Threat and Vulnerability Intelligence Database
Example Searches:
CVE
Threat Actors
Countries
Vendors
Severity
Known Exploited
CVE-2024-47249 |
Description: Improper Validation of Array Index vulnerability in Apache NimBLE.
Lack of input validation for HCI events from controller could result in out-of-bound memory corruption and crash.
This issue requires broken or bogus Bluetooth controller and thus severity is considered low.
This issue affects Apache NimBLE: through 1.7.0.
Users are recommended to upgrade to version 1.8.0, which fixes the issue.
EPSS Score: 0.04%
November 27th, 2024 (5 months ago)
|
|
CVE-2024-47248 |
Description: Buffer Copy without Checking Size of Input ('Classic Buffer Overflow') vulnerability in Apache NimBLE.
Specially crafted MESH message could result in memory corruption when non-default build configuration is used.
This issue affects Apache NimBLE: through 1.7.0.
Users are recommended to upgrade to version 1.8.0, which fixes the issue.
EPSS Score: 0.04%
November 27th, 2024 (5 months ago)
|
|
CVE-2024-47138 |
Description: The administrative interface listens by default on all interfaces on a TCP port and does not require authentication when being accessed.
CVSS: CRITICAL (9.8) EPSS Score: 0.04%
November 27th, 2024 (5 months ago)
|
|
CVE-2024-45877 |
Description: baltic-it TOPqw Webportal v1.35.283.2 is vulnerable to Incorrect Access Control in the User Management function in /Apps/TOPqw/BenutzerManagement.aspx. This allows a low privileged user to access all modules in the web portal, view and manipulate information and permissions of other users, lock other user or unlock the own account, change the password of other users, create new users or delete existing users and view, manipulate and delete reference data.
CVSS: MEDIUM (6.5) EPSS Score: 0.04%
November 27th, 2024 (5 months ago)
|
|
CVE-2024-45755 |
Description: An issue was discovered in Centreon centreon-dsm-server 24.10.x before 24.10.0, 24.04.x before 24.04.3, 23.10.x before 23.10.1, 23.04.x before 23.04.3, and 22.10.x before 22.10.2. SQL injection can occur in the form to configure Centreon DSM slots. Exploitation is only accessible to authenticated users with high-privileged access.
CVSS: HIGH (7.2) EPSS Score: 0.04%
November 27th, 2024 (5 months ago)
|
|
CVE-2024-45369 |
Description: The web application uses a weak authentication mechanism to verify that a request is coming from an authenticated and authorized resource.
CVSS: HIGH (8.1) EPSS Score: 0.04%
November 27th, 2024 (5 months ago)
|
|
CVE-2024-43784 |
Description: lakeFS is an open-source tool that transforms object storage into a Git-like repository. Existing lakeFS users who have issued credentials to users who have been deleted are affected by this vulnerability. When creating a new user with the same username as a deleted user, that user will inherit all of the previous user's credentials. This issue has been addressed in release version 1.33.0 and all users are advised to upgrade. The only known workaround for those who cannot upgrade is to not reuse usernames.
CVSS: MEDIUM (5.7) EPSS Score: 0.04%
November 27th, 2024 (5 months ago)
|
|
CVE-2024-43689 |
|
|
CVE-2024-43646 |
Description: Windows Secure Kernel Mode Elevation of Privilege Vulnerability
CVSS: MEDIUM (6.7) EPSS Score: 0.05%
November 27th, 2024 (5 months ago)
|
|
CVE-2024-43645 |
Description: Windows Defender Application Control (WDAC) Security Feature Bypass Vulnerability
CVSS: MEDIUM (6.7) EPSS Score: 0.05%
November 27th, 2024 (5 months ago)
|