CyberAlerts is shutting down on June 30th, 2025. Thank you for your support!
Threat and Vulnerability Intelligence Database
Example Searches:
CVE
Threat Actors
Countries
Vendors
Severity
Known Exploited
CVE-2024-57257 |
Description: A stack consumption issue in sqfs_size in Das U-Boot before 2025.01-rc1 occurs via a crafted squashfs filesystem with deep symlink nesting.
EPSS Score: 0.02%
February 19th, 2025 (5 months ago)
|
|
CVE-2024-57256 |
Description: An integer overflow in ext4fs_read_symlink in Das U-Boot before 2025.01-rc1 occurs for zalloc (adding one to an le32 variable) via a crafted ext4 filesystem with an inode size of 0xffffffff, resulting in a malloc of zero and resultant memory overwrite.
CVSS: HIGH (7.1) EPSS Score: 0.03%
February 19th, 2025 (5 months ago)
|
|
CVE-2024-57255 |
Description: An integer overflow in sqfs_resolve_symlink in Das U-Boot before 2025.01-rc1 occurs via a crafted squashfs filesystem with an inode size of 0xffffffff, resulting in a malloc of zero and resultant memory overwrite.
CVSS: HIGH (7.1) EPSS Score: 0.03%
February 19th, 2025 (5 months ago)
|
|
CVE-2024-57254 |
Description: An integer overflow in sqfs_inode_size in Das U-Boot before 2025.01-rc1 occurs in the symlink size calculation via a crafted squashfs filesystem.
CVSS: HIGH (7.1) EPSS Score: 0.03%
February 19th, 2025 (5 months ago)
|
|
CVE-2024-57056 |
Description: Incorrect cookie session handling in WombatDialer before 25.02 results in the full session identity being written to system logs and could be used by a malicious attacker to impersonate an existing user session.
EPSS Score: 0.03%
February 19th, 2025 (5 months ago)
|
|
CVE-2024-57055 |
Description: Server-Side Access Control Bypass vulnerability in WombatDialer before 25.02 could allow unauthorized users to potentially call certain services without the necessary access level. This issue is limited to services used by the client (not the general-use JSON services) and requires reverse engineering of the proprietary serialization protocol, making it difficult to exploit.
EPSS Score: 0.03%
February 19th, 2025 (5 months ago)
|
|
CVE-2024-57049 |
Description: A vulnerability in the TP-Link Archer c20 router with firmware version V6.6_230412 and earlier permits unauthorized individuals to bypass the authentication of some interfaces under the /cgi directory. When adding Referer: http://tplinkwifi.net to the the request, it will be recognized as passing the authentication.
EPSS Score: 0.08%
February 19th, 2025 (5 months ago)
|
|
CVE-2024-57046 |
Description: A vulnerability in the Netgear DGN2200 router with firmware version v1.0.0.46 and earlier permits unauthorized individuals to bypass the authentication. When adding "?x=1.gif" to the the requested url, it will be recognized as passing the authentication.
EPSS Score: 26.52%
February 19th, 2025 (5 months ago)
|
|
CVE-2024-57045 |
Description: A vulnerability in the D-Link DIR-859 router with firmware version A3 1.05 and earlier permits unauthorized individuals to bypass the authentication. An attacker can obtain a user name and password by forging a post request to the / getcfg.php page.
EPSS Score: 30.06%
February 19th, 2025 (5 months ago)
|
|
CVE-2024-56883 |
Description: Sage DPW before 2024_12_001 is vulnerable to Incorrect Access Control. The implemented role-based access controls are not always enforced on the server side. Low-privileged Sage users with employee role privileges can create external courses for other employees, even though they do not have the option to do so in the user interface. To do this, a valid request to create a course simply needs to be modified, so that the current user ID in the "id" parameter is replaced with the ID of another user.
EPSS Score: 0.4%
February 19th, 2025 (5 months ago)
|