CyberAlerts

CVE-2023-21631

Description: Weak Configuration due to improper input validation in Modem while processing LTE security mode command message received from network.

CVSS: HIGH (7.5)

EPSS Score: 0.17%

Source: CVE

December 6th, 2024 (5 months ago)

CVE-2023-20895

The VMware vCenter Server contains a memory corruption vulnerability in the implementation of the DCERPC protocol. A malicious actor with...

Description: The VMware vCenter Server contains a memory corruption vulnerability in the implementation of the DCERPC protocol. A malicious actor with network access to vCenter Server may trigger a memory corruption vulnerability which may bypass authentication.

CVSS: HIGH (8.1)

EPSS Score: 0.2%

Source: CVE

December 6th, 2024 (5 months ago)

CVE-2023-20894

The VMware vCenter Server contains an out-of-bounds write vulnerability in the implementation of the DCERPC protocol. A malicious actor with...

Description: The VMware vCenter Server contains an out-of-bounds write vulnerability in the implementation of the DCERPC protocol. A malicious actor with network access to vCenter Server may trigger an out-of-bound write by sending a specially crafted packet leading to memory corruption.

CVSS: HIGH (8.1)

EPSS Score: 0.24%

Source: CVE

December 6th, 2024 (5 months ago)

CVE-2023-20893

The VMware vCenter Server contains a use-after-free vulnerability in the implementation of the DCERPC protocol. A malicious actor with network...

Description: The VMware vCenter Server contains a use-after-free vulnerability in the implementation of the DCERPC protocol. A malicious actor with network access to vCenter Server may exploit this issue to execute arbitrary code on the underlying operating system that hosts vCenter Server.

CVSS: HIGH (8.1)

EPSS Score: 0.34%

Source: CVE

December 6th, 2024 (5 months ago)

CVE-2023-20892

VMware vCenter Server heap-overflow vulnerability

Description: The vCenter Server contains a heap overflow vulnerability due to the usage of uninitialized memory in the implementation of the DCERPC protocol. A malicious actor with network access to vCenter Server may exploit heap-overflow vulnerability to execute arbitrary code on the underlying operating system that hosts vCenter Server.

CVSS: HIGH (8.1)

EPSS Score: 0.24%

Source: CVE

December 6th, 2024 (5 months ago)

CVE-2023-1150

WAGO: Series 750-3x/-8x prone to MODBUS server DoS

Description: Uncontrolled resource consumption in Series WAGO 750-3x/-8x products may allow an unauthenticated remote attacker to DoS the MODBUS server with specially crafted packets.

CVSS: HIGH (7.5)

EPSS Score: 0.05%

Source: CVE

December 6th, 2024 (5 months ago)

CVE-2024-9766

Wacom Center WTabletServicePro Link Following Local Privilege Escalation Vulnerability

Description: Wacom Center WTabletServicePro Link Following Local Privilege Escalation Vulnerability. This vulnerability allows local attackers to escalate privileges on affected installations of Wacom Center. An attacker must first obtain the ability to execute low-privileged code on the target system in order to exploit this vulnerability. The specific flaw exists within WTabletServicePro process. By creating a symbolic link, an attacker can abuse the service to create a file. An attacker can leverage this vulnerability to escalate privileges and execute arbitrary code in the context of SYSTEM. Was ZDI-CAN-24304.

CVSS: HIGH (7.8)

EPSS Score: 0.05%

Source: CVE

December 5th, 2024 (5 months ago)

CVE-2024-9731

Trimble SketchUp Viewer SKP File Parsing Memory Corruption Remote Code Execution Vulnerability

Description: Trimble SketchUp Viewer SKP File Parsing Memory Corruption Remote Code Execution Vulnerability. This vulnerability allows remote attackers to execute arbitrary code on affected installations of Trimble SketchUp Viewer. User interaction is required to exploit this vulnerability in that the target must visit a malicious page or open a malicious file. The specific flaw exists within the parsing of SKP files. The issue results from the lack of proper validation of user-supplied data, which can result in a memory corruption condition. An attacker can leverage this vulnerability to execute code in the context of the current process. Was ZDI-CAN-24145.

