Threat and Vulnerability Intelligence Database
Example Searches:
CVE
Threat Actors
Countries
Vendors
Severity
Known Exploited
CVE-2023-52944 |
Description: Incorrect authorization vulnerability in ActionRule webapi component in Synology Surveillance Station before 9.2.0-11289 and 9.2.0-9289 allows remote authenticated users to perform limited actions on the set action rules function via unspecified vectors.
CVSS: MEDIUM (4.3) EPSS Score: 0.04%
December 5th, 2024 (5 months ago)
|
|
CVE-2023-52943 |
Description: Incorrect authorization vulnerability in Alert.Setting webapi component in Synology Surveillance Station before 9.2.0-11289 and 9.2.0-9289 allows remote authenticated users to to perform limited actions on the alerting function via unspecified vectors.
CVSS: MEDIUM (4.3) EPSS Score: 0.04%
December 5th, 2024 (5 months ago)
|
|
CVE-2023-35979 |
Description: There is an unauthenticated buffer overflow vulnerability in the process controlling the ArubaOS web-based management interface. Successful exploitation of this vulnerability results in a Denial-of-Service (DoS) condition affecting the web-based management interface of the controller.
CVSS: MEDIUM (5.3) EPSS Score: 0.09%
December 5th, 2024 (5 months ago)
|
|
CVE-2023-35977 |
Description: Vulnerabilities exist which allow an authenticated attacker to access sensitive information on the ArubaOS command line interface. Successful exploitation could allow access to data beyond what is authorized by the users existing privilege level.
CVSS: MEDIUM (6.5) EPSS Score: 0.06%
December 5th, 2024 (5 months ago)
|
|
CVE-2023-35976 |
Description: Vulnerabilities exist which allow an authenticated attacker to access sensitive information on the ArubaOS command line interface. Successful exploitation could allow access to data beyond what is authorized by the users existing privilege level.
CVSS: MEDIUM (6.5) EPSS Score: 0.06%
December 5th, 2024 (5 months ago)
|
|
CVE-2023-35975 |
Description: An authenticated path traversal vulnerability exists in the ArubaOS command line interface. Successful exploitation of this vulnerability results in the ability to delete arbitrary files in the underlying operating system.
CVSS: MEDIUM (6.5) EPSS Score: 0.08%
December 5th, 2024 (5 months ago)
|
|
CVE-2023-33842 |
Description: IBM SPSS Modeler on Windows 17.0, 18.0, 18.2.2, 18.3, 18.4, and 18.5 requires the end user to have access to the server SSL key which could allow a local user to decrypt and obtain sensitive information. IBM X-Force ID: 256117.
CVSS: MEDIUM (6.2) EPSS Score: 0.04%
December 5th, 2024 (5 months ago)
|
|
CVE-2023-3114 |
Description: Terraform Enterprise since v202207-1 did not properly implement authorization rules for agent pools, allowing the workspace to be targeted by unauthorized agents. This authorization flaw could potentially allow a workspace to access resources from a separate, higher-privileged workspace in the same organization that targeted an agent pool. This vulnerability, CVE-2023-3114, is fixed in Terraform Enterprise v202306-1.
CVSS: MEDIUM (5.0) EPSS Score: 0.06%
December 5th, 2024 (5 months ago)
|
|
CVE-2023-28065 |
Description:
Dell Command | Update, Dell Update, and Alienware Update versions 4.8.0 and prior contain an Insecure Operation on Windows Junction / Mount Point vulnerability. A local malicious user could potentially exploit this vulnerability leading to privilege escalation.
CVSS: MEDIUM (6.7) EPSS Score: 0.04%
December 5th, 2024 (5 months ago)
|
|
CVE-2023-28026 |
Description:
Dell BIOS contains an improper input validation vulnerability. A local authenticated malicious user with administrator privileges may potentially exploit this vulnerability in order to modify a UEFI variable.
CVSS: MEDIUM (5.1) EPSS Score: 0.04%
December 5th, 2024 (5 months ago)
|