2.0 before 2.14.0.
Users are recommended to upgrade to version 2.14.0 or later, which fixes the issue.
EPSS Score: 0.04%
December 5th, 2024 (5 months ago)
|
|
CVE-2024-43080 |
Description: In onReceive of AppRestrictionsFragment.java, there is a possible escalation of privilege due to unsafe deserialization. This could lead to local escalation of privilege with no additional execution privileges needed. User interaction is needed for exploitation.
EPSS Score: 0.05%
December 5th, 2024 (5 months ago)
|
|
CVE-2024-40661 |
Description: In mayAdminGrantPermission of AdminRestrictedPermissionsUtils.java, there is a possible way to access the microphone due to a missing permission check. This could lead to local escalation of privilege with no additional execution privileges needed. User interaction is not needed for exploitation.
EPSS Score: 0.04%
December 5th, 2024 (5 months ago)
|
|
CVE-2024-3656 |
Description: A flaw was found in Keycloak. Certain endpoints in Keycloak's admin REST API allow low-privilege users to access administrative functionalities. This flaw allows users to perform actions reserved for administrators, potentially leading to data breaches or system compromise.
EPSS Score: 0.09%
December 5th, 2024 (5 months ago)
|
|
CVE-2024-34719 |
Description: In multiple locations, there is a possible permissions bypass due to a missing null check. This could lead to local escalation of privilege with no additional execution privileges needed. User interaction is not needed for exploitation.
EPSS Score: 0.04%
December 5th, 2024 (5 months ago)
|
|
CVE-2024-27140 |
Description: ** UNSUPPORTED WHEN ASSIGNED **
Improper Neutralization of Input During Web Page Generation ('Cross-site Scripting') vulnerability in Apache Archiva.
This issue affects Apache Archiva: from 2.0.0.
As this project is retired, we do not plan to release a version that fixes this issue. Users are recommended to find an alternative or restrict access to the instance to trusted users. Alternatively, you could configure a HTTP proxy in front of your Archiva instance to only forward requests that do not have malicious characters in the URL.
NOTE: This vulnerability only affects products that are no longer supported by the maintainer.
EPSS Score: 0.04%
December 5th, 2024 (5 months ago)
|
|
CVE-2024-11079 |
Description: A flaw was found in Ansible-Core. This vulnerability allows attackers to bypass unsafe content protections using the hostvars object to reference and execute templated content. This issue can lead to arbitrary code execution if remote data or module outputs are improperly templated within playbooks.
EPSS Score: 0.05%
December 5th, 2024 (5 months ago)
|
|
CVE-2024-1062 |
Description: A heap overflow flaw was found in 389-ds-base. This issue leads to a denial of service when writing a value larger than 256 chars in log_entry_attr.
EPSS Score: 0.05%
December 5th, 2024 (5 months ago)
|
|
CVE-2023-6267 |
Description: A flaw was found in the json payload. If annotation based security is used to secure a REST resource, the JSON body that the resource may consume is being processed (deserialized) prior to the security constraints being evaluated and applied. This does not happen with configuration based security.
EPSS Score: 0.12%
December 5th, 2024 (5 months ago)
|