Threat and Vulnerability Intelligence Database
Example Searches:
CVE
Threat Actors
Countries
Vendors
Severity
Known Exploited
CVE-2023-35799 |
Description: Stormshield Endpoint Security Evolution 2.0.0 through 2.3.2 has Insecure Permissions. An interactive user can use the SES Evolution agent to create arbitrary files with local system privileges.
CVSS: LOW (0.0) EPSS Score: 0.04%
December 3rd, 2024 (5 months ago)
|
|
CVE-2023-35690 |
Description: In RGXDestroyHWRTData of rgxta3d.c, there is a possible arbitrary code execution due to an uncaught exception. This could lead to local escalation of privilege in the kernel with no additional execution privileges needed. User interaction is not needed for exploitation.
CVSS: LOW (0.0) EPSS Score: 0.12%
December 3rd, 2024 (5 months ago)
|
|
CVE-2023-34839 |
Description: A Cross Site Request Forgery (CSRF) vulnerability in Issabel issabel-pbx v.4.0.0-6 allows a remote attacker to gain privileges via a Custom CSRF exploit to create new user function in the application.
CVSS: LOW (0.0) EPSS Score: 0.17%
December 3rd, 2024 (5 months ago)
|
|
CVE-2023-34838 |
Description: A Cross Site Scripting vulnerability in Microworld Technologies eScan Management console v.14.0.1400.2281 allows a remote attacker to execute arbitrary code via a crafted script to the Description parameter.
CVSS: LOW (0.0) EPSS Score: 0.06%
December 3rd, 2024 (5 months ago)
|
|
CVE-2023-34837 |
Description: A Cross Site Scripting vulnerability in Microworld Technologies eScan Management console v.14.0.1400.2281 allows a remote attacker to execute arbitrary code via a vulnerable parameter GrpPath.
CVSS: LOW (0.0) EPSS Score: 0.06%
December 3rd, 2024 (5 months ago)
|
|
CVE-2023-34203 |
Description: In Progress OpenEdge OEM (OpenEdge Management) and OEE (OpenEdge Explorer) before 12.7, a remote user (who has any OEM or OEE role) could perform a URL injection attack to change identity or role membership, e.g., escalate to admin. This affects OpenEdge LTS before 11.7.16, 12.x before 12.2.12, and 12.3.x through 12.6.x before 12.7.
CVSS: LOW (0.0) EPSS Score: 0.18%
December 3rd, 2024 (5 months ago)
|
|
CVE-2023-34188 |
Description: The HTTP server in Mongoose before 7.10 accepts requests containing negative Content-Length headers. By sending a single attack payload over TCP, an attacker can cause an infinite loop in which the server continuously reparses that payload, and does not respond to any other requests.
CVSS: LOW (0.0) EPSS Score: 0.16%
December 3rd, 2024 (5 months ago)
|
|
CVE-2023-32869 |
Description: In display drm, there is a possible out of bounds write due to a missing bounds check. This could lead to local escalation of privilege with System execution privileges needed. User interaction is not needed for exploitation. Patch ID: ALPS07363632; Issue ID: ALPS07363689.
CVSS: LOW (0.0) EPSS Score: 0.04%
December 3rd, 2024 (5 months ago)
|
|
CVE-2023-32861 |
Description: In display, there is a possible out of bounds read due to an incorrect bounds check. This could lead to local escalation of privilege with System execution privileges needed. User interaction is not needed for exploitation. Patch ID: ALPS08059081; Issue ID: ALPS08059081.
CVSS: LOW (0.0) EPSS Score: 0.04%
December 3rd, 2024 (5 months ago)
|
|
CVE-2023-32850 |
Description: In decoder, there is a possible out of bounds write due to an integer overflow. This could lead to local escalation of privilege with no additional execution privileges needed. User interaction is needed for exploitation. Patch ID: ALPS08016659; Issue ID: ALPS08016659.
CVSS: LOW (0.0) EPSS Score: 0.05%
December 3rd, 2024 (5 months ago)
|