Threat and Vulnerability Intelligence Database

RSS Feed

Example Searches:

CVE
Threat Actors
Countries
Vendors
Severity
Known Exploited

CVE-2024-48995
SQL Server Native Client Remote Code Execution Vulnerability
Description: SQL Server Native Client Remote Code Execution Vulnerability

CVSS: HIGH (8.8)

EPSS Score: 0.15%

Source: CVE
November 27th, 2024 (5 months ago)

CVE-2024-48994
SQL Server Native Client Remote Code Execution Vulnerability
Description: SQL Server Native Client Remote Code Execution Vulnerability

CVSS: HIGH (8.8)

EPSS Score: 0.15%

Source: CVE
November 27th, 2024 (5 months ago)

CVE-2024-48993
SQL Server Native Client Remote Code Execution Vulnerability
Description: SQL Server Native Client Remote Code Execution Vulnerability

CVSS: HIGH (8.8)

EPSS Score: 0.15%

Source: CVE
November 27th, 2024 (5 months ago)

CVE-2024-48991
Description: Qualys discovered that needrestart, before version 3.8, allows local attackers to execute arbitrary code as root by winning a race condition and tricking needrestart into running their own, fake Python interpreter (instead of the system's real Python interpreter). The initial security fix (6ce6136) introduced a regression which was subsequently resolved (42af5d3).

CVSS: HIGH (7.8)

EPSS Score: 0.05%

Source: CVE
November 27th, 2024 (5 months ago)

CVE-2024-48986
Description: An issue was discovered in MBed OS 6.16.0. Its hci parsing software dynamically determines the length of certain hci packets by reading a byte from its header. Certain events cause a callback, the logic for which allocates a buffer (the length of which is determined by looking up the event type in a table). The subsequent write operation, however, copies the amount of data specified in the packet header, which may lead to a buffer overflow. This bug is trivial to exploit for a denial of service but is not certain to suffice to bring the system down and can generally not be exploited further because the exploitable buffer is dynamically allocated.

CVSS: HIGH (7.5)

EPSS Score: 0.05%

Source: CVE
November 27th, 2024 (5 months ago)

CVE-2024-48861
QHora
Description: An OS command injection vulnerability has been reported to affect several product versions. If exploited, the vulnerability could allow local network attackers to execute commands. We have already fixed the vulnerability in the following versions: QuRouter 2.4.4.106 and later

CVSS: HIGH (7.3)

EPSS Score: 0.04%

Source: CVE
November 27th, 2024 (5 months ago)

CVE-2024-48747
Description: An issue in alist-tvbox v1.7.1 allows a remote attacker to execute arbitrary code via the /atv-cli file.

CVSS: MEDIUM (6.8)

EPSS Score: 0.04%

Source: CVE
November 27th, 2024 (5 months ago)

CVE-2024-48288
Description: TP-Link TL-IPC42C V4.0_20211227_1.0.16 is vulnerable to command injection due to the lack of malicious code verification on both the frontend and backend.

EPSS Score: 0.04%

Source: CVE
November 27th, 2024 (5 months ago)

CVE-2024-47854
Description: An XSS vulnerability was discovered in Veritas Data Insight before 7.1. It allows a remote attacker to inject an arbitrary web script into an HTTP request that could reflect back to an authenticated user without sanitization if executed by that user.

CVSS: MEDIUM (6.1)

EPSS Score: 0.05%

Source: CVE
November 27th, 2024 (5 months ago)

CVE-2024-4766
Description: Different techniques existed to obscure the fullscreen notification in Firefox for Android. These could have led to potential user confusion and spoofing attacks. *This bug only affects Firefox for Android. Other versions of Firefox are unaffected.* This vulnerability affects Firefox < 126.

CVSS: LOW (0.0)

EPSS Score: 0.05%

Source: CVE
November 27th, 2024 (5 months ago)