Threat and Vulnerability Intelligence Database

RSS Feed

Example Searches:

CVE
Threat Actors
Countries
Vendors
Severity
Known Exploited

CVE-2024-21105
Vulnerability in the Oracle Solaris product of Oracle Systems (component: Utility). The supported version that is affected is 11. Easily...
Description: Vulnerability in the Oracle Solaris product of Oracle Systems (component: Utility). The supported version that is affected is 11. Easily exploitable vulnerability allows high privileged attacker with logon to the infrastructure where Oracle Solaris executes to compromise Oracle Solaris. Successful attacks require human interaction from a person other than the attacker. Successful attacks of this vulnerability can result in unauthorized read access to a subset of Oracle Solaris accessible data. CVSS 3.1 Base Score 2.0 (Confidentiality impacts). CVSS Vector: (CVSS:3.1/AV:L/AC:L/PR:H/UI:R/S:U/C:L/I:N/A:N).

CVSS: LOW (2.0)

EPSS Score: 0.04%

Source: CVE
December 5th, 2024 (5 months ago)

CVE-2024-20397
Cisco NX-OS Software Image Verification Bypass Vulnerability
Description: A vulnerability in the bootloader of Cisco NX-OS Software could allow an unauthenticated attacker with physical access to an affected device, or an authenticated, local attacker with administrative credentials, to bypass NX-OS image signature verification. This vulnerability is due to insecure bootloader settings. An attacker could exploit this vulnerability by executing a series of bootloader commands. A successful exploit could allow the attacker to bypass NX-OS image signature verification and load unverified software.

CVSS: MEDIUM (5.2)

EPSS Score: 0.05%

Source: CVE
December 5th, 2024 (5 months ago)

CVE-2024-1764
Improper privilege management in Just-in-time (JIT) elevation module in Devolutions Server 2023.3.14.0 and earlier allows a user to continue using...
Description: Improper privilege management in Just-in-time (JIT) elevation module in Devolutions Server 2023.3.14.0 and earlier allows a user to continue using the elevated privilege even after the expiration under specific circumstances

CVSS: LOW (0.0)

EPSS Score: 0.04%

Source: CVE
December 5th, 2024 (5 months ago)

CVE-2024-1674
Inappropriate implementation in Navigation in Google Chrome prior to 122.0.6261.57 allowed a remote attacker to bypass navigation restrictions via...
Description: Inappropriate implementation in Navigation in Google Chrome prior to 122.0.6261.57 allowed a remote attacker to bypass navigation restrictions via a crafted HTML page. (Chromium security severity: Medium)

CVSS: LOW (0.0)

EPSS Score: 0.08%

Source: CVE
December 5th, 2024 (5 months ago)

CVE-2024-12196
Incorrect authorization in the permission component in Devolutions Server 2024.3.7.0 and earlier allows an authenticated user to view the password...
Description: Incorrect authorization in the permission component in Devolutions Server 2024.3.7.0 and earlier allows an authenticated user to view the password history of an entry without the view password permission.

CVSS: LOW (0.0)

EPSS Score: 0.04%

Source: CVE
December 5th, 2024 (5 months ago)

CVE-2024-12186
code-projects Hotel Management System Available Room hotelnew.c stack-based overflow
Description: A vulnerability was found in code-projects Hotel Management System 1.0 and classified as problematic. This issue affects some unknown processing of the file hotelnew.c of the component Available Room Handler. The manipulation of the argument admin_entry leads to stack-based buffer overflow. Local access is required to approach this attack. The exploit has been disclosed to the public and may be used. Eine problematische Schwachstelle wurde in code-projects Hotel Management System 1.0 gefunden. Dies betrifft einen unbekannten Teil der Datei hotelnew.c der Komponente Available Room Handler. Mittels dem Manipulieren des Arguments admin_entry mit unbekannten Daten kann eine stack-based buffer overflow-Schwachstelle ausgenutzt werden. Umgesetzt werden muss der Angriff lokal. Der Exploit steht zur öffentlichen Verfügung.

