CyberAlerts is shutting down on June 30th, 2025. Thank you for your support!

Threat and Vulnerability Intelligence Database

RSS Feed

Example Searches:

CVE-2024-43764

Description: In onPrimaryClipChanged of ClipboardListener.java, there is a possible way to partially bypass lock screen. This could lead to local escalation of privilege with no additional execution privileges needed. User interaction is not needed for exploitation.

EPSS Score: 0.04%

Source: CVE
January 4th, 2025 (6 months ago)

CVE-2024-43762

Description: In multiple locations, there is a possible way to avoid unbinding of a service from the system due to a logic error in the code. This could lead to local escalation of privilege with no additional execution privileges needed. User interaction is not needed for exploitation.

EPSS Score: 0.04%

Source: CVE
January 4th, 2025 (6 months ago)

CVE-2024-43097

Description: In resizeToAtLeast of SkRegion.cpp, there is a possible out of bounds write due to an integer overflow. This could lead to local escalation of privilege with no additional execution privileges needed. User interaction is not needed for exploitation.

EPSS Score: 0.04%

Source: CVE
January 4th, 2025 (6 months ago)

CVE-2024-43077

Description: In DevmemValidateFlags of devicemem_server.c , there is a possible out of bounds write due to memory corruption. This could lead to local escalation of privilege with no additional execution privileges needed. User interaction is not needed for exploitation.

EPSS Score: 0.04%

Source: CVE
January 4th, 2025 (6 months ago)

CVE-2024-36613

Description: FFmpeg n6.1.1 has a vulnerability in the DXA demuxer of the libavformat library allowing for an integer overflow, potentially resulting in a denial-of-service (DoS) condition or other undefined behavior.

EPSS Score: 0.05%

Source: CVE
January 4th, 2025 (6 months ago)

CVE-2024-35365

Description: FFmpeg version n6.1.1 has a double-free vulnerability in the fftools/ffmpeg_mux_init.c component of FFmpeg, specifically within the new_stream_audio function.

EPSS Score: 0.05%

Source: CVE
January 4th, 2025 (6 months ago)

CVE-2024-11624

Description: there is a possible to add apps to bypass VPN due to Undeclared Permission . This could lead to local escalation of privilege with no additional execution privileges needed. User interaction is not needed for exploitation.

EPSS Score: 0.04%

Source: CVE
January 4th, 2025 (6 months ago)
Description: Tenable says customers must manually upgrade their software to revive Nessus vulnerability scanner agents taken offline on December 31st due to buggy differential plugin updates. [...]
Source: BleepingComputer
January 3rd, 2025 (6 months ago)
Description: Weeks after the critical vulnerability was reported and a hacking of the Treasury Department, nearly 9,000 BeyondTrust instances remain wide open to the Internet, researchers say.
Source: Dark Reading
January 3rd, 2025 (6 months ago)
Description: Impact A Denial of Service (DoS) attack allows attackers to construct requests that leaves requests to Server Actions hanging until the hosting provider cancels the function execution. Note: Next.js server is idle during that time and only keeps the connection open. CPU and memory footprint are low during that time. Deployments without any protection against long running Server Action invocations are especially vulnerable. Hosting providers like Vercel or Netlify set a default maximum duration on function execution to reduce the risk of excessive billing. This is the same issue as if the incoming HTTP request has an invalid Content-Length header or never closes. If the host has no other mitigations to those then this vulnerability is novel. This vulnerability affects only Next.js deployments using Server Actions. Patches This vulnerability was resolved in Next.js 14.2.21, 15.1.2, and 13.5.8. We recommend that users upgrade to a safe version. Workarounds There are no official workarounds for this vulnerability. Credits Thanks to the PackDraw team for responsibly disclosing this vulnerability. References https://github.com/vercel/next.js/security/advisories/GHSA-7m27-7ghc-44w9 https://github.com/advisories/GHSA-7m27-7ghc-44w9
Source: Github Advisory Database (NPM)
January 3rd, 2025 (6 months ago)