Threat and Vulnerability Intelligence Database

RSS Feed

Example Searches:

CVE
Threat Actors
Countries
Vendors
Severity
Known Exploited

CVE-2024-37860
Buffer Overflow vulnerability in Open Robotic Operating System 2 ROS2 navigation2- ROS2-humble&& navigation2-humble allows a local attacker...
Description: Buffer Overflow vulnerability in Open Robotic Operating System 2 ROS2 navigation2- ROS2-humble&& navigation2-humble allows a local attacker to execute arbitrary code via a crafted .yaml file to the nav2_amcl process

CVSS: LOW (0.0)

EPSS Score: 0.05%

Source: CVE
December 6th, 2024 (5 months ago)

CVE-2024-35342
Certain Anpviz products allow unauthenticated users to modify or disable camera related settings such as microphone volume, speaker volume, LED...
Description: Certain Anpviz products allow unauthenticated users to modify or disable camera related settings such as microphone volume, speaker volume, LED lighting, NTP, motion detection, etc. This affects IPC-D250, IPC-D260, IPC-B850, IPC-D850, IPC-D350, IPC-D3150, IPC-D4250, IPC-D380, IPC-D880, IPC-D280, IPC-D3180, MC800N, YM500L, YM800N_N2, YMF50B, YM800SV2, YM500L8, and YM200E10 firmware v3.2.2.2 and lower and possibly more vendors/models of IP camera.

CVSS: LOW (0.0)

Source: CVE
December 6th, 2024 (5 months ago)

CVE-2024-31408
OS command injection vulnerability exists in AIPHONE IX SYSTEM and IXG SYSTEM. A network-adjacent authenticated attacker may execute an arbitrary...
Description: OS command injection vulnerability exists in AIPHONE IX SYSTEM and IXG SYSTEM. A network-adjacent authenticated attacker may execute an arbitrary OS command with root privileges by sending a specially crafted request.

CVSS: HIGH (8.0)

EPSS Score: 0.05%

Source: CVE
December 6th, 2024 (5 months ago)

CVE-2024-30964
Insecure Permissions vulnerability in Open Robotics Robotic Operating System 2 (ROS2) navigation2- ROS2-humble and navigation 2-humble allows a...
Description: Insecure Permissions vulnerability in Open Robotics Robotic Operating System 2 (ROS2) navigation2- ROS2-humble and navigation 2-humble allows a local attacker to execute arbitrary code via the initial_pose_sub thread created by nav2_bt_navigator

CVSS: LOW (0.0)

EPSS Score: 0.05%

Source: CVE
December 6th, 2024 (5 months ago)

CVE-2024-30963
Buffer Overflow vulnerability in Open Robotics Robotic Operating System 2 (ROS2) navigation2- ROS2-humble and navigation 2-humble allows a local...
Description: Buffer Overflow vulnerability in Open Robotics Robotic Operating System 2 (ROS2) navigation2- ROS2-humble and navigation 2-humble allows a local attacker to execute arbitrary code via a crafted script.

CVSS: LOW (0.0)

EPSS Score: 0.04%

Source: CVE
December 6th, 2024 (5 months ago)

CVE-2024-30962
Buffer Overflow vulnerability in Open Robotics Robotic Operating System 2 (ROS2) navigation2- ROS2-humble and navigation 2-humble allows a local...
Description: Buffer Overflow vulnerability in Open Robotics Robotic Operating System 2 (ROS2) navigation2- ROS2-humble and navigation 2-humble allows a local attacker to execute arbitrary code via the nav2_amcl process

CVSS: LOW (0.0)

EPSS Score: 0.04%

Source: CVE
December 6th, 2024 (5 months ago)

CVE-2024-30961
Insecure Permissions vulnerability in Open Robotics Robotic Operating System 2 (ROS2) navigation2- ROS2-humble and navigation 2-humble allows a...
Description: Insecure Permissions vulnerability in Open Robotics Robotic Operating System 2 (ROS2) navigation2- ROS2-humble and navigation 2-humble allows a local attacker to execute arbitrary code via the error-thrown mechanism in nav2_bt_navigator.

CVSS: LOW (0.0)

EPSS Score: 0.04%

Source: CVE
December 6th, 2024 (5 months ago)

CVE-2024-30377
G DATA Total Security Scan Server Link Following Local Privilege Escalation Vulnerability
Description: G DATA Total Security Scan Server Link Following Local Privilege Escalation Vulnerability. This vulnerability allows local attackers to escalate privileges on affected installations of G DATA Total Security. An attacker must first obtain the ability to execute low-privileged code on the target system in order to exploit this vulnerability. The specific flaw exists within the G DATA AntiVirus Scan Server. By creating a symbolic link, an attacker can abuse the service to delete arbitrary files. An attacker can leverage this vulnerability to escalate privileges and execute arbitrary code in the context of SYSTEM. Was ZDI-CAN-23381.

CVSS: HIGH (7.8)

EPSS Score: 0.05%

Source: CVE
December 6th, 2024 (5 months ago)

CVE-2024-30376
Famatech Advanced IP Scanner Uncontrolled Search Path Element Local Privilege Escalation Vulnerability
Description: Famatech Advanced IP Scanner Uncontrolled Search Path Element Local Privilege Escalation Vulnerability. This vulnerability allows local attackers to escalate privileges on affected installations of Famatech Advanced IP Scanner. An attacker must first obtain the ability to execute low-privileged code on the target system in order to exploit this vulnerability. The specific flaw exists within the application's use of Qt. The application loads Qt plugins from an unsecured location. An attacker can leverage this vulnerability to escalate privileges and execute arbitrary code in the context of an administrator. Was ZDI-CAN-20768.

CVSS: HIGH (7.3)

EPSS Score: 0.05%

Source: CVE
December 6th, 2024 (5 months ago)

CVE-2024-30160
A vulnerability in the Suite Applications Services component of Mitel MiCollab through 9.7.1.110 could allow an authenticated attacker with...
Description: A vulnerability in the Suite Applications Services component of Mitel MiCollab through 9.7.1.110 could allow an authenticated attacker with administrative privileges to conduct a Stored Cross-Site Scripting (XSS) attack due to insufficient validation of user input. A successful exploit could allow an attacker to execute arbitrary scripts.

CVSS: LOW (0.0)

EPSS Score: 0.05%

Source: CVE
December 6th, 2024 (5 months ago)