CVSS: HIGH (7.8)

EPSS Score: 0.07%

Source: CVE

December 5th, 2024 (5 months ago)

CVE-2024-9730

Trimble SketchUp Viewer SKP File Parsing Memory Corruption Remote Code Execution Vulnerability

Description: Trimble SketchUp Viewer SKP File Parsing Memory Corruption Remote Code Execution Vulnerability. This vulnerability allows remote attackers to execute arbitrary code on affected installations of Trimble SketchUp Viewer. User interaction is required to exploit this vulnerability in that the target must visit a malicious page or open a malicious file. The specific flaw exists within the parsing of SKP files. The issue results from the lack of proper validation of user-supplied data, which can result in a memory corruption condition. An attacker can leverage this vulnerability to execute code in the context of the current process. Was ZDI-CAN-24146.

CVSS: HIGH (7.8)

EPSS Score: 0.07%

Source: CVE

December 5th, 2024 (5 months ago)

CVE-2024-9729

Trimble SketchUp Viewer SKP File Parsing Use-After-Free Remote Code Execution Vulnerability

Description: Trimble SketchUp Viewer SKP File Parsing Use-After-Free Remote Code Execution Vulnerability. This vulnerability allows remote attackers to execute arbitrary code on affected installations of Trimble SketchUp Viewer. User interaction is required to exploit this vulnerability in that the target must visit a malicious page or open a malicious file. The specific flaw exists within the parsing of SKP files. The issue results from the lack of validating the existence of an object prior to performing operations on the object. An attacker can leverage this vulnerability to execute code in the context of the current process. Was ZDI-CAN-24144.

CVSS: HIGH (7.8)

EPSS Score: 0.06%

Source: CVE

December 5th, 2024 (5 months ago)

Threat and Vulnerability Intelligence Database

Example Searches:

CVE-2023-21631	Improper Input Validation in Modem Description: Weak Configuration due to improper input validation in Modem while processing LTE security mode command message received from network. CVSS: HIGH (7.5) EPSS Score: 0.17% Source: CVE December 6th, 2024 (5 months ago)
CVE-2023-20895	The VMware vCenter Server contains a memory corruption vulnerability in the implementation of the DCERPC protocol. A malicious actor with... Description: The VMware vCenter Server contains a memory corruption vulnerability in the implementation of the DCERPC protocol. A malicious actor with network access to vCenter Server may trigger a memory corruption vulnerability which may bypass authentication. CVSS: HIGH (8.1) EPSS Score: 0.2% Source: CVE December 6th, 2024 (5 months ago)
CVE-2023-20894	The VMware vCenter Server contains an out-of-bounds write vulnerability in the implementation of the DCERPC protocol. A malicious actor with... Description: The VMware vCenter Server contains an out-of-bounds write vulnerability in the implementation of the DCERPC protocol. A malicious actor with network access to vCenter Server may trigger an out-of-bound write by sending a specially crafted packet leading to memory corruption. CVSS: HIGH (8.1) EPSS Score: 0.24% Source: CVE December 6th, 2024 (5 months ago)
CVE-2023-20893	The VMware vCenter Server contains a use-after-free vulnerability in the implementation of the DCERPC protocol. A malicious actor with network... Description: The VMware vCenter Server contains a use-after-free vulnerability in the implementation of the DCERPC protocol. A malicious actor with network access to vCenter Server may exploit this issue to execute arbitrary code on the underlying operating system that hosts vCenter Server. CVSS: HIGH (8.1) EPSS Score: 0.34% Source: CVE December 6th, 2024 (5 months ago)
CVE-2023-20892	VMware vCenter Server heap-overflow vulnerability Description: The vCenter Server contains a heap overflow vulnerability due to the usage of uninitialized memory in the implementation of the DCERPC protocol. A malicious actor with network access to vCenter Server may exploit heap-overflow vulnerability to execute arbitrary code on the underlying operating system that hosts vCenter Server. CVSS: HIGH (8.1) EPSS Score: 0.24% Source: CVE December 6th, 2024 (5 months ago)
CVE-2023-1150	WAGO: Series 750-3x/-8x prone to MODBUS server DoS Description: Uncontrolled resource consumption in Series WAGO 750-3x/-8x products may allow an unauthenticated remote attacker to DoS the MODBUS server with specially crafted packets. CVSS: HIGH (7.5) EPSS Score: 0.05% Source: CVE December 6th, 2024 (5 months ago)
CVE-2024-9766	Wacom Center WTabletServicePro Link Following Local Privilege Escalation Vulnerability Description: Wacom Center WTabletServicePro Link Following Local Privilege Escalation Vulnerability. This vulnerability allows local attackers to escalate privileges on affected installations of Wacom Center. An attacker must first obtain the ability to execute low-privileged code on the target system in order to exploit this vulnerability. The specific flaw exists within WTabletServicePro process. By creating a symbolic link, an attacker can abuse the service to create a file. An attacker can leverage this vulnerability to escalate privileges and execute arbitrary code in the context of SYSTEM. Was ZDI-CAN-24304. CVSS: HIGH (7.8) EPSS Score: 0.05% Source: CVE December 5th, 2024 (5 months ago)
CVE-2024-9731	Trimble SketchUp Viewer SKP File Parsing Memory Corruption Remote Code Execution Vulnerability Description: Trimble SketchUp Viewer SKP File Parsing Memory Corruption Remote Code Execution Vulnerability. This vulnerability allows remote attackers to execute arbitrary code on affected installations of Trimble SketchUp Viewer. User interaction is required to exploit this vulnerability in that the target must visit a malicious page or open a malicious file. The specific flaw exists within the parsing of SKP files. The issue results from the lack of proper validation of user-supplied data, which can result in a memory corruption condition. An attacker can leverage this vulnerability to execute code in the context of the current process. Was ZDI-CAN-24145. CVSS: HIGH (7.8) EPSS Score: 0.07% Source: CVE December 5th, 2024 (5 months ago)
CVE-2024-9730	Trimble SketchUp Viewer SKP File Parsing Memory Corruption Remote Code Execution Vulnerability Description: Trimble SketchUp Viewer SKP File Parsing Memory Corruption Remote Code Execution Vulnerability. This vulnerability allows remote attackers to execute arbitrary code on affected installations of Trimble SketchUp Viewer. User interaction is required to exploit this vulnerability in that the target must visit a malicious page or open a malicious file. The specific flaw exists within the parsing of SKP files. The issue results from the lack of proper validation of user-supplied data, which can result in a memory corruption condition. An attacker can leverage this vulnerability to execute code in the context of the current process. Was ZDI-CAN-24146. CVSS: HIGH (7.8) EPSS Score: 0.07% Source: CVE December 5th, 2024 (5 months ago)
CVE-2024-9729	Trimble SketchUp Viewer SKP File Parsing Use-After-Free Remote Code Execution Vulnerability Description: Trimble SketchUp Viewer SKP File Parsing Use-After-Free Remote Code Execution Vulnerability. This vulnerability allows remote attackers to execute arbitrary code on affected installations of Trimble SketchUp Viewer. User interaction is required to exploit this vulnerability in that the target must visit a malicious page or open a malicious file. The specific flaw exists within the parsing of SKP files. The issue results from the lack of validating the existence of an object prior to performing operations on the object. An attacker can leverage this vulnerability to execute code in the context of the current process. Was ZDI-CAN-24144. CVSS: HIGH (7.8) EPSS Score: 0.06% Source: CVE December 5th, 2024 (5 months ago)