Threat and Vulnerability Intelligence Database
Example Searches:
CVE
Threat Actors
Countries
Vendors
Severity
Known Exploited
CVE-2023-32320 |
Description: Nextcloud Server is a data storage system for Nextcloud, a self-hosted productivity platform. When multiple requests are sent in parallel, all of them were executed even if the amount of faulty requests succeeded the limit by the time the response was sent to the client. This allowed someone to send as many requests the server could handle in parallel to bruteforce protected details instead of the configured limit, default 8. Nextcloud Server versions 25.0.7 and 26.0.2 and Nextcloud Enterprise Server versions 21.0.9.12, 22.2.10.12, 23.0.12.7, 24.0.12.2, 25.0.7 and 26.0.2 contain patches for this issue.
CVSS: HIGH (8.7) EPSS Score: 0.15%
December 6th, 2024 (4 months ago)
|
|
CVE-2023-28799 |
Description: A URL parameter during login flow was vulnerable to injection. An attacker could insert a malicious domain in this parameter, which would redirect the user after auth and send the authorization token to the redirected domain.
CVSS: HIGH (8.2) EPSS Score: 0.18%
December 6th, 2024 (4 months ago)
|
|
CVE-2023-28006 |
Description: The OSD Bare Metal Server uses a cryptographic algorithm that is no longer considered sufficiently secure.
CVSS: HIGH (7.0) EPSS Score: 0.04%
December 6th, 2024 (4 months ago)
|
|
CVE-2023-21631 |
Description: Weak Configuration due to improper input validation in Modem while processing LTE security mode command message received from network.
CVSS: HIGH (7.5) EPSS Score: 0.17%
December 6th, 2024 (4 months ago)
|
|
CVE-2023-20895 |
Description: The VMware vCenter Server contains a memory corruption vulnerability in the implementation of the DCERPC protocol. A malicious actor with network access to vCenter Server may trigger a memory corruption vulnerability which may bypass authentication.
CVSS: HIGH (8.1) EPSS Score: 0.2%
December 6th, 2024 (4 months ago)
|
|
CVE-2023-20894 |
Description: The VMware vCenter Server contains an out-of-bounds write vulnerability in the implementation of the DCERPC protocol. A malicious actor with network access to vCenter Server may trigger an out-of-bound write by sending a specially crafted packet leading to memory corruption.
CVSS: HIGH (8.1) EPSS Score: 0.24%
December 6th, 2024 (4 months ago)
|
|
CVE-2023-20893 |
Description: The VMware vCenter Server contains a use-after-free vulnerability in the implementation of the DCERPC protocol. A malicious actor with network access to vCenter Server may exploit this issue to execute arbitrary code on the underlying operating system that hosts vCenter Server.
CVSS: HIGH (8.1) EPSS Score: 0.34%
December 6th, 2024 (4 months ago)
|
|
CVE-2023-20892 |
Description: The vCenter Server contains a heap overflow vulnerability due to the usage of uninitialized memory in the implementation of the DCERPC protocol. A malicious actor with network access to vCenter Server may exploit heap-overflow vulnerability to execute arbitrary code on the underlying operating system that hosts vCenter Server.
CVSS: HIGH (8.1) EPSS Score: 0.24%
December 6th, 2024 (4 months ago)
|
|
CVE-2023-1150 |
Description: Uncontrolled resource consumption in Series WAGO 750-3x/-8x products may allow an unauthenticated remote attacker to DoS the MODBUS server with specially crafted packets.
CVSS: HIGH (7.5) EPSS Score: 0.05%
December 6th, 2024 (4 months ago)
|
|
CVE-2024-9766 |
Description: Wacom Center WTabletServicePro Link Following Local Privilege Escalation Vulnerability. This vulnerability allows local attackers to escalate privileges on affected installations of Wacom Center. An attacker must first obtain the ability to execute low-privileged code on the target system in order to exploit this vulnerability.
The specific flaw exists within WTabletServicePro process. By creating a symbolic link, an attacker can abuse the service to create a file. An attacker can leverage this vulnerability to escalate privileges and execute arbitrary code in the context of SYSTEM. Was ZDI-CAN-24304.
CVSS: HIGH (7.8) EPSS Score: 0.05%
December 5th, 2024 (5 months ago)
|