Threat and Vulnerability Intelligence Database
Example Searches:
CVE
Threat Actors
Countries
Vendors
Severity
Known Exploited
CVE-2023-41175 |
Description: A vulnerability was found in libtiff due to multiple potential integer overflows in raw2tiff.c. This flaw allows remote attackers to cause a denial of service or possibly execute an arbitrary code via a crafted tiff image, which triggers a heap-based buffer overflow.
EPSS Score: 0.14%
December 5th, 2024 (5 months ago)
|
|
CVE-2023-40660 |
Description: A flaw was found in OpenSC packages that allow a potential PIN bypass. When a token/card is authenticated by one process, it can perform cryptographic operations in other processes when an empty zero-length pin is passed. This issue poses a security risk, particularly for OS logon/screen unlock and for small, permanently connected tokens to computers. Additionally, the token can internally track login status. This flaw allows an attacker to gain unauthorized access, carry out malicious actions, or compromise the system without the user's awareness.
EPSS Score: 0.07%
December 5th, 2024 (5 months ago)
|
|
Description: Firepad through 1.5.11 allows remote attackers, who have knowledge of a pad ID, to retrieve both the current text of a document and all content that has previously been pasted into the document. NOTE: in several similar products, this is the intentional behavior for anyone who knows the full document ID and corresponding URL. NOTE: This vulnerability only affects products that are no longer supported by the maintainer.
References
https://nvd.nist.gov/vuln/detail/CVE-2024-51210
https://firebase.blog/posts/2013/04/announcing-firepad-our-open-source
https://github.com/FirebaseExtended/firepad/releases/tag/v1.5.11
https://medium.com/@adityaahuja.work/accessing-full-history-of-firepad-users-ddc889e73936
https://github.com/advisories/GHSA-4fh7-m2wx-6wfm
December 4th, 2024 (5 months ago)
|
|
|
Description: A vulnerability in VMware Tanzu Spring LDAP allows data exposure for case sensitive comparisons.This issue affects Spring LDAP: from 2.4.0 through 2.4.3, from 3.0.0 through 3.0.9, from 3.1.0 through 3.1.7, from 3.2.0 through 3.2.7, AND all versions prior to 2.4.0.
The usage of String.toLowerCase() and String.toUpperCase() has some Locale dependent exceptions that could potentially result in unintended columns from being queried
Related to CVE-2024-38820 https://spring.io/security/cve-2024-38820
References
https://nvd.nist.gov/vuln/detail/CVE-2024-38829
https://spring.io/security/cve-2024-38829
https://github.com/advisories/GHSA-mqvr-2rp8-j7h4
December 4th, 2024 (5 months ago)
|
|
|
Description: Chinese state hackers, known as Salt Typhoon, have breached telecommunications companies in dozens of countries, President Biden's deputy national security adviser Anne Neuberger said today. [...]
December 4th, 2024 (5 months ago)
|
|
|
Description: Individuals concerned about the privacy of their communications should consider using encrypted messaging apps and encrypted voice communications, CISA and FBI officials say.
December 4th, 2024 (5 months ago)
|
|
|
Description: The vulnerability affects certain versions of the Veeam Service Provider Console that can only be fixed by updating with the latest patch.
December 4th, 2024 (5 months ago)
|
|
|
Description: The FBI warns that scammers are increasingly using artificial intelligence to improve the quality and effectiveness of their online fraud schemes, ranging from romance and investment scams to job hiring schemes. [...]
December 4th, 2024 (5 months ago)
|
|
|
Description: A law enforcement operation led by the United Kingdom's National Crime Agency (NCA) has disrupted two Russian money laundering networks working with criminals worldwide, including ransomware gangs. [...]
December 4th, 2024 (5 months ago)
|
|
|
Description: The notorious spyware from Israel's NSO Group has been found targeting journalists, government officials, and corporate executives in multiple variants discovered in a threat scan of 3,500 mobile phones.
December 4th, 2024 (5 months ago)
|