Threat and Vulnerability Intelligence Database
Example Searches:
CVE
Threat Actors
Countries
Vendors
Severity
Known Exploited
CVE-2024-29146 |
Description: User passwords are decrypted and stored on memory before any user logged in. Those decrypted passwords can be retrieved from the coredump file. As for the details of affected product names, model numbers, and versions, refer to the information provided by the respective vendors listed under [References].
CVSS: MEDIUM (5.9) EPSS Score: 0.04%
November 27th, 2024 (6 months ago)
|
|
CVE-2024-28955 |
Description: Affected devices create coredump files when crashed, storing them with world-readable permission. Any local user of the device can examine the coredump files, and research the memory contents. As for the details of affected product names, model numbers, and versions, refer to the information provided by the respective vendors listed under [References].
CVSS: MEDIUM (5.9) EPSS Score: 0.04%
November 27th, 2024 (6 months ago)
|
|
CVE-2024-28038 |
Description: The web interface of the affected devices processes a cookie value improperly, leading to a stack buffer overflow. More precisely, giving too long character string to MFPSESSIONID parameter results in a stack buffer overflow. As for the details of affected product names, model numbers, and versions, refer to the information provided by the respective vendors listed under [References].
CVSS: CRITICAL (9.0) EPSS Score: 0.04%
November 27th, 2024 (6 months ago)
|
|
CVE-2024-27186 |
Description: The mail template feature lacks an escaping mechanism, causing XSS vectors in multiple extensions.
CVSS: LOW (0.0) EPSS Score: 0.04%
November 27th, 2024 (6 months ago)
|
|
CVE-2024-27184 |
Description: Inadequate validation of URLs could result into an invalid check whether an redirect URL is internal or not..
CVSS: LOW (0.0) EPSS Score: 0.06%
November 27th, 2024 (6 months ago)
|
|
CVE-2024-26337 |
|
|
CVE-2024-26258 |
Description: OS command injection vulnerability in ELECOM wireless LAN routers allows a network-adjacent attacker with credentials to execute arbitrary OS commands by sending a specially crafted request to the product.
CVSS: MEDIUM (6.8) EPSS Score: 0.04%
November 27th, 2024 (6 months ago)
|
|
CVE-2024-25579 |
Description: OS command injection vulnerability in ELECOM wireless LAN routers allows a network-adjacent attacker with an administrative privilege to execute arbitrary OS commands by sending a specially crafted request to the product. Note that WMC-X1800GST-B is also included in e-Mesh Starter Kit "WMC-2LX-B".
CVSS: MEDIUM (6.8) EPSS Score: 0.04%
November 27th, 2024 (6 months ago)
|
|
CVE-2024-24449 |
Description: An uninitialized pointer dereference in the NasPdu::NasPdu component of OpenAirInterface CN5G AMF up to v2.0.0 allows attackers to cause a Denial of Service (DoS) via a crafted InitialUEMessage message sent to the AMF.
CVSS: MEDIUM (6.5) EPSS Score: 0.04%
November 27th, 2024 (6 months ago)
|
|
CVE-2024-23910 |
Description: Cross-site request forgery (CSRF) vulnerability in ELECOM wireless LAN routers and wireless LAN repeater allows a remote unauthenticated attacker to hijack the authentication of administrators and to perform unintended operations to the affected product. Note that WMC-X1800GST-B and WSC-X1800GS-B are also included in e-Mesh Starter Kit "WMC-2LX-B".
CVSS: MEDIUM (4.3) EPSS Score: 0.04%
November 27th, 2024 (6 months ago)
|