CVE-2024-52616 |
Description: A flaw was found in the Avahi-daemon, where it initializes DNS transaction IDs randomly only once at startup, incrementing them sequentially after that. This predictable behavior facilitates DNS spoofing attacks, allowing attackers to guess transaction IDs.
EPSS Score: 0.05%
January 7th, 2025 (6 months ago)
|
CVE-2024-52615 |
Description: A flaw was found in Avahi-daemon, which relies on fixed source ports for wide-area DNS queries. This issue simplifies attacks where malicious DNS responses are injected.
EPSS Score: 0.05%
January 7th, 2025 (6 months ago)
|
CVE-2024-52269 |
Description: User Interface (UI) Misrepresentation of Critical Information vulnerability in DocuSign allows Content Spoofing.
The SaaS AI assistant ignores hidden content that is rendered after signing, misleading the user.
For reference see: CVE-2024-52276
This issue affects DocuSign: through 2024-12-04.
CVSS: HIGH (8.2) EPSS Score: 0.04%
January 7th, 2025 (6 months ago)
|
CVE-2024-51741 |
Description: Redis is an open source, in-memory database that persists on disk. An authenticated with sufficient privileges may create a malformed ACL selector which, when accessed, triggers a server panic and subsequent denial of service. The problem is fixed in Redis 7.2.7 and 7.4.2.
CVSS: MEDIUM (4.4) EPSS Score: 0.04%
January 7th, 2025 (6 months ago)
|
CVE-2024-51472 |
Description: IBM UrbanCode Deploy (UCD) 7.2 through 7.2.3.13, 7.3 through 7.3.2.8, and IBM DevOps Deploy 8.0 through 8.0.1.3 are vulnerable to HTML injection. This vulnerability may allow a user to embed arbitrary HTML tags in the Web UI potentially leading to sensitive information disclosure.
CVSS: LOW (3.1) EPSS Score: 0.05%
January 7th, 2025 (6 months ago)
|
CVE-2024-51162 |
Description: An issue in Audimex EE versions 15.1.20 and earlier allowing a remote attacker to escalate privileges. Analyzing the offline client code, it was identified that it is possible for any user (with any privilege) of Audimex to dump the whole Audimex database. This gives visibility upon password hashes of any user, ongoing audit data and more.
EPSS Score: 0.05%
January 7th, 2025 (6 months ago)
|
CVE-2024-51111 |
Description: Cross-Site Scripting (XSS) vulnerability in Pnetlab 5.3.11 allows an attacker to inject malicious scripts into a web page, which are executed in the context of the victim's browser.
EPSS Score: 0.04%
January 7th, 2025 (6 months ago)
|
CVE-2024-51074 |
Description: Incorrect access control in KIA Seltos vehicle instrument cluster with software and hardware v1.0 allows attackers to arbitrarily change odometer readings in the vehicle by targeting the instrument cluster through the unsecured CAN network. NOTE: this is disputed by the supplier because the CAN bus is not externally exposed, and because the packets can only increase the odometer reading (which has no value to an adversary).
EPSS Score: 0.04%
January 7th, 2025 (6 months ago)
|
CVE-2024-49087 |
Description: Windows Mobile Broadband Driver Information Disclosure Vulnerability
CVSS: MEDIUM (4.6) EPSS Score: 0.05%
January 7th, 2025 (6 months ago)
|
CVE-2024-49086 |
Description: Windows Routing and Remote Access Service (RRAS) Remote Code Execution Vulnerability
CVSS: HIGH (8.8) EPSS Score: 0.05%
January 7th, 2025 (6 months ago)
|