Threat and Vulnerability Intelligence Database
Example Searches:
CVE
Threat Actors
Countries
Vendors
Severity
Known Exploited
CVE-2024-23559 |
Description: HCL DevOps Deploy / Launch is generating an obsolete HTTP header.
CVSS: MEDIUM (6.1) EPSS Score: 0.04%
December 5th, 2024 (5 months ago)
|
|
CVE-2024-23290 |
Description: A logic issue was addressed with improved restrictions. This issue is fixed in tvOS 17.4, iOS 17.4 and iPadOS 17.4, macOS Sonoma 14.4, watchOS 10.4. An app may be able to access user-sensitive data.
CVSS: LOW (0.0) EPSS Score: 0.05%
December 5th, 2024 (5 months ago)
|
|
CVE-2024-23254 |
Description: The issue was addressed with improved UI handling. This issue is fixed in tvOS 17.4, macOS Sonoma 14.4, visionOS 1.1, iOS 17.4 and iPadOS 17.4, watchOS 10.4, Safari 17.4. A malicious website may exfiltrate audio data cross-origin.
CVSS: LOW (0.0) EPSS Score: 0.1%
December 5th, 2024 (5 months ago)
|
|
CVE-2024-23249 |
Description: The issue was addressed with improved memory handling. This issue is fixed in macOS Sonoma 14.4. Processing a file may lead to a denial-of-service or potentially disclose memory contents.
CVSS: LOW (0.0) EPSS Score: 0.05%
December 5th, 2024 (5 months ago)
|
|
CVE-2024-22910 |
Description: Cross Site Scripting (XSS) vulnerability in CrushFTP v.10.6.0 and v.10.5.5 allows an attacker to execute arbitrary code via a crafted payload.
CVSS: LOW (0.0)
December 5th, 2024 (5 months ago)
|
|
CVE-2024-22780 |
Description: Cross Site Scripting vulnerability in CA17 TeamsACS v.1.0.1 allows a remote attacker to execute arbitrary code via a crafted script to the errmsg parameter.
CVSS: LOW (0.0) EPSS Score: 0.05%
December 5th, 2024 (5 months ago)
|
|
CVE-2024-22116 |
Description: An administrator with restricted permissions can exploit the script execution functionality within the Monitoring Hosts section. The lack of default escaping for script parameters enabled this user ability to execute arbitrary code via the Ping script, thereby compromising infrastructure.
CVSS: CRITICAL (9.9) EPSS Score: 0.05%
December 5th, 2024 (5 months ago)
|
|
CVE-2024-21723 |
Description: Inadequate parsing of URLs could result into an open redirect.
CVSS: LOW (0.0) EPSS Score: 0.06%
December 5th, 2024 (5 months ago)
|
|
CVE-2024-21105 |
Description: Vulnerability in the Oracle Solaris product of Oracle Systems (component: Utility). The supported version that is affected is 11. Easily exploitable vulnerability allows high privileged attacker with logon to the infrastructure where Oracle Solaris executes to compromise Oracle Solaris. Successful attacks require human interaction from a person other than the attacker. Successful attacks of this vulnerability can result in unauthorized read access to a subset of Oracle Solaris accessible data. CVSS 3.1 Base Score 2.0 (Confidentiality impacts). CVSS Vector: (CVSS:3.1/AV:L/AC:L/PR:H/UI:R/S:U/C:L/I:N/A:N).
CVSS: LOW (2.0) EPSS Score: 0.04%
December 5th, 2024 (5 months ago)
|
|
CVE-2024-20397 |
Description: A vulnerability in the bootloader of Cisco NX-OS Software could allow an unauthenticated attacker with physical access to an affected device, or an authenticated, local attacker with administrative credentials, to bypass NX-OS image signature verification.
This vulnerability is due to insecure bootloader settings. An attacker could exploit this vulnerability by executing a series of bootloader commands. A successful exploit could allow the attacker to bypass NX-OS image signature verification and load unverified software.
CVSS: MEDIUM (5.2) EPSS Score: 0.05%
December 5th, 2024 (5 months ago)
|