CyberAlerts is shutting down on June 30th, 2025. Thank you for your support!
Threat and Vulnerability Intelligence Database
Example Searches:
CVE
Threat Actors
Countries
Vendors
Severity
Known Exploited
CVE-2024-24790 |
Description: The various Is methods (IsPrivate, IsLoopback, etc) did not work as expected for IPv4-mapped IPv6 addresses, returning false for addresses which would return true in their traditional IPv4 forms.
EPSS Score: 0.06%
February 14th, 2025 (5 months ago)
|
|
CVE-2024-24788 |
Description: A malformed DNS message in response to a query can cause the Lookup functions to get stuck in an infinite loop.
EPSS Score: 0.04%
February 14th, 2025 (5 months ago)
|
|
CVE-2024-24787 |
Description: On Darwin, building a Go module which contains CGO can trigger arbitrary code execution when using the Apple version of ld, due to usage of the -lto_library flag in a "#cgo LDFLAGS" directive.
EPSS Score: 0.04%
February 14th, 2025 (5 months ago)
|
|
CVE-2024-24786 |
Description: The protojson.Unmarshal function can enter an infinite loop when unmarshaling certain forms of invalid JSON. This condition can occur when unmarshaling into a message which contains a google.protobuf.Any value, or when the UnmarshalOptions.DiscardUnknown option is set.
EPSS Score: 0.05%
February 14th, 2025 (5 months ago)
|
|
CVE-2024-24785 |
Description: If errors returned from MarshalJSON methods contain user controlled data, they may be used to break the contextual auto-escaping behavior of the html/template package, allowing for subsequent actions to inject unexpected content into templates.
EPSS Score: 0.04%
February 14th, 2025 (5 months ago)
|
|
CVE-2024-24784 |
Description: The ParseAddressList function incorrectly handles comments (text within parentheses) within display names. Since this is a misalignment with conforming address parsers, it can result in different trust decisions being made by programs using different parsers.
EPSS Score: 0.04%
February 14th, 2025 (5 months ago)
|
|
CVE-2024-24783 |
Description: Verifying a certificate chain which contains a certificate with an unknown public key algorithm will cause Certificate.Verify to panic. This affects all crypto/tls clients, and servers that set Config.ClientAuth to VerifyClientCertIfGiven or RequireAndVerifyClientCert. The default behavior is for TLS servers to not verify client certificates.
EPSS Score: 0.04%
February 14th, 2025 (5 months ago)
|
|
CVE-2024-24779 |
Description: Apache Superset with custom roles that include `can write on dataset` and without all data access permissions, allows for users to create virtual datasets to data they don't have access to. These users could then use those virtual datasets to get access to unauthorized data.
This issue affects Apache Superset: before 3.0.4, from 3.1.0 before 3.1.1.
Users are recommended to upgrade to version 3.1.1 or 3.0.4, which fixes the issue.
CVSS: MEDIUM (5.0) EPSS Score: 0.11%
February 14th, 2025 (5 months ago)
|
|
CVE-2024-24773 |
Description: Improper parsing of nested SQL statements on SQLLab would allow authenticated users to surpass their data authorization scope.
This issue affects Apache Superset: before 3.0.4, from 3.1.0 before 3.1.1.
Users are recommended to upgrade to version 3.1.1, which fixes the issue.
CVSS: MEDIUM (4.9) EPSS Score: 0.11%
February 14th, 2025 (5 months ago)
|
|
CVE-2024-24758 |
Description: Undici is an HTTP/1.1 client, written from scratch for Node.js. Undici already cleared Authorization headers on cross-origin redirects, but did not clear `Proxy-Authentication` headers. This issue has been patched in versions 5.28.3 and 6.6.1. Users are advised to upgrade. There are no known workarounds for this vulnerability.
CVSS: LOW (3.9) EPSS Score: 0.09%
February 14th, 2025 (5 months ago)
|