Threat and Vulnerability Intelligence Database
Example Searches:
CVE
Threat Actors
Countries
Vendors
Severity
Known Exploited
CVE-2024-20653 |
Description: Microsoft Common Log File System Elevation of Privilege Vulnerability
CVSS: HIGH (7.8) EPSS Score: 0.05%
January 1st, 2025 (5 months ago)
|
|
CVE-2024-20652 |
Description: Windows HTML Platforms Security Feature Bypass Vulnerability
CVSS: HIGH (8.1) EPSS Score: 0.05%
January 1st, 2025 (5 months ago)
|
|
CVE-2024-0057 |
Description: NET, .NET Framework, and Visual Studio Security Feature Bypass Vulnerability
CVSS: CRITICAL (9.1) EPSS Score: 0.15%
January 1st, 2025 (5 months ago)
|
|
CVE-2024-0056 |
Description: Microsoft.Data.SqlClient and System.Data.SqlClient SQL Data Provider Security Feature Bypass Vulnerability
CVSS: HIGH (8.7) EPSS Score: 0.05%
January 1st, 2025 (5 months ago)
|
|
Description: Cybersecurity researchers have uncovered three security weaknesses in Microsoft's Azure Data Factory Apache Airflow integration that, if successfully exploited, could have allowed an attacker to gain the ability to conduct various covert actions, including data exfiltration and malware deployment.
"Exploiting these flaws could allow attackers to gain persistent access as shadow administrators
December 31st, 2024 (5 months ago)
|
|
|
Description: Microsoft is forcing .NET developers to quickly update their apps and developer pipelines so they do not use 'azureedge.net' domains to install .NET components, as the domain will soon be unavailable due to the bankruptcy and imminent shutdown of CDN provider Edgio. [...]
December 30th, 2024 (5 months ago)
|
|
CVE-2024-53224 |
Description: In the Linux kernel, the following vulnerability has been resolved:
RDMA/mlx5: Move events notifier registration to be after device registration
Move pkey change work initialization and cleanup from device resources
stage to notifier stage, since this is the stage which handles this work
events.
Fix a race between the device deregistration and pkey change work by moving
MLX5_IB_STAGE_DEVICE_NOTIFIER to be after MLX5_IB_STAGE_IB_REG in order to
ensure that the notifier is deregistered before the device during cleanup.
Which ensures there are no works that are being executed after the
device has already unregistered which can cause the panic below.
BUG: kernel NULL pointer dereference, address: 0000000000000000
PGD 0 P4D 0
Oops: 0000 [#1] PREEMPT SMP PTI
CPU: 1 PID: 630071 Comm: kworker/1:2 Kdump: loaded Tainted: G W OE --------- --- 5.14.0-162.6.1.el9_1.x86_64 #1
Hardware name: Microsoft Corporation Virtual Machine/Virtual Machine, BIOS 090008 02/27/2023
Workqueue: events pkey_change_handler [mlx5_ib]
RIP: 0010:setup_qp+0x38/0x1f0 [mlx5_ib]
Code: ee 41 54 45 31 e4 55 89 f5 53 48 89 fb 48 83 ec 20 8b 77 08 65 48 8b 04 25 28 00 00 00 48 89 44 24 18 48 8b 07 48 8d 4c 24 16 <4c> 8b 38 49 8b 87 80 0b 00 00 4c 89 ff 48 8b 80 08 05 00 00 8b 40
RSP: 0018:ffffbcc54068be20 EFLAGS: 00010282
RAX: 0000000000000000 RBX: ffff954054494128 RCX: ffffbcc54068be36
RDX: ffff954004934000 RSI: 0000000000000001 RDI: ffff954054494128
RBP: 0000000000000023 R08: ffff954001be2c20 R09: 000000000000...
EPSS Score: 0.04%
December 28th, 2024 (5 months ago)
|
|
CVE-2024-43615 |
Description: Microsoft OpenSSH for Windows Remote Code Execution Vulnerability
CVSS: HIGH (7.1) EPSS Score: 0.04%
December 28th, 2024 (5 months ago)
|
|
CVE-2024-43614 |
Description: Microsoft Defender for Endpoint for Linux Spoofing Vulnerability
CVSS: MEDIUM (5.5) EPSS Score: 0.05%
December 28th, 2024 (5 months ago)
|
|
CVE-2024-43612 |
Description: Power BI Report Server Spoofing Vulnerability
CVSS: MEDIUM (6.9) EPSS Score: 0.07%
December 28th, 2024 (5 months ago)
|