Threat and Vulnerability Intelligence Database
Example Searches:
CVE
Threat Actors
Countries
Vendors
Severity
Known Exploited
CVE-2023-44186 |
Description:
An Improper Handling of Exceptional Conditions vulnerability in AS PATH processing of Juniper Networks Junos OS and Junos OS Evolved allows an attacker to send a BGP update message with an AS PATH containing a large number of 4-byte ASes, leading to a Denial of Service (DoS). Continued receipt and processing of these BGP updates will create a sustained Denial of Service (DoS) condition.
This issue is hit when the router has Non-Stop Routing (NSR) enabled, has a non-4-byte-AS capable BGP neighbor, receives a BGP update message with a prefix that includes a long AS PATH containing large number of 4-byte ASes, and has to advertise the prefix towards the non-4-byte-AS capable BGP neighbor.
Note: NSR is not supported on the SRX Series and is therefore not affected by this vulnerability.
This issue affects:
Juniper Networks Junos OS:
* All versions prior to 20.4R3-S8;
* 21.1 versions 21.1R1 and later;
* 21.2 versions prior to 21.2R3-S6;
* 21.3 versions prior to 21.3R3-S5;
* 21.4 versions prior to 21.4R3-S5;
* 22.1 versions prior to 22.1R3-S4;
* 22.2 versions prior to 22.2R3-S2;
* 22.3 versions prior to 22.3R2-S2, 22.3R3-S1;
* 22.4 versions prior to 22.4R2-S1, 22.4R3.
Juniper Networks Junos OS Evolved
* All versions prior to 20.4R3-S8-EVO;
* 21.1 versions 21.1R1-EVO and later;
* 21.2 versions prior to 21.2R3-S6-EVO;
* 21.3 versions prior to 21.3R3-S5-EVO;
* 21.4 versions prior to 21.4R3-S5-EVO;
* 22.1 versions prior to 22...
CVSS: HIGH (7.5) EPSS Score: 0.08%
December 4th, 2024 (5 months ago)
|
|
CVE-2023-4257 |
Description: Unchecked user input length in /subsys/net/l2/wifi/wifi_shell.c can cause buffer overflows.
CVSS: HIGH (7.6) EPSS Score: 0.11%
December 4th, 2024 (5 months ago)
|
|
CVE-2023-40598 |
Description: In Splunk Enterprise versions below 8.2.12, 9.0.6, and 9.1.1, an attacker can create an external lookup that calls a legacy internal function. The attacker can use this internal function to insert code into the Splunk platform installation directory. From there, a user can execute arbitrary code on the Splunk platform Instance.
CVSS: HIGH (8.5) EPSS Score: 0.09%
December 4th, 2024 (5 months ago)
|
|
CVE-2023-40592 |
Description: In Splunk Enterprise versions below 9.1.1, 9.0.6, and 8.2.12, an attacker can craft a special web request that can result in reflected cross-site scripting (XSS) on the “/app/search/table” web endpoint. Exploitation of this vulnerability can lead to the execution of arbitrary commands on the Splunk platform instance.
CVSS: HIGH (8.4) EPSS Score: 0.08%
December 4th, 2024 (5 months ago)
|
|
CVE-2023-3725 |
Description: Potential buffer overflow vulnerability in the Zephyr CAN bus subsystem
CVSS: HIGH (7.6) EPSS Score: 0.15%
December 4th, 2024 (5 months ago)
|
|
CVE-2023-34418 |
Description: A valid, authenticated LXCA user may be able to gain unauthorized access to events and other data stored in LXCA due to a SQL injection vulnerability in a specific web API.
CVSS: HIGH (8.1) EPSS Score: 0.08%
December 4th, 2024 (5 months ago)
|
|
CVE-2023-3325 |
Description: The CMS Commander plugin for WordPress is vulnerable to authorization bypass due to the use of an insufficiently unique cryptographic signature on the 'cmsc_add_site' function in versions up to, and including, 2.287. This makes it possible for unauthenticated attackers to the plugin to change the '_cmsc_public_key' in the plugin config, providing access to the plugin's remote control functionalities, such as creating an admin access URL, which can be used for privilege escalation. This can only be exploited if the plugin has not been configured yet, however, if combined with another arbitrary plugin installation and activation vulnerability, the impact can be severe.
CVSS: HIGH (8.1) EPSS Score: 0.24%
December 4th, 2024 (5 months ago)
|
|
CVE-2023-3113 |
Description: An unauthenticated XML external entity injection (XXE) vulnerability exists in LXCA's Common Information Model (CIM) server that could result in read-only access to specific files.
CVSS: HIGH (8.2) EPSS Score: 0.12%
December 4th, 2024 (5 months ago)
|
|
CVE-2023-25837 |
Description: There is a Cross-site Scripting vulnerability in Esri ArcGIS Enterprise Sites versions 10.8.1 – 10.9 that may allow a remote, authenticated attacker to create a crafted link which when clicked by a victim could potentially execute arbitrary JavaScript code in the target's browser. The privileges required to execute this attack are high.
The impact to Confidentiality, Integrity and Availability are High.
CVSS: HIGH (8.4) EPSS Score: 0.06%
December 4th, 2024 (5 months ago)
|
|
CVE-2023-25835 |
Description: There is a stored Cross-site Scripting vulnerability in Esri Portal for ArcGIS Enterprise Sites versions 10.8.1 – 11.1 that may allow a remote, authenticated attacker to create a crafted link that is stored in the site configuration which when clicked could potentially execute arbitrary JavaScript code in the victims browser. The privileges required to execute this attack are high. The impact to Confidentiality, Integrity and Availability are High.
CVSS: HIGH (8.4) EPSS Score: 0.06%
December 4th, 2024 (5 months ago)
|