Threat and Vulnerability Intelligence Database

RSS Feed

Example Searches:

CVE
Threat Actors
Countries
Vendors
Severity
Known Exploited

CVE-2023-36564
Windows Search Security Feature Bypass Vulnerability
Description: Windows Search Security Feature Bypass Vulnerability

CVSS: MEDIUM (6.5)

EPSS Score: 0.05%

Source: CVE
December 11th, 2024 (4 months ago)

CVE-2023-36563
Microsoft WordPad Information Disclosure Vulnerability
Description: Microsoft WordPad Information Disclosure Vulnerability

CVSS: MEDIUM (6.5)

EPSS Score: 0.33%

Source: CVE
December 11th, 2024 (4 months ago)

CVE-2023-36559
Microsoft Edge (Chromium-based) Spoofing Vulnerability
Description: Microsoft Edge (Chromium-based) Spoofing Vulnerability

CVSS: MEDIUM (4.2)

EPSS Score: 1.99%

Source: CVE
December 11th, 2024 (4 months ago)

CVE-2023-36433
Microsoft Dynamics 365 (On-Premises) Information Disclosure Vulnerability
Description: Microsoft Dynamics 365 (On-Premises) Information Disclosure Vulnerability

CVSS: MEDIUM (6.5)

EPSS Score: 0.05%

Source: CVE
December 11th, 2024 (4 months ago)

CVE-2023-36429
Microsoft Dynamics 365 (On-Premises) Information Disclosure Vulnerability
Description: Microsoft Dynamics 365 (On-Premises) Information Disclosure Vulnerability

CVSS: MEDIUM (6.5)

EPSS Score: 0.05%

Source: CVE
December 11th, 2024 (4 months ago)

CVE-2023-36416
Microsoft Dynamics 365 (on-premises) Cross-site Scripting Vulnerability
Description: Microsoft Dynamics 365 (on-premises) Cross-site Scripting Vulnerability

CVSS: MEDIUM (6.1)

EPSS Score: 0.05%

Source: CVE
December 11th, 2024 (4 months ago)

CVE-2023-36409
Microsoft Edge (Chromium-based) Information Disclosure Vulnerability
Description: Microsoft Edge (Chromium-based) Information Disclosure Vulnerability

CVSS: MEDIUM (6.5)

EPSS Score: 0.09%

Source: CVE
December 11th, 2024 (4 months ago)

CVE-2023-34241
CUPS vulnerable to use-after-free in cupsdAcceptClient()
Description: OpenPrinting CUPS is a standards-based, open source printing system for Linux and other Unix-like operating systems. Starting in version 2.0.0 and prior to version 2.4.6, CUPS logs data of free memory to the logging service AFTER the connection has been closed, when it should have logged the data right before. This is a use-after-free bug that impacts the entire cupsd process. The exact cause of this issue is the function `httpClose(con->http)` being called in `scheduler/client.c`. The problem is that httpClose always, provided its argument is not null, frees the pointer at the end of the call, only for cupsdLogClient to pass the pointer to httpGetHostname. This issue happens in function `cupsdAcceptClient` if LogLevel is warn or higher and in two scenarios: there is a double-lookup for the IP Address (HostNameLookups Double is set in `cupsd.conf`) which fails to resolve, or if CUPS is compiled with TCP wrappers and the connection is refused by rules from `/etc/hosts.allow` and `/etc/hosts.deny`. Version 2.4.6 has a patch for this issue.

CVSS: MEDIUM (5.3)

EPSS Score: 0.05%

Source: CVE
December 11th, 2024 (4 months ago)

CVE-2023-32717
Role-based Access Control (RBAC) Bypass on '/services/indexing/preview' REST Endpoint Can Overwrite Search Results
Description: On Splunk Enterprise versions below 9.0.5, 8.2.11, and 8.1.14, and in Splunk Cloud Platform versions below 9.0.2303.100, an unauthorized user can access the {{/services/indexing/preview}} REST endpoint to overwrite search results if they know the search ID (SID) of an existing search job.

CVSS: MEDIUM (4.3)

EPSS Score: 0.07%

Source: CVE
December 11th, 2024 (4 months ago)

CVE-2023-32716
Denial of Service via the 'dump' SPL command
Description: In Splunk Enterprise versions below 9.0.5, 8.2.11, and 8.1.14, and Splunk Cloud Platform versions below 9.0.2303.100, an attacker can exploit a vulnerability in the {{dump}} SPL command to cause a denial of service by crashing the Splunk daemon.

CVSS: MEDIUM (6.5)

EPSS Score: 0.09%

Source: CVE
December 11th, 2024 (4 months ago)