Threat and Vulnerability Intelligence Database
Example Searches:
CVE
Threat Actors
Countries
Vendors
Severity
Known Exploited
CVE-2023-35176 |
Description: Certain HP LaserJet Pro print products are potentially vulnerable to Buffer Overflow and/or Denial of Service when using the backup & restore feature through the embedded web service on the device.
CVSS: LOW (0.0) EPSS Score: 0.57%
December 5th, 2024 (5 months ago)
|
|
CVE-2023-35175 |
Description: Certain HP LaserJet Pro print products are potentially vulnerable to Potential Remote Code Execution and/or Elevation of Privilege via Server-Side Request Forgery (SSRF) using the Web Service Eventing model.
CVSS: LOW (0.0) EPSS Score: 0.43%
December 5th, 2024 (5 months ago)
|
|
CVE-2023-34927 |
Description: Casdoor v1.331.0 and below was discovered to contain a Cross-Site Request Forgery (CSRF) in the endpoint /api/set-password. This vulnerability allows attackers to arbitrarily change the victim user's password via supplying a crafted URL.
CVSS: LOW (0.0) EPSS Score: 3.19%
December 5th, 2024 (5 months ago)
|
|
CVE-2023-34923 |
Description: XML Signature Wrapping (XSW) in SAML-based Single Sign-on feature in TOPdesk v12.10.12 allows bad actors with credentials to authenticate with the Identity Provider (IP) to impersonate any TOPdesk user via SAML Response manipulation.
CVSS: LOW (0.0) EPSS Score: 0.1%
December 5th, 2024 (5 months ago)
|
|
CVE-2023-34796 |
Description: Cross site scripting (XSS) vulnerabiliy in dmarcts-report-viewer dashboard versions 1.1 and thru commit 8a1d882b4c481a05e296e9b38a7961e912146a0f, allows unauthenticated attackers to execute arbitrary code via the org_name or domain values.
CVSS: LOW (0.0) EPSS Score: 0.2%
December 5th, 2024 (5 months ago)
|
|
CVE-2023-34148 |
Description: An exposed dangerous function vulnerability in the Trend Micro Apex One and Apex One as a Service security agent could allow a local attacker to escalate privileges and write an arbitrary value to specific Trend Micro agent subkeys on affected installations.
Please note: an attacker must first obtain the ability to execute low-privileged code on the target system in order to exploit this vulnerability.
This is a similar, but not identical vulnerability as CVE-2023-34146 and CVE-2023-34147.
CVSS: LOW (0.0) EPSS Score: 0.05%
December 5th, 2024 (5 months ago)
|
|
CVE-2023-34147 |
Description: An exposed dangerous function vulnerability in the Trend Micro Apex One and Apex One as a Service security agent could allow a local attacker to escalate privileges and write an arbitrary value to specific Trend Micro agent subkeys on affected installations.
Please note: an attacker must first obtain the ability to execute low-privileged code on the target system in order to exploit this vulnerability.
This is a similar, but not identical vulnerability as CVE-2023-34146 and CVE-2023-34148.
CVSS: LOW (0.0) EPSS Score: 0.05%
December 5th, 2024 (5 months ago)
|
|
CVE-2023-34146 |
Description: An exposed dangerous function vulnerability in the Trend Micro Apex One and Apex One as a Service security agent could allow a local attacker to escalate privileges and write an arbitrary value to specific Trend Micro agent subkeys on affected installations.
Please note: an attacker must first obtain the ability to execute low-privileged code on the target system in order to exploit this vulnerability.
This is a similar, but not identical vulnerability as CVE-2023-34147 and CVE-2023-34148.
CVSS: LOW (0.0) EPSS Score: 0.05%
December 5th, 2024 (5 months ago)
|
|
CVE-2023-33904 |
Description: In hci_server, there is a possible out of bounds read due to a missing bounds check. This could lead to local denial of service with System execution privileges needed.
CVSS: LOW (0.0) EPSS Score: 0.04%
December 5th, 2024 (5 months ago)
|
|
CVE-2023-33903 |
Description: In FM service, there is a possible missing params check. This could lead to local denial of service with System execution privileges needed.
CVSS: LOW (0.0) EPSS Score: 0.04%
December 5th, 2024 (5 months ago)
|