Security Vulnerabilities - CVEs Published In November 2024
An issue was discovered in Veritas Enterprise Vault before 15.1 UPD882911, ZDI-CAN-24697. It allows an authenticated remote attacker to inject a parameter into an HTTP request, allowing for Cross-Site Scripting (XSS) while viewing archived content. This could reflect back to an authenticated user without sanitization if executed by that user.
CVSS Score
5.4
EPSS Score
0.004
Published
2024-11-18
The DVC from TRCore encrypts files using a hardcoded key. Attackers can use this key to decrypt the files and restore the original content.
CVSS Score
6.2
EPSS Score
0.001
Published
2024-11-18
The DVC from TRCore has a Path Traversal vulnerability, allowing unauthenticated remote attackers to exploit this vulnerability to read arbitrary system files.
CVSS Score
7.5
EPSS Score
0.003
Published
2024-11-18
The DVC from TRCore has a Path Traversal vulnerability, allowing unauthenticated remote attackers to exploit this vulnerability to read arbitrary system files.
CVSS Score
7.5
EPSS Score
0.003
Published
2024-11-18
In Bitcoin Core before 25.0, a peer can affect the download state of other peers by sending a mutated block.
CVSS Score
5.3
EPSS Score
0.0
Published
2024-11-18
In Bitcoin Core before 25.1, an attacker can cause a node to not download the latest block, because there can be minutes of delay when an announcing peer stalls instead of complying with the peer-to-peer protocol specification.
CVSS Score
6.5
EPSS Score
0.002
Published
2024-11-18
Bitcoin Core before 24.0.1 allows remote attackers to cause a denial of service (daemon crash) via a flood of low-difficulty header chains (aka a "Chain Width Expansion" attack) because a node does not first verify that a presented chain has enough work before committing to store it.
CVSS Score
7.5
EPSS Score
0.005
Published
2024-11-18
Bitcoin Core before 0.21.0 allows a network split that is resultant from an integer overflow (calculating the time offset for newly connecting peers) and an abs64 logic bug.
CVSS Score
7.5
EPSS Score
0.002
Published
2024-11-18
In Bitcoin Core before 0.21.0, an attacker could prevent a node from seeing a specific unconfirmed transaction, because transaction re-requests are mishandled.
CVSS Score
5.3
EPSS Score
0.001
Published
2024-11-18
In Bitcoin Core before 0.18.0, a node could be stalled for hours when processing the orphans of a crafted unconfirmed transaction.
CVSS Score
7.5
EPSS Score
0.003
Published
2024-11-18