CyberAlerts

CVE-2024-45369

Description: The web application uses a weak authentication mechanism to verify that a request is coming from an authenticated and authorized resource.

CVSS: HIGH (8.1)

EPSS Score: 0.04%

Source: CVE

November 27th, 2024 (6 months ago)

CVE-2024-43784

Re-creating a deleted user in lakeFS will re-enable previous user credentials that existed prior to it's deletion

Description: lakeFS is an open-source tool that transforms object storage into a Git-like repository. Existing lakeFS users who have issued credentials to users who have been deleted are affected by this vulnerability. When creating a new user with the same username as a deleted user, that user will inherit all of the previous user's credentials. This issue has been addressed in release version 1.33.0 and all users are advised to upgrade. The only known workaround for those who cannot upgrade is to not reuse usernames.

CVSS: MEDIUM (5.7)

EPSS Score: 0.04%

Source: CVE

November 27th, 2024 (6 months ago)

CVE-2024-43689

Description: Stack-based buffer overflow vulnerability exists in ELECOM wireless access points. By processing a specially crafted HTTP request, arbitrary code may be executed.

CVSS: HIGH (8.8)

EPSS Score: 0.09%

Source: CVE

November 27th, 2024 (6 months ago)

CVE-2024-43646

Windows Secure Kernel Mode Elevation of Privilege Vulnerability

Description: Windows Secure Kernel Mode Elevation of Privilege Vulnerability

CVSS: MEDIUM (6.7)

EPSS Score: 0.05%

Source: CVE

November 27th, 2024 (6 months ago)

CVE-2024-43645

Windows Defender Application Control (WDAC) Security Feature Bypass Vulnerability

Description: Windows Defender Application Control (WDAC) Security Feature Bypass Vulnerability

CVSS: MEDIUM (6.7)

EPSS Score: 0.05%

Source: CVE

November 27th, 2024 (6 months ago)

CVE-2024-43644

Windows Client-Side Caching Elevation of Privilege Vulnerability

Description: Windows Client-Side Caching Elevation of Privilege Vulnerability

CVSS: HIGH (7.8)

EPSS Score: 0.05%

Source: CVE

November 27th, 2024 (6 months ago)

CVE-2024-43643

Windows USB Video Class System Driver Elevation of Privilege Vulnerability

Description: Windows USB Video Class System Driver Elevation of Privilege Vulnerability

CVSS: MEDIUM (6.8)

EPSS Score: 0.05%

Source: CVE

November 27th, 2024 (6 months ago)

CVE-2024-43642

Windows SMB Denial of Service Vulnerability

Description: Windows SMB Denial of Service Vulnerability

CVSS: HIGH (7.5)

EPSS Score: 0.09%

Source: CVE

November 27th, 2024 (6 months ago)

CVE-2024-43641

Windows Registry Elevation of Privilege Vulnerability

Description: Windows Registry Elevation of Privilege Vulnerability

CVSS: HIGH (7.8)

EPSS Score: 0.05%

Source: CVE

November 27th, 2024 (6 months ago)

CVE-2024-43640

Windows Kernel-Mode Driver Elevation of Privilege Vulnerability

Description: Windows Kernel-Mode Driver Elevation of Privilege Vulnerability

CVSS: HIGH (7.8)

EPSS Score: 0.05%

Source: CVE

November 27th, 2024 (6 months ago)

Threat and Vulnerability Intelligence Database

Example Searches:

CVE-2024-45369	mySCADA myPRO Improper Authentication Description: The web application uses a weak authentication mechanism to verify that a request is coming from an authenticated and authorized resource. CVSS: HIGH (8.1) EPSS Score: 0.04% Source: CVE November 27th, 2024 (6 months ago)
CVE-2024-43784	Re-creating a deleted user in lakeFS will re-enable previous user credentials that existed prior to it's deletion Description: lakeFS is an open-source tool that transforms object storage into a Git-like repository. Existing lakeFS users who have issued credentials to users who have been deleted are affected by this vulnerability. When creating a new user with the same username as a deleted user, that user will inherit all of the previous user's credentials. This issue has been addressed in release version 1.33.0 and all users are advised to upgrade. The only known workaround for those who cannot upgrade is to not reuse usernames. CVSS: MEDIUM (5.7) EPSS Score: 0.04% Source: CVE November 27th, 2024 (6 months ago)
CVE-2024-43689	Description: Stack-based buffer overflow vulnerability exists in ELECOM wireless access points. By processing a specially crafted HTTP request, arbitrary code may be executed. CVSS: HIGH (8.8) EPSS Score: 0.09% Source: CVE November 27th, 2024 (6 months ago)
CVE-2024-43646	Windows Secure Kernel Mode Elevation of Privilege Vulnerability Description: Windows Secure Kernel Mode Elevation of Privilege Vulnerability CVSS: MEDIUM (6.7) EPSS Score: 0.05% Source: CVE November 27th, 2024 (6 months ago)
CVE-2024-43645	Windows Defender Application Control (WDAC) Security Feature Bypass Vulnerability Description: Windows Defender Application Control (WDAC) Security Feature Bypass Vulnerability CVSS: MEDIUM (6.7) EPSS Score: 0.05% Source: CVE November 27th, 2024 (6 months ago)
CVE-2024-43644	Windows Client-Side Caching Elevation of Privilege Vulnerability Description: Windows Client-Side Caching Elevation of Privilege Vulnerability CVSS: HIGH (7.8) EPSS Score: 0.05% Source: CVE November 27th, 2024 (6 months ago)
CVE-2024-43643	Windows USB Video Class System Driver Elevation of Privilege Vulnerability Description: Windows USB Video Class System Driver Elevation of Privilege Vulnerability CVSS: MEDIUM (6.8) EPSS Score: 0.05% Source: CVE November 27th, 2024 (6 months ago)
CVE-2024-43642	Windows SMB Denial of Service Vulnerability Description: Windows SMB Denial of Service Vulnerability CVSS: HIGH (7.5) EPSS Score: 0.09% Source: CVE November 27th, 2024 (6 months ago)
CVE-2024-43641	Windows Registry Elevation of Privilege Vulnerability Description: Windows Registry Elevation of Privilege Vulnerability CVSS: HIGH (7.8) EPSS Score: 0.05% Source: CVE November 27th, 2024 (6 months ago)
CVE-2024-43640	Windows Kernel-Mode Driver Elevation of Privilege Vulnerability Description: Windows Kernel-Mode Driver Elevation of Privilege Vulnerability CVSS: HIGH (7.8) EPSS Score: 0.05% Source: CVE November 27th, 2024 (6 months ago)