CyberAlerts is shutting down on June 30th, 2025. Thank you for your support!
Threat and Vulnerability Intelligence Database
Example Searches:
CVE
Threat Actors
Countries
Vendors
Severity
Known Exploited
|
Description: FUJI ELECTRIC V-SFT, TELLUS, TELLUS Lite, V-Server, and V-Server Lite contain multiple vulnerabilities.
November 28th, 2024 (7 months ago)
|
CVE-2024-9683 |
Description: A vulnerability was found in Quay, which allows successful authentication even when a truncated password version is provided. This flaw affects the authentication mechanism, reducing the overall security of password enforcement. While the risk is relatively low due to the typical length of the passwords used (73 characters), this vulnerability can still be exploited to reduce the complexity of brute-force or password-guessing attacks. The truncation of passwords weakens the overall authentication process, thereby reducing the effectiveness of password policies and potentially increasing the risk of unauthorized access in the future.
EPSS Score: 0.05%
November 28th, 2024 (7 months ago)
|
|
CVE-2024-9666 |
Description: A vulnerability was found in the Keycloak Server. The Keycloak Server is vulnerable to a denial of service (DoS) attack due to improper handling of proxy headers. When Keycloak is configured to accept incoming proxy headers, it may accept non-IP values, such as obfuscated identifiers, without proper validation. This issue can lead to costly DNS resolution operations, which an attacker could exploit to tie up IO threads and potentially cause a denial of service.
The attacker must have access to send requests to a Keycloak instance that is configured to accept proxy headers, specifically when reverse proxies do not overwrite incoming headers, and Keycloak is configured to trust these headers.
EPSS Score: 0.04%
November 28th, 2024 (7 months ago)
|
|
CVE-2024-9420 |
|
|
CVE-2024-9413 |
Description: The transport_message_handler function in SCP-Firmware release versions 2.11.0-2.15.0 does not properly handle errors, potentially allowing an Application Processor (AP) to cause a buffer overflow in System Control Processor (SCP) firmware.
EPSS Score: 0.04%
November 28th, 2024 (7 months ago)
|
|
CVE-2024-9369 |
Description: Insufficient data validation in Mojo in Google Chrome prior to 129.0.6668.89 allowed a remote attacker who had compromised the renderer process to perform an out of bounds memory write via a crafted HTML page. (Chromium security severity: High)
EPSS Score: 0.06%
November 28th, 2024 (7 months ago)
|
|
CVE-2024-8932 |
Description: In PHP versions 8.1.* before 8.1.31, 8.2.* before 8.2.26, 8.3.* before 8.3.14, uncontrolled long string inputs to ldap_escape() function on 32-bit systems can cause an integer overflow, resulting in an out-of-bounds write.
CVSS: CRITICAL (9.8) EPSS Score: 0.04%
November 28th, 2024 (7 months ago)
|
|
CVE-2024-7025 |
|
|
CVE-2024-5921 |
Description: An insufficient certification validation issue in the Palo Alto Networks GlobalProtect app enables attackers to connect the GlobalProtect app to arbitrary servers. This can enable a local non-administrative operating system user or an attacker on the same subnet to install malicious root certificates on the endpoint and subsequently install malicious software signed by the malicious root certificates on that endpoint.
GlobalProtect App for Android is under evaluation. Please subscribe to our RSS feed https://security.paloaltonetworks.com/rss.xml to be alerted to new updates to this and other advisories.
CVSS: MEDIUM (6.0) EPSS Score: 0.05%
November 28th, 2024 (7 months ago)
|
|
CVE-2024-54004 |
Description: Jenkins Filesystem List Parameter Plugin 0.0.14 and earlier does not restrict the path used for the File system objects list Parameter, allowing attackers with Item/Configure permission to enumerate file names on the Jenkins controller file system.
EPSS Score: 0.04%
November 28th, 2024 (7 months ago)
|