Threat and Vulnerability Intelligence Database
Example Searches:
CVE
Threat Actors
Countries
Vendors
Severity
Known Exploited
CVE-2023-27083 |
Description: An issue discovered in /admin.php in Pluck CMS 4.7.15 through 4.7.16-dev5 allows remote attackers to run arbitrary code via manage file functionality.
CVSS: LOW (0.0) EPSS Score: 0.19%
December 7th, 2024 (5 months ago)
|
|
CVE-2023-25435 |
Description: libtiff 4.5.0 is vulnerable to Buffer Overflow via extractContigSamplesShifted8bits() at /libtiff/tools/tiffcrop.c:3753.
CVSS: LOW (0.0) EPSS Score: 0.05%
December 7th, 2024 (5 months ago)
|
|
CVE-2023-24261 |
Description: A vulnerability in GL.iNET GL-E750 Mudi before firmware v3.216 allows authenticated attackers to execute arbitrary code via a crafted POST request.
CVSS: LOW (0.0) EPSS Score: 0.12%
December 7th, 2024 (5 months ago)
|
|
CVE-2023-2281 |
Description: When archiving a team, Mattermost fails to sanitize the related Websocket event sent to currently connected clients. This allows the clients to see the name, display name, description, and other data about the archived team.
CVSS: LOW (3.1) EPSS Score: 0.05%
December 7th, 2024 (5 months ago)
|
|
CVE-2023-1562 |
Description: Mattermost fails to check the "Show Full Name" setting when rendering the result for the /plugins/focalboard/api/v2/users API call, allowing an attacker to learn the full name of a board owner.
CVSS: LOW (3.5) EPSS Score: 0.05%
December 7th, 2024 (5 months ago)
|
|
CVE-2023-1421 |
Description: A reflected cross-site scripting vulnerability in the OAuth flow completion endpoints in Mattermost allows an attacker to send AJAX requests on behalf of the victim via sharing a crafted link with a malicious state parameter.
CVSS: LOW (3.5) EPSS Score: 0.07%
December 7th, 2024 (5 months ago)
|
|
CVE-2023-0969 |
Description: A vulnerability in SiLabs Z/IP Gateway 7.18.01 and earlier allows an authenticated attacker within Z-Wave range to manipulate an array pointer to disclose the contents of global memory.
CVSS: LOW (3.5) EPSS Score: 0.04%
December 7th, 2024 (5 months ago)
|
|
CVE-2024-6219 |
Description: Mark Laing discovered in LXD's PKI mode, until version 5.21.1, that a restricted certificate could be added to the trust store with its restrictions not honoured.
CVSS: LOW (3.8) EPSS Score: 0.04%
December 6th, 2024 (5 months ago)
|
|
CVE-2024-6156 |
Description: Mark Laing discovered that LXD's PKI mode, until version 5.21.2, could be bypassed if the client's certificate was present in the trust store.
CVSS: LOW (3.8) EPSS Score: 0.04%
December 6th, 2024 (5 months ago)
|
|
CVE-2024-54140 |
Description: sigstore-java is a sigstore java client for interacting with sigstore infrastructure. sigstore-java has insufficient verification for a situation where a bundle provides a invalid signature for a checkpoint. This bug impacts clients using any variation of KeylessVerifier.verify(). Currently checkpoints are only used to ensure the root hash of an inclusion proof was provided by the log in question. Failing to validate that means a bundle may provide an inclusion proof that doesn't actually correspond to the log in question. This may eventually lead a monitor/witness being unable to detect when a compromised logs are providing different views of themselves to different clients. There are other mechanisms right now that mitigate this, such as the signed entry timestamp. Sigstore-java currently requires a valid signed entry timestamp. By correctly verifying the signed entry timestamp we can make certain assertions about the log signing the log entry (like the log was aware of the artifact signing event and signed it). Therefore the impact on clients that are not monitors/witnesses is very low. This vulnerability is fixed in 1.2.0.
CVSS: LOW (2.1) EPSS Score: 0.05%
December 6th, 2024 (5 months ago)
|