CyberAlerts

CVE-2024-38389

Description: There is an Out-of-bounds read vulnerability in TELLUS (v4.0.19.0 and earlier) and TELLUS Lite (v4.0.19.0 and earlier). If a user opens a specially crafted file, information may be disclosed and/or arbitrary code may be executed.

EPSS Score: 0.04%

Source: CVE

November 29th, 2024 (5 months ago)

CVE-2024-38309

Description: There are multiple stack-based buffer overflow vulnerabilities in V-SFT (v6.2.2.0 and earlier), TELLUS (v4.0.19.0 and earlier), and TELLUS Lite (v4.0.19.0 and earlier). If a user opens a specially crafted file, information may be disclosed and/or arbitrary code may be executed.

EPSS Score: 0.04%

Source: CVE

November 29th, 2024 (5 months ago)

CVE-2024-36466

Unauthenticated Zabbix frontend takeover when SSO is being used

Description: A bug in the code allows an attacker to sign a forged zbx_session cookie, which then allows them to sign in with admin permissions.

CVSS: HIGH (8.8)

EPSS Score: 0.04%

Source: CVE

November 29th, 2024 (5 months ago)

CVE-2024-31082

Xorg-x11-server: heap buffer overread/data leakage in procappledricreatepixmap

Description: A heap-based buffer over-read vulnerability was found in the X.org server's ProcAppleDRICreatePixmap() function. This issue occurs when byte-swapped length values are used in replies, potentially leading to memory leakage and segmentation faults, particularly when triggered by a client with a different endianness. This vulnerability could be exploited by an attacker to cause the X server to read heap memory values and then transmit them back to the client until encountering an unmapped page, resulting in a crash. Despite the attacker's inability to control the specific memory copied into the replies, the small length values typically stored in a 32-bit integer can result in significant attempted out-of-bounds reads.

EPSS Score: 0.05%

Source: CVE

November 29th, 2024 (5 months ago)

CVE-2024-22038

DoS attacks, information leaks etc. with crafted Git repositories in obs-scm-bridge

Description: Various problems in obs-scm-bridge allows attackers that create specially crafted git repositories to leak information of cause denial of service.

CVSS: HIGH (7.3)

EPSS Score: 0.04%

Source: CVE

November 29th, 2024 (5 months ago)

CVE-2024-22037

Database password leaked by systemd uyuni-server-attestation service

Description: The uyuni-server-attestation systemd service needs a database_password environment variable. This file has 640 permission, and cannot be shown users, but the environment is still exposed by systemd to non-privileged users.

CVSS: MEDIUM (5.5)

EPSS Score: 0.04%

Source: CVE

November 29th, 2024 (5 months ago)

CVE-2024-2199

389-ds-base: malformed userpassword may cause crash at do_modify in slapd/modify.c

Description: A denial of service vulnerability was found in 389-ds-base ldap server. This issue may allow an authenticated user to cause a server crash while modifying `userPassword` using malformed input.

EPSS Score: 0.04%

Source: CVE

November 29th, 2024 (5 months ago)

CVE-2024-11970

code-projects Concert Ticket Ordering System tour(cor).php sql injection

Description: A vulnerability classified as critical has been found in code-projects Concert Ticket Ordering System 1.0. Affected is an unknown function of the file /tour(cor).php. The manipulation of the argument mai leads to sql injection. It is possible to launch the attack remotely. The exploit has been disclosed to the public and may be used. Es wurde eine kritische Schwachstelle in code-projects Concert Ticket Ordering System 1.0 entdeckt. Es betrifft eine unbekannte Funktion der Datei /tour(cor).php. Mittels Manipulieren des Arguments mai mit unbekannten Daten kann eine sql injection-Schwachstelle ausgenutzt werden. Der Angriff kann über das Netzwerk erfolgen. Der Exploit steht zur öffentlichen Verfügung.

CVSS: MEDIUM (6.9)

EPSS Score: 0.06%

Source: CVE

November 29th, 2024 (5 months ago)

CVE-2024-11969

Incorrect default permissions in Cradlepoint NetCloud Exchange

Description: The NetCloud Exchange client for Windows, version 1.110.50, contains an insecure file and folder permissions vulnerability. A normal (non-admin) user could exploit the weakness in file and folder permissions to escalate privileges, execute arbitrary code and maintain persistence on the compromised machine. It has been identified that full control permissions exist on the ‘Everyone’ group (i.e. any user who has local access to the operating system regardless of their privileges).

CVSS: HIGH (8.8)

EPSS Score: 0.04%

Source: CVE

November 29th, 2024 (5 months ago)

CVE-2024-11968

code-projects Farmacia pagamento.php sql injection

Description: A vulnerability was found in code-projects Farmacia up to 1.0. It has been declared as critical. Affected by this vulnerability is an unknown functionality of the file pagamento.php. The manipulation of the argument notaFiscal leads to sql injection. The attack can be launched remotely. In code-projects Farmacia bis 1.0 wurde eine kritische Schwachstelle ausgemacht. Das betrifft eine unbekannte Funktionalität der Datei pagamento.php. Durch Beeinflussen des Arguments notaFiscal mit unbekannten Daten kann eine sql injection-Schwachstelle ausgenutzt werden. Der Angriff kann über das Netzwerk angegangen werden.

CVSS: MEDIUM (5.3)

EPSS Score: 0.06%

Source: CVE

November 29th, 2024 (5 months ago)

Threat and Vulnerability Intelligence Database

Example Searches: