Threat and Vulnerability Intelligence Database
Example Searches:
CVE
Threat Actors
Countries
Vendors
Severity
Known Exploited
CVE-2023-35856 |
Description: A buffer overflow in Nintendo Mario Kart Wii RMCP01, RMCE01, RMCJ01, and RMCK01 can be exploited by a game client to execute arbitrary code on a client's machine via a crafted packet.
CVSS: LOW (0.0) EPSS Score: 0.43%
December 12th, 2024 (4 months ago)
|
|
CVE-2023-35855 |
Description: A buffer overflow in Counter-Strike through 8684 allows a game server to execute arbitrary code on a remote client's machine by modifying the lservercfgfile console variable.
CVSS: LOW (0.0) EPSS Score: 0.23%
December 12th, 2024 (4 months ago)
|
|
CVE-2023-35853 |
Description: In Suricata before 6.0.13, an adversary who controls an external source of Lua rules may be able to execute Lua code. This is addressed in 6.0.13 by disabling Lua unless allow-rules is true in the security lua configuration section.
CVSS: LOW (0.0) EPSS Score: 0.22%
December 12th, 2024 (4 months ago)
|
|
CVE-2023-35852 |
Description: In Suricata before 6.0.13 (when there is an adversary who controls an external source of rules), a dataset filename, that comes from a rule, may trigger absolute or relative directory traversal, and lead to write access to a local filesystem. This is addressed in 6.0.13 by requiring allow-absolute-filenames and allow-write (in the datasets rules configuration section) if an installation requires traversal/writing in this situation.
CVSS: LOW (0.0) EPSS Score: 0.11%
December 12th, 2024 (4 months ago)
|
|
CVE-2023-35849 |
Description: VirtualSquare picoTCP (aka PicoTCP-NG) through 2.1 does not properly check whether header sizes would result in accessing data outside of a packet.
CVSS: LOW (0.0) EPSS Score: 0.12%
December 12th, 2024 (4 months ago)
|
|
CVE-2023-35848 |
Description: VirtualSquare picoTCP (aka PicoTCP-NG) through 2.1 lacks certain size calculations before attempting to set a value of an mss structure member.
CVSS: LOW (0.0) EPSS Score: 0.09%
December 12th, 2024 (4 months ago)
|
|
CVE-2023-35847 |
Description: VirtualSquare picoTCP (aka PicoTCP-NG) through 2.1 does not have an MSS lower bound (e.g., it could be zero).
CVSS: LOW (0.0) EPSS Score: 0.09%
December 12th, 2024 (4 months ago)
|
|
CVE-2023-35846 |
Description: VirtualSquare picoTCP (aka PicoTCP-NG) through 2.1 does not check the transport layer length in a frame before performing port filtering.
CVSS: LOW (0.0) EPSS Score: 0.09%
December 12th, 2024 (4 months ago)
|
|
CVE-2023-35844 |
Description: packages/backend/src/routers in Lightdash before 0.510.3 has insecure file endpoints, e.g., they allow .. directory traversal and do not ensure that an intended file extension (.csv or .png) is used.
CVSS: LOW (0.0) EPSS Score: 23.0%
December 12th, 2024 (4 months ago)
|
|
CVE-2023-35843 |
Description: NocoDB through 0.106.0 (or 0.109.1) has a path traversal vulnerability that allows an unauthenticated attacker to access arbitrary files on the server by manipulating the path parameter of the /download route. This vulnerability could allow an attacker to access sensitive files and data on the server, including configuration files, source code, and other sensitive information.
CVSS: LOW (0.0) EPSS Score: 37.65%
December 12th, 2024 (4 months ago)
|