Threat and Vulnerability Intelligence Database
Example Searches:
CVE
Threat Actors
Countries
Vendors
Severity
Known Exploited
CVE-2024-6871 |
Description: G DATA Total Security Incorrect Permission Assignment Local Privilege Escalation Vulnerability. This vulnerability allows local attackers to escalate privileges on affected installations of G DATA Total Security. An attacker must first obtain the ability to execute low-privileged code on the target system in order to exploit this vulnerability.
The specific flaw exists within the handling of autostart tasks. The issue results from incorrect permissions set on folders. An attacker can leverage this vulnerability to escalate privileges and execute arbitrary code in the context of SYSTEM. Was ZDI-CAN-22629.
CVSS: HIGH (7.0) EPSS Score: 0.05%
November 27th, 2024 (5 months ago)
|
|
CVE-2024-6831 |
Description: Seth Fogie, member of AXIS Camera Station Pro Bug Bounty Program has found that it is possible to edit and/or remove views without the necessary permission due to a client-side-only check.
Axis has released patched versions for the highlighted flaw. Please
refer to the Axis security advisory for more information and solution.
CVSS: MEDIUM (4.4) EPSS Score: 0.04%
November 27th, 2024 (5 months ago)
|
|
CVE-2024-6749 |
Description: Seth Fogie, member of the AXIS Camera Station Pro Bug Bounty Program, has found that the Incident report feature may expose sensitive credentials on the AXIS Camera Station windows client. If Incident report is not being used with credentials configured this flaw does not apply.
Axis has released patched versions for the highlighted flaw. Please refer to the Axis security advisory for more information and solution.
CVSS: MEDIUM (6.3) EPSS Score: 0.04%
November 27th, 2024 (5 months ago)
|
|
CVE-2024-6640 |
Description: In ICMPv6 Neighbor Discovery (ND), the ID is always 0. When pf is configured to allow ND and block incoming Echo Requests, a crafted Echo Request packet after a Neighbor Solicitation (NS) can trigger an Echo Reply. The packet has to come from the same host as the NS and have a zero as identifier to match the state created by the Neighbor Discovery and allow replies to be generated.
ICMPv6 packets with identifier value of zero bypass firewall rules written on the assumption that the incoming packets are going to create a state in the state table.
CVSS: LOW (0.0) EPSS Score: 0.04%
November 27th, 2024 (5 months ago)
|
|
CVE-2024-6606 |
|
|
CVE-2024-6602 |
|
|
CVE-2024-6476 |
Description: Gee-netics, member of the AXIS Camera Station Pro Bug Bounty Program has found that it is possible for a non-admin user to gain system privileges by redirecting a file deletion upon service restart.
Axis has released patched versions for the highlighted flaw. Please refer to the Axis security advisory for more information and solution.
CVSS: MEDIUM (4.2) EPSS Score: 0.04%
November 27th, 2024 (5 months ago)
|
|
CVE-2024-5960 |
Description: Plaintext Storage of a Password vulnerability in Eliz Software Panel allows : Use of Known Domain Credentials.This issue affects Panel: before v2.3.24.
CVSS: LOW (0.0) EPSS Score: 0.05%
November 27th, 2024 (5 months ago)
|
|
CVE-2024-5722 |
Description: Logsign Unified SecOps Platform HTTP API Hard-coded Cryptographic Key Remote Code Execution Vulnerability. This vulnerability allows network-adjacent attackers to execute arbitrary code on affected installations of Logsign Unified SecOps Platform. Authentication is not required to exploit this vulnerability.
The specific flaw exists within the HTTP API. The issue results from using a hard-coded cryptographic key. An attacker can leverage this vulnerability to execute code in the context of root. Was ZDI-CAN-24170.
CVSS: HIGH (8.8) EPSS Score: 0.05%
November 27th, 2024 (5 months ago)
|
|
CVE-2024-5721 |
Description: Logsign Unified SecOps Platform Missing Authentication Remote Code Execution Vulnerability. This vulnerability allows remote attackers to execute arbitrary code on affected installations of Logsign Unified SecOps Platform. Authentication is not required to exploit this vulnerability.
The specific flaw exists within the implementation of the cluster HTTP API, which listens on TCP port 1924 when enabled. The issue results from the lack of authentication prior to allowing access to functionality. An attacker can leverage this vulnerability to execute code in the context of root. Was ZDI-CAN-24169.
CVSS: HIGH (8.1) EPSS Score: 0.05%
November 27th, 2024 (5 months ago)
|