Threat and Vulnerability Intelligence Database
Example Searches:
CVE
Threat Actors
Countries
Vendors
Severity
Known Exploited
CVE-2024-54679 |
Description: CyberPanel (aka Cyber Panel) before 6778ad1 does not require the FilemanagerAdmin capability for restartMySQL actions.
CVSS: MEDIUM (4.3) EPSS Score: 0.05%
December 6th, 2024 (6 months ago)
|
|
CVE-2024-54140 |
Description: sigstore-java is a sigstore java client for interacting with sigstore infrastructure. sigstore-java has insufficient verification for a situation where a bundle provides a invalid signature for a checkpoint. This bug impacts clients using any variation of KeylessVerifier.verify(). Currently checkpoints are only used to ensure the root hash of an inclusion proof was provided by the log in question. Failing to validate that means a bundle may provide an inclusion proof that doesn't actually correspond to the log in question. This may eventually lead a monitor/witness being unable to detect when a compromised logs are providing different views of themselves to different clients. There are other mechanisms right now that mitigate this, such as the signed entry timestamp. Sigstore-java currently requires a valid signed entry timestamp. By correctly verifying the signed entry timestamp we can make certain assertions about the log signing the log entry (like the log was aware of the artifact signing event and signed it). Therefore the impact on clients that are not monitors/witnesses is very low. This vulnerability is fixed in 1.2.0.
CVSS: LOW (2.1) EPSS Score: 0.05%
December 6th, 2024 (6 months ago)
|
|
CVE-2024-54130 |
Description: The NASA’s Interplanetary Overlay Network (ION) is an implementation of Delay/Disruption Tolerant Networking (DTN). A segmentation fault occurs with ION-DTN BPv7 software version 4.1.3 when a bundle with a Destination Endpoint ID (EID) set to dtn:none is received. This causes the node to become unresponsive to incoming bundles, leading to a Denial of Service (DoS) condition. This vulnerability is fixed in 4.1.3s.
CVSS: CRITICAL (9.2) EPSS Score: 0.04%
December 6th, 2024 (6 months ago)
|
|
CVE-2024-54129 |
Description: The NASA’s Interplanetary Overlay Network (ION) is an implementation of Delay/Disruption Tolerant Networking (DTN). A vulnerability exists in the version ION-DTN BPv7 implementation version 4.1.3 when receiving a bundle with an improper reference to the imc scheme with valid Service-Specific Part (SSP) in their Previous Node Block. The vulnerability can cause ION to become unresponsive. This vulnerability is fixed in 4.1.3s.
CVSS: CRITICAL (9.2) EPSS Score: 0.04%
December 6th, 2024 (6 months ago)
|
|
CVE-2024-54128 |
Description: Directus is a real-time API and App dashboard for managing SQL database content. The Comment feature has implemented a filter to prevent users from adding restricted characters, such as HTML tags. However, this filter operates on the client-side, which can be bypassed, making the application vulnerable to HTML Injection. This vulerability is fixed in 10.13.4 and 11.2.0.
CVSS: MEDIUM (5.7) EPSS Score: 0.04%
December 6th, 2024 (6 months ago)
|
|
CVE-2024-54127 |
Description: This vulnerability exists in the TP-Link Archer C50 due to presence of terminal access on a serial interface without proper access control. An attacker with physical access could exploit this by accessing the UART shell on the vulnerable device. Successful exploitation of this vulnerability could allow the attacker to obtain Wi-Fi credentials of the targeted system.
CVSS: MEDIUM (4.3) EPSS Score: 0.04%
December 6th, 2024 (6 months ago)
|
|
CVE-2024-54126 |
Description: This vulnerability exists in the TP-Link Archer C50 due to improper signature verification mechanism in the firmware upgrade process at its web interface. An attacker with administrative privileges within the router’s Wi-Fi range could exploit this vulnerability by uploading and executing malicious firmware which could lead to complete compromise of the targeted device.
CVSS: HIGH (8.5) EPSS Score: 0.04%
December 6th, 2024 (6 months ago)
|
|
CVE-2024-54014 |
Description: Improper authorization in handler for custom URL scheme issue in 'Skylark' App for Android 6.2.13 and earlier and 'Skylark' App for iOS 6.2.13 and earlier allows an attacker to lead the application to access an arbitrary web site via another application installed on the user's device.
CVSS: LOW (3.6) EPSS Score: 0.05%
December 6th, 2024 (6 months ago)
|
|
CVE-2024-54001 |
Description: Kanboard is project management software that focuses on the Kanban methodology. HTML can be injected and stored into the application settings section. The fields application_language, application_date_format,application_timezone and application_time_format allow arbirary user input which is reflected. The vulnerability can become xss if the user input is javascript code that bypass CSP. This vulnerability is fixed in 1.2.41.
CVSS: MEDIUM (5.5) EPSS Score: 0.04%
December 6th, 2024 (6 months ago)
|
|
CVE-2024-53857 |
Description: rPGP is a pure Rust implementation of OpenPGP. Prior to 0.14.1, rPGP allows attackers to trigger resource exhaustion vulnerabilities in rpgp by providing crafted messages. This affects general message parsing and decryption with symmetric keys.
CVSS: HIGH (7.5) EPSS Score: 0.04%
December 6th, 2024 (6 months ago)
|