Threat and Vulnerability Intelligence Database

RSS Feed

Example Searches:

CVE
Threat Actors
Countries
Vendors
Severity
Known Exploited

CVE-2023-3326
Network authentication attack via pam_krb5
Description: pam_krb5 authenticates a user by essentially running kinit with the password, getting a ticket-granting ticket (tgt) from the Kerberos KDC (Key Distribution Center) over the network, as a way to verify the password. However, if a keytab is not provisioned on the system, pam_krb5 has no way to validate the response from the KDC, and essentially trusts the tgt provided over the network as being valid. In a non-default FreeBSD installation that leverages pam_krb5 for authentication and does not have a keytab provisioned, an attacker that is able to control both the password and the KDC responses can return a valid tgt, allowing authentication to occur for any user on the system.

CVSS: LOW (0.0)

EPSS Score: 0.26%

Source: CVE
December 6th, 2024 (5 months ago)

CVE-2023-32613
Exposure of resource to wrong sphere issue exists in WL-WN531AX2 firmware versions prior to 2023526, which may allow a network-adjacent attacker to...
Description: Exposure of resource to wrong sphere issue exists in WL-WN531AX2 firmware versions prior to 2023526, which may allow a network-adjacent attacker to use functions originally available after login without logging in.

CVSS: LOW (0.0)

EPSS Score: 0.07%

Source: CVE
December 6th, 2024 (5 months ago)

CVE-2023-32608
Directory traversal vulnerability in Pleasanter (Community Edition and Enterprise Edition) 1.3.39.2 and earlier versions allows a remote...
Description: Directory traversal vulnerability in Pleasanter (Community Edition and Enterprise Edition) 1.3.39.2 and earlier versions allows a remote authenticated attacker to alter an arbitrary file on the server.

CVSS: LOW (0.0)

EPSS Score: 0.1%

Source: CVE
December 6th, 2024 (5 months ago)

CVE-2023-32607
Stored cross-site scripting vulnerability in Pleasanter (Community Edition and Enterprise Edition) 1.3.39.2 and earlier versions allows a remote...
Description: Stored cross-site scripting vulnerability in Pleasanter (Community Edition and Enterprise Edition) 1.3.39.2 and earlier versions allows a remote authenticated attacker to inject an arbitrary script.

CVSS: LOW (0.0)

EPSS Score: 0.07%

Source: CVE
December 6th, 2024 (5 months ago)

CVE-2023-32605
Affected versions Trend Micro Apex Central (on-premise) are vulnerable to potential authenticated reflected cross-site scripting (XSS) attacks due...
Description: Affected versions Trend Micro Apex Central (on-premise) are vulnerable to potential authenticated reflected cross-site scripting (XSS) attacks due to user input validation and sanitization issues. Please note: an attacker must first obtain authentication to Apex Central on the target system in order to exploit this vulnerability. This is similar to, but not identical to CVE-2023-32604.

CVSS: LOW (0.0)

EPSS Score: 0.05%

Source: CVE
December 6th, 2024 (5 months ago)

CVE-2023-32525
Trend Micro Mobile Security (Enterprise) 9.8 SP5 contains widget vulnerabilities that could allow a remote attacker to create arbitrary files on...
Description: Trend Micro Mobile Security (Enterprise) 9.8 SP5 contains widget vulnerabilities that could allow a remote attacker to create arbitrary files on affected installations. Please note: an attacker must first obtain the ability to execute low-privileged code on the target system in order to exploit this vulnerability. This is similar to, but not identical to CVE-2023-32526.

CVSS: LOW (0.0)

EPSS Score: 0.17%

Source: CVE
December 6th, 2024 (5 months ago)

CVE-2023-32524
Affected versions of Trend Micro Mobile Security (Enterprise) 9.8 SP5 contain some widgets that would allow a remote user to bypass authentication...
Description: Affected versions of Trend Micro Mobile Security (Enterprise) 9.8 SP5 contain some widgets that would allow a remote user to bypass authentication and potentially chain with other vulnerabilities. Please note: an attacker must first obtain the ability to execute low-privileged code on the target system in order to exploit these vulnerabilities. This is similar to, but not identical to CVE-2023-32523.

CVSS: LOW (0.0)

EPSS Score: 0.99%

Source: CVE
December 6th, 2024 (5 months ago)

CVE-2023-32521
A path traversal exists in a specific service dll of Trend Micro Mobile Security (Enterprise) 9.8 SP5 which could allow an unauthenticated remote...
Description: A path traversal exists in a specific service dll of Trend Micro Mobile Security (Enterprise) 9.8 SP5 which could allow an unauthenticated remote attacker to delete arbitrary files.

CVSS: LOW (0.0)

EPSS Score: 0.25%

Source: CVE
December 6th, 2024 (5 months ago)

CVE-2023-32415
This issue was addressed with improved redaction of sensitive information. This issue is fixed in iOS 16.5 and iPadOS 16.5, tvOS 16.5, macOS...
Description: This issue was addressed with improved redaction of sensitive information. This issue is fixed in iOS 16.5 and iPadOS 16.5, tvOS 16.5, macOS Ventura 13.4. An app may be able to read sensitive location information.

CVSS: LOW (0.0)

EPSS Score: 0.07%

Source: CVE
December 6th, 2024 (5 months ago)

CVE-2023-32414
The issue was addressed with improved checks. This issue is fixed in macOS Ventura 13.4. An app may be able to break out of its sandbox.
Description: The issue was addressed with improved checks. This issue is fixed in macOS Ventura 13.4. An app may be able to break out of its sandbox.

CVSS: LOW (0.0)

EPSS Score: 0.06%

Source: CVE
December 6th, 2024 (5 months ago)