Threat and Vulnerability Intelligence Database
Example Searches:
CVE
Threat Actors
Countries
Vendors
Severity
Known Exploited
CVE-2024-47939 |
Description: Stack-based buffer overflow vulnerability exists in multiple Ricoh laser printers and MFPs which implement Web Image Monitor. If this vulnerability is exploited, receiving a specially crafted request created and sent by an attacker may lead to arbitrary code execution and/or a denial-of-service (DoS) condition. As for the details of affected product names and versions, refer to the information provided by the vendor under [References].
CVSS: CRITICAL (9.8) EPSS Score: 0.05%
December 6th, 2024 (5 months ago)
|
|
CVE-2024-47133 |
Description: UD-LT1 firmware Ver.2.1.8 and earlier and UD-LT1/EX firmware Ver.2.1.8 and earlier allow a remote authenticated attacker with an administrative account to execute arbitrary OS commands.
CVSS: HIGH (7.2) EPSS Score: 0.04%
December 6th, 2024 (5 months ago)
|
|
CVE-2024-45841 |
Description: Incorrect permission assignment for critical resource issue exists in UD-LT1 firmware Ver.2.1.8 and earlier and UD-LT1/EX firmware Ver.2.1.8 and earlier. If an attacker with the guest account of the affected products accesses a specific file, the information containing credentials may be obtained.
CVSS: MEDIUM (6.5) EPSS Score: 0.04%
December 6th, 2024 (5 months ago)
|
|
CVE-2024-45319 |
Description: A vulnerability in the SonicWall SMA100 SSLVPN
firmware 10.2.1.13-72sv and earlier versions allows a remote authenticated attacker can circumvent the certificate requirement during authentication.
CVSS: LOW (0.0) EPSS Score: 0.04%
December 6th, 2024 (5 months ago)
|
|
CVE-2024-45318 |
Description: A vulnerability in the SonicWall SMA100 SSLVPN web management interface allows remote attackers to cause Stack-based buffer overflow and potentially lead to code execution.
CVSS: LOW (0.0) EPSS Score: 0.04%
December 6th, 2024 (5 months ago)
|
|
CVE-2024-44155 |
Description: A custom URL scheme handling issue was addressed with improved input validation. This issue is fixed in Safari 18, iOS 17.7.1 and iPadOS 17.7.1, macOS Sequoia 15, watchOS 11, iOS 18 and iPadOS 18. Maliciously crafted web content may violate iframe sandboxing policy.
CVSS: LOW (0.0) EPSS Score: 0.05%
December 6th, 2024 (5 months ago)
|
|
CVE-2024-42455 |
Description: A vulnerability in Veeam Backup & Replication allows a low-privileged user to connect to remoting services and exploit insecure deserialization by sending a serialized temporary file collection. This exploit allows the attacker to delete any file on the system with service account privileges. The vulnerability is caused by an insufficient blacklist during the deserialization process.
CVSS: HIGH (7.1) EPSS Score: 0.04%
December 6th, 2024 (5 months ago)
|
|
CVE-2024-42449 |
Description: From the VSPC management agent machine, under condition that the management agent is authorized on the server, it is possible to remove arbitrary files on the VSPC server machine.
CVSS: HIGH (7.1) EPSS Score: 0.04%
December 6th, 2024 (5 months ago)
|
|
CVE-2024-42195 |
Description: HCL DevOps Deploy / HCL Launch is vulnerable to HTML injection. This vulnerability may allow a user to embed arbitrary HTML tags in the Web UI potentially leading to sensitive information disclosure.
CVSS: LOW (3.1) EPSS Score: 0.04%
December 6th, 2024 (5 months ago)
|
|
CVE-2024-41624 |
Description: Incorrect access control in Himalaya Xiaoya nano smart speaker rom_version 1.6.96 allows a remote attacker to have an unspecified impact.
CVSS: LOW (0.0) EPSS Score: 0.04%
December 6th, 2024 (5 months ago)
|