CyberAlerts is shutting down on June 30th, 2025. Thank you for your support!
Threat and Vulnerability Intelligence Database
Example Searches:
CVE
Threat Actors
Countries
Vendors
Severity
Known Exploited
CVE-2023-23343 |
Description: A clickjacking vulnerability in the HCL BigFix OSD Bare Metal Server version 311.12 or lower allows attacker to use transparent or opaque layers to trick a user into clicking on a button or link on another page to perform a redirect to an attacker-controlled domain.
CVSS: LOW (2.4) EPSS Score: 0.06%
December 6th, 2024 (7 months ago)
|
|
CVE-2023-21187 |
Description: In onCreate of UsbAccessoryUriActivity.java, there is a possible way to escape the Setup Wizard due to a logic error in the code. This could lead to local escalation of privilege with no additional execution privileges needed. User interaction is not needed for exploitation.Product: AndroidVersions: Android-13Android ID: A-246542917
CVSS: LOW (0.0) EPSS Score: 0.04%
December 6th, 2024 (7 months ago)
|
|
CVE-2023-21176 |
Description: In list_key_entries of utils.rs, there is a possible way to disable user credentials due to resource exhaustion. This could lead to local denial of service with System execution privileges needed. User interaction is not needed for exploitation.Product: AndroidVersions: Android-13Android ID: A-222287335
CVSS: LOW (0.0) EPSS Score: 0.04%
December 6th, 2024 (7 months ago)
|
|
CVE-2023-21175 |
Description: In onCreate of DataUsageSummary.java, there is a possible method for a guest user to enable or disable mobile data due to a permissions bypass. This could lead to local escalation of privilege with no additional execution privileges needed. User interaction is not needed for exploitation.Product: AndroidVersions: Android-13Android ID: A-262243574
CVSS: LOW (0.0) EPSS Score: 0.04%
December 6th, 2024 (7 months ago)
|
|
CVE-2023-21174 |
Description: In isPageSearchEnabled of BillingCycleSettings.java, there is a possible way for the guest user to change data limits due to a permissions bypass. This could lead to local escalation of privilege with no additional execution privileges needed. User interaction is not needed for exploitation.Product: AndroidVersions: Android-13Android ID: A-235822222
CVSS: LOW (0.0) EPSS Score: 0.04%
December 6th, 2024 (7 months ago)
|
|
CVE-2023-21173 |
Description: In multiple methods of DataUsageList.java, there is a possible way to learn about admin user's network activities due to a missing permission check. This could lead to local information disclosure with no additional execution privileges needed. User interaction is not needed for exploitation.Product: AndroidVersions: Android-13Android ID: A-262741858
CVSS: LOW (0.0) EPSS Score: 0.04%
December 6th, 2024 (7 months ago)
|
|
CVE-2023-21172 |
Description: In multiple functions of WifiCallingSettings.java, there is a possible way to change calling preferences for the admin user due to a permissions bypass. This could lead to local escalation of privilege with no additional execution privileges needed. User interaction is not needed for exploitation.Product: AndroidVersions: Android-13Android ID: A-262243015
CVSS: LOW (0.0) EPSS Score: 0.04%
December 6th, 2024 (7 months ago)
|
|
CVE-2024-6232 |
Description: There is a MEDIUM severity vulnerability affecting CPython.
Regular expressions that allowed excessive backtracking during tarfile.TarFile header parsing are vulnerable to ReDoS via specifically-crafted tar archives.
CVSS: LOW (0.0) EPSS Score: 0.11%
December 5th, 2024 (7 months ago)
|
|
CVE-2024-54675 |
Description: app/webroot/js/workflows-editor/workflows-editor.js in MISP through 2.5.2 has stored XSS in the editor interface for an ad-hoc workflow.
CVSS: LOW (0.0) EPSS Score: 0.04%
December 5th, 2024 (7 months ago)
|
|
CVE-2024-54674 |
Description: app/View/GalaxyClusters/cluster_export_misp_galaxy.ctp in MISP through 2.5.2 has stored XSS when exporting custom clusters into the misp-galaxy format.
CVSS: LOW (0.0) EPSS Score: 0.04%
December 5th, 2024 (7 months ago)
|