CyberAlerts is shutting down on June 30th, 2025. Thank you for your support!

Threat and Vulnerability Intelligence Database

Example Searches:

CVE-2024-38417	Buffer Over-read in Automotive Multimedia Description: Information disclosure while processing IO control commands. CVSS: MEDIUM (6.1) EPSS Score: 0.04% Source: CVE February 4th, 2025 (5 months ago)
CVE-2024-38416	Buffer Over-read in Audio Description: Information disclosure during audio playback. CVSS: MEDIUM (6.1) EPSS Score: 0.04% Source: CVE February 4th, 2025 (5 months ago)
CVE-2024-38414	Buffer Over-read in Computer Vision Description: Information disclosure while processing information on firmware image during core initialization. CVSS: MEDIUM (6.1) EPSS Score: 0.04% Source: CVE February 4th, 2025 (5 months ago)
CVE-2024-38413	Improper Input Validation in Computer Vision Description: Memory corruption while processing frame packets. CVSS: MEDIUM (6.6) EPSS Score: 0.04% Source: CVE February 4th, 2025 (5 months ago)
CVE-2024-38412	Use After Free in Computer Vision Description: Memory corruption while invoking IOCTL calls from user-space to kernel-space to handle session errors. CVSS: MEDIUM (6.6) EPSS Score: 0.04% Source: CVE February 4th, 2025 (5 months ago)
CVE-2024-38411	Use After Free in Computer Vision Description: Memory corruption while registering a buffer from user-space to kernel-space using IOCTL calls. CVSS: MEDIUM (6.6) EPSS Score: 0.04% Source: CVE February 4th, 2025 (5 months ago)
CVE-2024-38404	Buffer Over-read in Multi Mode Call Processor Description: Transient DOS when registration accept OTA is received with incorrect ciphering key data IE in modem. CVSS: HIGH (7.5) EPSS Score: 0.05% Source: CVE February 4th, 2025 (5 months ago)
CVE-2024-36437	The com.enflick.android.TextNow (aka TextNow: Call + Text Unlimited) application 24.17.0.2 for Android enables any installed application (with no... Description: The com.enflick.android.TextNow (aka TextNow: Call + Text Unlimited) application 24.17.0.2 for Android enables any installed application (with no permissions) to place phone calls without user interaction by sending a crafted intent via the com.enflick.android.TextNow.activities.DialerActivity component. EPSS Score: 0.04% Source: CVE February 4th, 2025 (5 months ago)
CVE-2024-35177	Improper Access Control in wazuh-agent Description: Wazuh is a free and open source platform used for threat prevention, detection, and response. It is capable of protecting workloads across on-premises, virtualized, containerized, and cloud-based environments. The wazuh-agent for Windows is vulnerable to a Local Privilege Escalation vulnerability due to improper ACL of the non-default installation directory. A local malicious user could potentially exploit this vulnerability by placing one of the many DLL that are loaded and not present on the system in the installation folder of the agent OR by replacing the service executable binary itself with a malicious one. The root cause is an improper ACL applied on the installation folder when a non-default installation path is specified (e.g,: C:\wazuh). Many DLLs are loaded from the installation folder and by creating a malicious DLLs that exports the functions of a legit one (and that is not found on the system where the agent is installed, such as rsync.dll) it is possible to escalate privileges from a low-privileged user and obtain code execution under the context of NT AUTHORITY\SYSTEM. This issue has been addressed in version 4.9.0 and all users are advised to upgrade. There are no known workarounds for this vulnerability. CVSS: HIGH (7.8) EPSS Score: 0.04% Source: CVE February 4th, 2025 (5 months ago)
CVE-2024-34897	Nedis SmartLife android app v1.4.0 was discovered to contain an API key disclosure vulnerability. Description: Nedis SmartLife android app v1.4.0 was discovered to contain an API key disclosure vulnerability. EPSS Score: 0.04% Source: CVE February 4th, 2025 (5 months ago)