Threat and Vulnerability Intelligence Database
Example Searches:
CVE
Threat Actors
Countries
Vendors
Severity
Known Exploited
CVE-2023-31241 |
Description: Snap One OvrC cloud servers contain a route an attacker can use to bypass requirements and claim devices outright.
CVSS: HIGH (8.6) EPSS Score: 0.24%
December 10th, 2024 (4 months ago)
|
|
CVE-2023-31240 |
Description: Snap One OvrC Pro versions prior to 7.2 have their own locally running web server accessible both from the local network and remotely. OvrC cloud contains a hidden superuser account accessible through hard-coded credentials.
CVSS: HIGH (8.3) EPSS Score: 0.26%
December 10th, 2024 (4 months ago)
|
|
CVE-2023-28956 |
Description: IBM Spectrum Protect Backup-Archive Client 8.1.0.0 through 8.1.17.2 may allow a local user to escalate their privileges due to improper access controls.
CVSS: HIGH (8.4) EPSS Score: 0.04%
December 10th, 2024 (4 months ago)
|
|
CVE-2023-28649 |
Description: The Hub in the Snap One OvrC cloud platform is a device used to centralize and manage nested devices connected to it. A vulnerability exists in which an attacker could impersonate a hub and send device requests to claim already claimed devices. The OvrC cloud platform receives the requests but does not validate if the found devices are already managed by another user.
CVSS: HIGH (8.6) EPSS Score: 0.07%
December 10th, 2024 (4 months ago)
|
|
CVE-2023-28386 |
Description: Snap One OvrC Pro devices versions 7.2 and prior do not validate firmware updates correctly. The device only calculates the MD5 hash of the firmware and does not check using a private-public key mechanism. The lack of complete PKI system firmware signature could allow attackers to upload arbitrary firmware updates, resulting in code execution.
CVSS: HIGH (8.6) EPSS Score: 0.39%
December 10th, 2024 (4 months ago)
|
|
CVE-2023-25714 |
Description: Missing Authorization vulnerability in Fullworks Quick Paypal Payments allows Exploiting Incorrectly Configured Access Control Security Levels.This issue affects Quick Paypal Payments: from n/a through 5.7.25.
CVSS: HIGH (7.5) EPSS Score: 0.04%
December 10th, 2024 (4 months ago)
|
|
CVE-2023-2533 |
Description: A Cross-Site Request Forgery (CSRF) vulnerability has been identified in
PaperCut NG/MF, which, under specific conditions, could potentially enable
an attacker to alter security settings or execute arbitrary code. This could
be exploited if the target is an admin with a current login session. Exploiting
this would typically involve the possibility of deceiving an admin into clicking
a specially crafted malicious link, potentially leading to unauthorized changes.
CVSS: HIGH (8.4) EPSS Score: 0.23%
December 10th, 2024 (4 months ago)
|
|
CVE-2023-22701 |
Description: Missing Authorization vulnerability in Shopfiles Ltd Ebook Store allows Exploiting Incorrectly Configured Access Control Security Levels.This issue affects Ebook Store: from n/a through 5.775.
CVSS: HIGH (7.5) EPSS Score: 0.04%
December 10th, 2024 (4 months ago)
|
|
CVE-2023-1862 |
Description: Cloudflare WARP client for Windows (up to v2023.3.381.0) allowed a malicious actor to remotely access the warp-svc.exe binary due to an insufficient access control policy on an IPC Named Pipe. This would have enabled an attacker to trigger WARP connect and disconnect commands, as well as obtaining network diagnostics and application configuration from the target's device. It is important to note that in order to exploit this, a set of requirements would need to be met, such as the target's device must've been reachable on port 445, allowed authentication with NULL sessions or otherwise having knowledge of the target's credentials.
CVSS: HIGH (7.3) EPSS Score: 0.07%
December 10th, 2024 (4 months ago)
|
|
CVE-2024-43593 |
Description: Windows Routing and Remote Access Service (RRAS) Remote Code Execution Vulnerability
CVSS: HIGH (8.8) EPSS Score: 0.05%
December 9th, 2024 (4 months ago)
|