Threat and Vulnerability Intelligence Database
Example Searches:
CVE
Threat Actors
Countries
Vendors
Severity
Known Exploited
CVE-2024-46624 |
Description: An issue in InfoDom Performa 365 v4.0.1 allows authenticated attackers to elevate their privileges to Administrator via a crafted payload sent to /api/users.
EPSS Score: 0.04%
December 4th, 2024 (6 months ago)
|
|
CVE-2024-45106 |
Description: Improper authentication of an HTTP endpoint in the S3 Gateway of Apache Ozone 1.4.0 allows any authenticated Kerberos user to revoke and regenerate the S3 secrets of any other user. This is only possible if:
* ozone.s3g.secret.http.enabled is set to true. The default value of this configuration is false.
* The user configured in ozone.s3g.kerberos.principal is also configured in ozone.s3.administrators or ozone.administrators.
Users are recommended to upgrade to Apache Ozone version 1.4.1 which disables the affected endpoint.
EPSS Score: 0.04%
December 4th, 2024 (6 months ago)
|
|
CVE-2023-4886 |
Description: A sensitive information exposure vulnerability was found in foreman. Contents of tomcat's server.xml file, which contain passwords to candlepin's keystore and truststore, were found to be world readable.
EPSS Score: 0.05%
December 4th, 2024 (6 months ago)
|
|
CVE-2023-46846 |
Description: SQUID is vulnerable to HTTP request smuggling, caused by chunked decoder lenience, allows a remote attacker to perform Request/Response smuggling past firewall and frontend security systems.
EPSS Score: 2.48%
December 4th, 2024 (6 months ago)
|
|
CVE-2023-4527 |
Description: A flaw was found in glibc. When the getaddrinfo function is called with the AF_UNSPEC address family and the system is configured with no-aaaa mode via /etc/resolv.conf, a DNS response via TCP larger than 2048 bytes can potentially disclose stack contents through the function returned address data, and may cause a crash.
EPSS Score: 0.15%
December 4th, 2024 (6 months ago)
|
|
CVE-2023-43787 |
Description: A vulnerability was found in libX11 due to an integer overflow within the XCreateImage() function. This flaw allows a local user to trigger an integer overflow and execute arbitrary code with elevated privileges.
EPSS Score: 0.04%
December 4th, 2024 (6 months ago)
|
|
CVE-2023-39418 |
Description: A vulnerability was found in PostgreSQL with the use of the MERGE command, which fails to test new rows against row security policies defined for UPDATE and SELECT. If UPDATE and SELECT policies forbid some rows that INSERT policies do not forbid, a user could store such rows.
EPSS Score: 0.5%
December 4th, 2024 (6 months ago)
|
|
CVE-2023-3750 |
Description: A flaw was found in libvirt. The virStoragePoolObjListSearch function does not return a locked pool as expected, resulting in a race condition and denial of service when attempting to lock the same object from another thread. This issue could allow clients connecting to the read-only socket to crash the libvirt daemon.
EPSS Score: 0.07%
December 4th, 2024 (6 months ago)
|
|
CVE-2023-3106 |
Description: A NULL pointer dereference vulnerability was found in netlink_dump. This issue can occur when the Netlink socket receives the message(sendmsg) for the XFRM_MSG_GETSA, XFRM_MSG_GETPOLICY type message, and the DUMP flag is set and can cause a denial of service or possibly another unspecified impact. Due to the nature of the flaw, privilege escalation cannot be fully ruled out, although it is unlikely.
EPSS Score: 0.04%
December 4th, 2024 (6 months ago)
|
|
CVE-2023-3019 |
Description: A DMA reentrancy issue leading to a use-after-free error was found in the e1000e NIC emulation code in QEMU. This issue could allow a privileged guest user to crash the QEMU process on the host, resulting in a denial of service.
EPSS Score: 0.05%
December 4th, 2024 (6 months ago)
|