Threat and Vulnerability Intelligence Database

RSS Feed

Example Searches:

CVE
Threat Actors
Countries
Vendors
Severity
Known Exploited

CVE-2023-35973
Authenticated Remote Command Execution in the ArubaOS Command Line Interface
Description: Authenticated command injection vulnerabilities exist in the ArubaOS command line interface. Successful exploitation of these vulnerabilities result in the ability to execute arbitrary commands as a privileged user on the underlying operating system.

CVSS: HIGH (7.2)

EPSS Score: 0.09%

Source: CVE
December 5th, 2024 (5 months ago)

CVE-2023-35972
Authenticated Remote Command Execution in ArubaOS Web-based Management Interface
Description: An authenticated remote command injection vulnerability exists in the ArubaOS web-based management interface. Successful exploitation of this vulnerability results in the ability to execute arbitrary commands as a privileged user on the underlying operating system. This allows an attacker to fully compromise the underlying operating system on the device running ArubaOS.

CVSS: HIGH (7.2)

EPSS Score: 0.08%

Source: CVE
December 5th, 2024 (5 months ago)

CVE-2023-34420
A valid, authenticated LXCA user with elevated privileges may be able to execute command injections through crafted calls to a specific web API.
Description: A valid, authenticated LXCA user with elevated privileges may be able to execute command injections through crafted calls to a specific web API.

CVSS: HIGH (7.2)

EPSS Score: 0.12%

Source: CVE
December 5th, 2024 (5 months ago)

CVE-2023-33987
Request smuggling and request concatenation in SAP Web Dispatcher
Description: An unauthenticated attacker in SAP Web Dispatcher - versions WEBDISP 7.49, WEBDISP 7.53, WEBDISP 7.54, WEBDISP 7.77, WEBDISP 7.81, WEBDISP 7.85, WEBDISP 7.88, WEBDISP 7.89, WEBDISP 7.90, KERNEL 7.49, KERNEL 7.53, KERNEL 7.54 KERNEL 7.77, KERNEL 7.81, KERNEL 7.85, KERNEL 7.88, KERNEL 7.89, KERNEL 7.90, KRNL64NUC 7.49, KRNL64UC 7.49, KRNL64UC 7.53, HDB 2.00, XS_ADVANCED_RUNTIME 1.00, SAP_EXTENDED_APP_SERVICES 1, can submit a malicious crafted request over a network to a front-end server which may, over several attempts, result in a back-end server confusing the boundaries of malicious and legitimate messages. This can result in the back-end server executing a malicious payload which can be used to read or modify information on the server or make it temporarily unavailable.

CVSS: HIGH (8.6)

EPSS Score: 0.2%

Source: CVE
December 5th, 2024 (5 months ago)

CVE-2023-32449
Dell PowerStore versions prior to 3.5 contain an improper verification of cryptographic signature vulnerability. An attacker can trick a high...
Description: Dell PowerStore versions prior to 3.5 contain an improper verification of cryptographic signature vulnerability. An attacker can trick a high privileged user to install a malicious binary by bypassing the existing cryptographic signature checks

CVSS: HIGH (7.2)

EPSS Score: 0.06%

Source: CVE
December 5th, 2024 (5 months ago)

CVE-2023-28073
Dell BIOS contains an improper authentication vulnerability. A locally authenticated malicious user may potentially exploit this vulnerability by...
Description: Dell BIOS contains an improper authentication vulnerability. A locally authenticated malicious user may potentially exploit this vulnerability by bypassing certain authentication mechanisms in order to elevate privileges on the system.

CVSS: HIGH (8.2)

EPSS Score: 0.04%

Source: CVE
December 5th, 2024 (5 months ago)

CVE-2023-25517
NVIDIA vGPU software contains a vulnerability in the Virtual GPU Manager (vGPU plugin), where a guest OS may be able to control resources for...
Description: NVIDIA vGPU software contains a vulnerability in the Virtual GPU Manager (vGPU plugin), where a guest OS may be able to control resources for which it is not authorized, which may lead to information disclosure and data tampering.

CVSS: HIGH (7.1)

EPSS Score: 0.04%

Source: CVE
December 5th, 2024 (5 months ago)

CVE-2023-21517
Heap out-of-bound write vulnerability in Exynos baseband prior to SMR Jun-2023 Release 1 allows remote attacker to execute arbitrary code.
Description: Heap out-of-bound write vulnerability in Exynos baseband prior to SMR Jun-2023 Release 1 allows remote attacker to execute arbitrary code.

CVSS: HIGH (8.8)

EPSS Score: 0.28%

Source: CVE
December 5th, 2024 (5 months ago)

CVE-2023-0425
Buffer overflow in global memory region
Description: ABB is aware of vulnerabilities in the product versions listed below. An update is available that resolves the reported vulnerabilities in the product versions under maintenance. An attacker who successfully exploited one or more of these vulnerabilities could cause the product to stop or make the product inaccessible.  Numeric Range Comparison Without Minimum Check vulnerability in ABB Freelance controllers AC 700F (Controller modules), ABB Freelance controllers AC 900F (controller modules).This issue affects: Freelance controllers AC 700F:  from 9.0;0 through V9.2 SP2, through Freelance 2013, through Freelance 2013SP1, through Freelance 2016, through Freelance 2016SP1, through Freelance 2019, through Freelance 2019 SP1, through Freelance 2019 SP1 FP1;  Freelance controllers AC 900F:  Freelance 2013, through Freelance 2013SP1, through Freelance 2016, through Freelance 2016SP1, through Freelance 2019, through Freelance 2019 SP1, through Freelance 2019 SP1 FP1.

CVSS: HIGH (8.6)

EPSS Score: 0.09%

Source: CVE
December 5th, 2024 (5 months ago)

CVE-2024-9200
A post-authentication command injection vulnerability in the "host" parameter of the diagnostic function in Zyxel VMG4005-B50A firmware versions...
Description: A post-authentication command injection vulnerability in the "host" parameter of the diagnostic function in Zyxel VMG4005-B50A firmware versions through V5.15(ABQA.2.2)C0 could allow an authenticated attacker with administrator privileges to execute operating system (OS) commands on a vulnerable device.

CVSS: HIGH (7.2)

EPSS Score: 0.04%

Source: CVE
December 4th, 2024 (5 months ago)