Threat and Vulnerability Intelligence Database
Example Searches:
CVE
Threat Actors
Countries
Vendors
Severity
Known Exploited
CVE-2023-34626 |
Description: Piwigo 13.7.0 is vulnerable to SQL Injection via the "Users" function.
EPSS Score: 0.06%
December 19th, 2024 (5 months ago)
|
|
CVE-2023-24032 |
Description: In Zimbra Collaboration Suite through 9.0 and 8.8.15, an attacker (who has initial user access to a Zimbra server instance) can execute commands as root by passing one of JVM arguments, leading to local privilege escalation (LPE).
EPSS Score: 0.04%
December 19th, 2024 (5 months ago)
|
|
CVE-2023-24031 |
Description: An issue was discovered in Zimbra Collaboration (ZCS) 9.0 and 8.8.15. XSS can occur, via one of attributes of the webmail /h/ endpoint, to execute arbitrary JavaScript code, leading to information disclosure.
EPSS Score: 0.08%
December 19th, 2024 (5 months ago)
|
|
CVE-2023-24030 |
Description: An open redirect vulnerability exists in the /preauth Servlet in Zimbra Collaboration Suite through 9.0 and 8.8.15. To exploit the vulnerability, an attacker would need to have obtained a valid zimbra auth token or a valid preauth token. Once the token is obtained, an attacker could redirect a user to any URL if url sanitisation is bypassed in incoming requests. NOTE: this is similar, but not identical, to CVE-2021-34807.
EPSS Score: 0.05%
December 19th, 2024 (5 months ago)
|
|
CVE-2023-21144 |
Description: In doInBackground of NotificationContentInflater.java, there is a possible temporary denial or service due to long running operations. This could lead to remote denial of service with no additional execution privileges needed. User interaction is not needed for exploitation.Product: AndroidVersions: Android-11 Android-12 Android-12L Android-13Android ID: A-252766417
EPSS Score: 0.1%
December 19th, 2024 (5 months ago)
|
|
CVE-2023-21143 |
Description: In multiple functions of multiple files, there is a possible way to make the device unusable due to improper input validation. This could lead to local denial of service with no additional execution privileges needed. User interaction is not needed for exploitation.Product: AndroidVersions: Android-11 Android-12 Android-12L Android-13Android ID: A-268193777
EPSS Score: 0.04%
December 19th, 2024 (5 months ago)
|
|
CVE-2023-21142 |
Description: In multiple files, there is a possible way to access traces in the dev mode due to a permissions bypass. This could lead to local information disclosure with no additional execution privileges needed. User interaction is not needed for exploitation.Product: AndroidVersions: Android-11 Android-12 Android-12L Android-13Android ID: A-262243665
EPSS Score: 0.04%
December 19th, 2024 (5 months ago)
|
|
CVE-2023-21137 |
Description: In several methods of JobStore.java, uncaught exceptions in job map parsing could lead to local persistent denial of service with no additional execution privileges needed. User interaction is not needed for exploitation.Product: AndroidVersions: Android-11 Android-12 Android-12L Android-13Android ID: A-246541702
EPSS Score: 0.05%
December 19th, 2024 (5 months ago)
|
|
CVE-2023-21136 |
Description: In multiple functions of JobStore.java, there is a possible way to cause a crash on startup due to improper input validation. This could lead to local denial of service with no additional execution privileges needed. User interaction is not needed for exploitation.Product: AndroidVersions: Android-11 Android-12 Android-12L Android-13Android ID: A-246542285
EPSS Score: 0.04%
December 19th, 2024 (5 months ago)
|
|
CVE-2023-21135 |
Description: In onCreate of NotificationAccessSettings.java, there is a possible failure to persist notifications settings due to improper input validation. This could lead to local escalation of privilege with no additional execution privileges needed. User interaction is not needed for exploitation.Product: AndroidVersions: Android-11 Android-12 Android-12L Android-13Android ID: A-260570119
EPSS Score: 0.04%
December 19th, 2024 (5 months ago)
|