Threat and Vulnerability Intelligence Database
Example Searches:
CVE
Threat Actors
Countries
Vendors
Severity
Known Exploited
CVE-2023-35977 |
Description: Vulnerabilities exist which allow an authenticated attacker to access sensitive information on the ArubaOS command line interface. Successful exploitation could allow access to data beyond what is authorized by the users existing privilege level.
CVSS: MEDIUM (6.5) EPSS Score: 0.06%
December 5th, 2024 (5 months ago)
|
|
CVE-2023-35976 |
Description: Vulnerabilities exist which allow an authenticated attacker to access sensitive information on the ArubaOS command line interface. Successful exploitation could allow access to data beyond what is authorized by the users existing privilege level.
CVSS: MEDIUM (6.5) EPSS Score: 0.06%
December 5th, 2024 (5 months ago)
|
|
CVE-2023-35975 |
Description: An authenticated path traversal vulnerability exists in the ArubaOS command line interface. Successful exploitation of this vulnerability results in the ability to delete arbitrary files in the underlying operating system.
CVSS: MEDIUM (6.5) EPSS Score: 0.08%
December 5th, 2024 (5 months ago)
|
|
CVE-2023-33842 |
Description: IBM SPSS Modeler on Windows 17.0, 18.0, 18.2.2, 18.3, 18.4, and 18.5 requires the end user to have access to the server SSL key which could allow a local user to decrypt and obtain sensitive information. IBM X-Force ID: 256117.
CVSS: MEDIUM (6.2) EPSS Score: 0.04%
December 5th, 2024 (5 months ago)
|
|
CVE-2023-3114 |
Description: Terraform Enterprise since v202207-1 did not properly implement authorization rules for agent pools, allowing the workspace to be targeted by unauthorized agents. This authorization flaw could potentially allow a workspace to access resources from a separate, higher-privileged workspace in the same organization that targeted an agent pool. This vulnerability, CVE-2023-3114, is fixed in Terraform Enterprise v202306-1.
CVSS: MEDIUM (5.0) EPSS Score: 0.06%
December 5th, 2024 (5 months ago)
|
|
CVE-2023-28065 |
Description:
Dell Command | Update, Dell Update, and Alienware Update versions 4.8.0 and prior contain an Insecure Operation on Windows Junction / Mount Point vulnerability. A local malicious user could potentially exploit this vulnerability leading to privilege escalation.
CVSS: MEDIUM (6.7) EPSS Score: 0.04%
December 5th, 2024 (5 months ago)
|
|
CVE-2023-28026 |
Description:
Dell BIOS contains an improper input validation vulnerability. A local authenticated malicious user with administrator privileges may potentially exploit this vulnerability in order to modify a UEFI variable.
CVSS: MEDIUM (5.1) EPSS Score: 0.04%
December 5th, 2024 (5 months ago)
|
|
CVE-2024-9978 |
Description: in OpenHarmony v4.1.1 and prior versions allow a local attacker cause information leak through out-of-bounds Read.
CVSS: MEDIUM (5.5) EPSS Score: 0.04%
December 4th, 2024 (5 months ago)
|
|
CVE-2024-9694 |
Description: The CMSMasters Elementor Addon plugin for WordPress is vulnerable to Stored Cross-Site Scripting via multiple widgets in all versions up to, and including, 1.14.7 due to insufficient input sanitization and output escaping on user supplied attributes. This makes it possible for authenticated attackers, with contributor-level access and above, to inject arbitrary web scripts in pages that will execute whenever a user accesses an injected page.
CVSS: MEDIUM (6.4) EPSS Score: 0.05%
December 4th, 2024 (5 months ago)
|
|
CVE-2024-9287 |
Description: A vulnerability has been found in the CPython `venv` module and CLI where path names provided when creating a virtual environment were not quoted properly, allowing the creator to inject commands into virtual environment "activation" scripts (ie "source venv/bin/activate"). This means that attacker-controlled virtual environments are able to run commands when the virtual environment is activated. Virtual environments which are not created by an attacker or which aren't activated before being used (ie "./venv/bin/python") are not affected.
CVSS: MEDIUM (5.3) EPSS Score: 0.04%
December 4th, 2024 (5 months ago)
|