Threat and Vulnerability Intelligence Database
Example Searches:
CVE
Threat Actors
Countries
Vendors
Severity
Known Exploited
CVE-2023-3758 |
Description: A race condition flaw was found in sssd where the GPO policy is not consistently applied for authenticated users. This may lead to improper authorization issues, granting or denying access to resources inappropriately.
EPSS Score: 0.04%
December 7th, 2024 (5 months ago)
|
|
CVE-2023-36371 |
Description: An issue in the GDKfree component of MonetDB Server v11.45.17 and v11.46.0 allows attackers to cause a Denial of Service (DoS) via crafted SQL statements.
CVSS: LOW (0.0) EPSS Score: 0.06%
December 7th, 2024 (5 months ago)
|
|
CVE-2023-36370 |
Description: An issue in the gc_col component of MonetDB Server v11.45.17 and v11.46.0 allows attackers to cause a Denial of Service (DoS) via crafted SQL statements.
CVSS: LOW (0.0) EPSS Score: 0.06%
December 7th, 2024 (5 months ago)
|
|
CVE-2023-36369 |
Description: An issue in the list_append component of MonetDB Server v11.45.17 and v11.46.0 allows attackers to cause a Denial of Service (DoS) via crafted SQL statements.
CVSS: LOW (0.0) EPSS Score: 0.06%
December 7th, 2024 (5 months ago)
|
|
CVE-2023-35174 |
Description: Livebook is a web application for writing interactive and collaborative code notebooks. On Windows, it is possible to open a `livebook://` link from a browser which opens Livebook Desktop and triggers arbitrary code execution on victim's machine. Any user using Livebook Desktop on Windows is potentially vulnerable to arbitrary code execution when they expect Livebook to be opened from browser. This vulnerability has been fixed in version 0.8.2 and 0.9.3.
CVSS: HIGH (8.6) EPSS Score: 0.45%
December 7th, 2024 (5 months ago)
|
|
CVE-2023-35166 |
Description: XWiki Platform is a generic wiki platform offering runtime services for applications built on top of it. It's possible to execute any wiki content with the right of the TipsPanel author by creating a tip UI extension. This has been patched in XWiki 15.1-rc-1 and 14.10.5.
CVSS: CRITICAL (10.0) EPSS Score: 0.3%
December 7th, 2024 (5 months ago)
|
|
CVE-2023-34968 |
Description: A path disclosure vulnerability was found in Samba. As part of the Spotlight protocol, Samba discloses the server-side absolute path of shares, files, and directories in the results for search queries. This flaw allows a malicious client or an attacker with a targeted RPC request to view the information that is part of the disclosed path.
EPSS Score: 0.33%
December 7th, 2024 (5 months ago)
|
|
CVE-2023-34939 |
Description: Onlyoffice Community Server before v12.5.2 was discovered to contain a remote code execution (RCE) vulnerability via the component UploadProgress.ashx.
CVSS: LOW (0.0) EPSS Score: 1.53%
December 7th, 2024 (5 months ago)
|
|
CVE-2023-34553 |
Description: An issue was discovered in WAFU Keyless Smart Lock v1.0 allows attackers to unlock a device via code replay attack.
CVSS: LOW (0.0) EPSS Score: 0.05%
December 7th, 2024 (5 months ago)
|
|
CVE-2023-34110 |
Description: Flask-AppBuilder is an application development framework, built on top of Flask. Prior to version 4.3.2, an authenticated malicious actor with Admin privileges, could by adding a special character on the add, edit User forms trigger a database error, this error is surfaced back to this actor on the UI. On certain database engines this error can include the entire user row including the pbkdf2:sha256 hashed password. This vulnerability has been fixed in version 4.3.2.
CVSS: LOW (2.7) EPSS Score: 0.08%
December 7th, 2024 (5 months ago)
|