CVSS: MEDIUM (4.8)

EPSS Score: 0.04%

Source: CVE
December 5th, 2024 (5 months ago)

CVE-2024-12185
code-projects Hotel Management System Administrator Login Password stack-based overflow
Description: A vulnerability has been found in code-projects Hotel Management System 1.0 and classified as problematic. This vulnerability affects unknown code of the component Administrator Login Password Handler. The manipulation of the argument Str2 leads to stack-based buffer overflow. An attack has to be approached locally. The exploit has been disclosed to the public and may be used. In code-projects Hotel Management System 1.0 wurde eine problematische Schwachstelle gefunden. Das betrifft eine unbekannte Funktionalität der Komponente Administrator Login Password Handler. Durch Manipulation des Arguments Str2 mit unbekannten Daten kann eine stack-based buffer overflow-Schwachstelle ausgenutzt werden. Die Umsetzung des Angriffs hat dabei lokal zu erfolgen. Der Exploit steht zur öffentlichen Verfügung.

CVSS: MEDIUM (4.8)

EPSS Score: 0.04%

Source: CVE
December 5th, 2024 (5 months ago)

CVE-2024-12183
DedeCMS HTTP POST Request carbuyaction.php RemoveXSS cross site scripting
Description: A vulnerability, which was classified as problematic, was found in DedeCMS 5.7.116. This affects the function RemoveXSS of the file /plus/carbuyaction.php of the component HTTP POST Request Handler. The manipulation leads to cross site scripting. It is possible to initiate the attack remotely. The exploit has been disclosed to the public and may be used. Es wurde eine problematische Schwachstelle in DedeCMS 5.7.116 gefunden. Es betrifft die Funktion RemoveXSS der Datei /plus/carbuyaction.php der Komponente HTTP POST Request Handler. Durch die Manipulation mit unbekannten Daten kann eine cross site scripting-Schwachstelle ausgenutzt werden. Der Angriff kann über das Netzwerk erfolgen. Der Exploit steht zur öffentlichen Verfügung.

CVSS: MEDIUM (5.3)

EPSS Score: 0.07%

Source: CVE
December 5th, 2024 (5 months ago)

CVE-2024-12182
DedeCMS soft_add.php cross site scripting
Description: A vulnerability, which was classified as problematic, has been found in DedeCMS 5.7.116. Affected by this issue is some unknown functionality of the file /member/soft_add.php. The manipulation of the argument body leads to cross site scripting. The attack may be launched remotely. The exploit has been disclosed to the public and may be used. Eine problematische Schwachstelle wurde in DedeCMS 5.7.116 entdeckt. Hierbei geht es um eine nicht exakt ausgemachte Funktion der Datei /member/soft_add.php. Mit der Manipulation des Arguments body mit unbekannten Daten kann eine cross site scripting-Schwachstelle ausgenutzt werden. Umgesetzt werden kann der Angriff über das Netzwerk. Der Exploit steht zur öffentlichen Verfügung.

CVSS: MEDIUM (5.3)

EPSS Score: 0.07%

Source: CVE
December 5th, 2024 (5 months ago)

CVE-2024-12181
DedeCMS SWF File uploads_add.php cross site scripting
Description: A vulnerability classified as problematic was found in DedeCMS 5.7.116. Affected by this vulnerability is an unknown functionality of the file /member/uploads_add.php of the component SWF File Handler. The manipulation of the argument mediatype leads to cross site scripting. The attack can be launched remotely. The exploit has been disclosed to the public and may be used. In DedeCMS 5.7.116 wurde eine problematische Schwachstelle entdeckt. Dabei geht es um eine nicht genauer bekannte Funktion der Datei /member/uploads_add.php der Komponente SWF File Handler. Dank Manipulation des Arguments mediatype mit unbekannten Daten kann eine cross site scripting-Schwachstelle ausgenutzt werden. Die Umsetzung des Angriffs kann dabei über das Netzwerk erfolgen. Der Exploit steht zur öffentlichen Verfügung.

CVSS: MEDIUM (5.3)

EPSS Score: 0.07%

Source: CVE
December 5th, 2024 (5 months ago)