Threat and Vulnerability Intelligence Database
Example Searches:
CVE
Threat Actors
Countries
Vendors
Severity
Known Exploited
CVE-2024-49502 |
Description: A Improper Neutralization of Input During Web Page Generation (XSS or 'Cross-site Scripting') vulnerability in the Setup Wizard, HTTP Proxy credentials pane in spacewalk-web allows attackers to attack users by providing specially crafted URLs to click.
This issue affects Container suse/manager/5.0/x86_64/server:5.0.2.7.8.1: before 5.0.15-150600.3.10.2; SUSE Manager Server Module 4.3: before 4.3.42-150400.3.52.1.
CVSS: MEDIUM (4.6) EPSS Score: 0.04%
November 29th, 2024 (5 months ago)
|
|
CVE-2024-46939 |
Description: The game extension engine of versions 1.2.7.0 and earlier exposes some components, and attackers can construct parameters to perform path traversal attacks, which can overwrite local specific files
CVSS: LOW (2.4) EPSS Score: 0.04%
November 29th, 2024 (5 months ago)
|
|
CVE-2024-38658 |
Description: There is an Out-of-bounds read vulnerability in V-Server (v4.0.19.0 and earlier) and V-Server Lite (v4.0.19.0 and earlier). If a user opens a specially crafted file, information may be disclosed and/or arbitrary code may be executed.
EPSS Score: 0.04%
November 29th, 2024 (5 months ago)
|
|
CVE-2024-38389 |
Description: There is an Out-of-bounds read vulnerability in TELLUS (v4.0.19.0 and earlier) and TELLUS Lite (v4.0.19.0 and earlier). If a user opens a specially crafted file, information may be disclosed and/or arbitrary code may be executed.
EPSS Score: 0.04%
November 29th, 2024 (5 months ago)
|
|
CVE-2024-38309 |
Description: There are multiple stack-based buffer overflow vulnerabilities in V-SFT (v6.2.2.0 and earlier), TELLUS (v4.0.19.0 and earlier), and TELLUS Lite (v4.0.19.0 and earlier).
If a user opens a specially crafted file, information may be disclosed and/or arbitrary code may be executed.
EPSS Score: 0.04%
November 29th, 2024 (5 months ago)
|
|
CVE-2024-36466 |
Description: A bug in the code allows an attacker to sign a forged zbx_session cookie, which then allows them to sign in with admin permissions.
CVSS: HIGH (8.8) EPSS Score: 0.04%
November 29th, 2024 (5 months ago)
|
|
CVE-2024-31082 |
Description: A heap-based buffer over-read vulnerability was found in the X.org server's ProcAppleDRICreatePixmap() function. This issue occurs when byte-swapped length values are used in replies, potentially leading to memory leakage and segmentation faults, particularly when triggered by a client with a different endianness. This vulnerability could be exploited by an attacker to cause the X server to read heap memory values and then transmit them back to the client until encountering an unmapped page, resulting in a crash. Despite the attacker's inability to control the specific memory copied into the replies, the small length values typically stored in a 32-bit integer can result in significant attempted out-of-bounds reads.
EPSS Score: 0.05%
November 29th, 2024 (5 months ago)
|
|
CVE-2024-22038 |
Description: Various problems in obs-scm-bridge allows attackers that create specially crafted git repositories to leak information of cause denial of service.
CVSS: HIGH (7.3) EPSS Score: 0.04%
November 29th, 2024 (5 months ago)
|
|
CVE-2024-22037 |
Description: The uyuni-server-attestation systemd service needs a database_password environment variable. This file has 640 permission, and cannot be shown users, but the environment is still exposed by systemd to non-privileged users.
CVSS: MEDIUM (5.5) EPSS Score: 0.04%
November 29th, 2024 (5 months ago)
|
|
CVE-2024-2199 |
Description: A denial of service vulnerability was found in 389-ds-base ldap server. This issue may allow an authenticated user to cause a server crash while modifying `userPassword` using malformed input.
EPSS Score: 0.04%
November 29th, 2024 (5 months ago)
|