Threat and Vulnerability Intelligence Database

Example Searches:

CVE-2023-41166	Description: An issue was discovered in Stormshield Network Security (SNS) 3.7.0 through 3.7.39, 3.11.0 through 3.11.27, 4.3.0 through 4.3.22, 4.6.0 through 4.6.9, and 4.7.0 through 4.7.1. It's possible to know if a specific user account exists on the SNS firewall by using remote access commands. CVSS: LOW (0.0) EPSS Score: 0.06% Source: CVE November 27th, 2024 (5 months ago)
CVE-2023-41118	Description: An issue was discovered in EnterpriseDB Postgres Advanced Server (EPAS) before 11.21.32, 12.x before 12.16.20, 13.x before 13.12.16, 14.x before 14.9.0, and 15.x before 15.4.0. It may allow an authenticated user to bypass authorization requirements and access underlying implementation functions. When a superuser has configured file locations using CREATE DIRECTORY, these functions allow users to take a wide range of actions, including read, write, copy, rename, and delete. CVSS: LOW (0.0) EPSS Score: 0.09% Source: CVE November 27th, 2024 (5 months ago)
CVE-2023-38857	Description: Buffer Overflow vulnerability infaad2 v.2.10.1 allows a remote attacker to execute arbitrary code and cause a denial of service via the stcoin function in mp4read.c. CVSS: LOW (0.0) EPSS Score: 0.11% Source: CVE November 27th, 2024 (5 months ago)
CVE-2023-38710	Description: An issue was discovered in Libreswan before 4.12. When an IKEv2 Child SA REKEY packet contains an invalid IPsec protocol ID number of 0 or 1, an error notify INVALID_SPI is sent back. The notify payload's protocol ID is copied from the incoming packet, but the code that verifies outgoing packets fails an assertion that the protocol ID must be ESP (2) or AH(3) and causes the pluto daemon to crash and restart. NOTE: the earliest affected version is 3.20. CVSS: LOW (0.0) EPSS Score: 0.07% Source: CVE November 27th, 2024 (5 months ago)
CVE-2023-38324	Description: An issue was discovered in OpenNDS before 10.1.2. It allows users to skip the splash page sequence (and directly authenticate) when it is using the default FAS key and OpenNDS is configured as FAS. Affected OpenNDS Captive Portal before version 10.1.2 fixed in OpenWrt master, OpenWrt 23.05 and OpenWrt 22.03 on 28. August 2023 by updating OpenNDS to version 10.1.3. CVSS: LOW (0.0) EPSS Score: 0.12% Source: CVE November 27th, 2024 (5 months ago)
CVE-2023-37305	Description: An issue was discovered in the ProofreadPage (aka Proofread Page) extension for MediaWiki through 1.39.3. In includes/Page/PageContentHandler.php and includes/Page/PageDisplayHandler.php, hidden users can be exposed via public interfaces. CVSS: LOW (0.0) EPSS Score: 0.08% Source: CVE November 27th, 2024 (5 months ago)
CVE-2023-37304	Description: An issue was discovered in the DoubleWiki extension for MediaWiki through 1.39.3. includes/DoubleWiki.php allows XSS via the column alignment feature. CVSS: LOW (0.0) EPSS Score: 0.05% Source: CVE November 27th, 2024 (5 months ago)
CVE-2023-37302	Description: An issue was discovered in SiteLinksView.php in Wikibase in MediaWiki through 1.39.3. There is XSS via a crafted badge title attribute. This is also related to lack of escaping in wbTemplate (from resources/wikibase/templates.js) for quotes (which can be in a title attribute). CVSS: LOW (0.0) EPSS Score: 0.08% Source: CVE November 27th, 2024 (5 months ago)
CVE-2023-37256	Description: An issue was discovered in the Cargo extension for MediaWiki through 1.39.3. It allows one to store javascript: URLs in URL fields, and automatically links these URLs. CVSS: LOW (0.0) EPSS Score: 0.08% Source: CVE November 27th, 2024 (5 months ago)
CVE-2023-37255	Description: An issue was discovered in the CheckUser extension for MediaWiki through 1.39.3. In Special:CheckUser, a check of the "get edits" type is vulnerable to HTML injection through the User-Agent HTTP request header. CVSS: LOW (0.0) EPSS Score: 0.08% Source: CVE November 27th, 2024 (5 months ago)