Threat and Vulnerability Intelligence Database

RSS Feed

Example Searches:

CVE
Threat Actors
Countries
Vendors
Severity
Known Exploited

CVE-2023-34923
XML Signature Wrapping (XSW) in SAML-based Single Sign-on feature in TOPdesk v12.10.12 allows bad actors with credentials to authenticate with the...
Description: XML Signature Wrapping (XSW) in SAML-based Single Sign-on feature in TOPdesk v12.10.12 allows bad actors with credentials to authenticate with the Identity Provider (IP) to impersonate any TOPdesk user via SAML Response manipulation.

CVSS: LOW (0.0)

EPSS Score: 0.1%

Source: CVE
December 5th, 2024 (5 months ago)

CVE-2023-34796
Cross site scripting (XSS) vulnerabiliy in dmarcts-report-viewer dashboard versions 1.1 and thru commit 8a1d882b4c481a05e296e9b38a7961e912146a0f,...
Description: Cross site scripting (XSS) vulnerabiliy in dmarcts-report-viewer dashboard versions 1.1 and thru commit 8a1d882b4c481a05e296e9b38a7961e912146a0f, allows unauthenticated attackers to execute arbitrary code via the org_name or domain values.

CVSS: LOW (0.0)

EPSS Score: 0.2%

Source: CVE
December 5th, 2024 (5 months ago)

CVE-2023-34420
A valid, authenticated LXCA user with elevated privileges may be able to execute command injections through crafted calls to a specific web API.
Description: A valid, authenticated LXCA user with elevated privileges may be able to execute command injections through crafted calls to a specific web API.

CVSS: HIGH (7.2)

EPSS Score: 0.12%

Source: CVE
December 5th, 2024 (5 months ago)

CVE-2023-34148
An exposed dangerous function vulnerability in the Trend Micro Apex One and Apex One as a Service security agent could allow a local attacker to...
Description: An exposed dangerous function vulnerability in the Trend Micro Apex One and Apex One as a Service security agent could allow a local attacker to escalate privileges and write an arbitrary value to specific Trend Micro agent subkeys on affected installations. Please note: an attacker must first obtain the ability to execute low-privileged code on the target system in order to exploit this vulnerability. This is a similar, but not identical vulnerability as CVE-2023-34146 and CVE-2023-34147.

CVSS: LOW (0.0)

EPSS Score: 0.05%

Source: CVE
December 5th, 2024 (5 months ago)

CVE-2023-34147
An exposed dangerous function vulnerability in the Trend Micro Apex One and Apex One as a Service security agent could allow a local attacker to...
Description: An exposed dangerous function vulnerability in the Trend Micro Apex One and Apex One as a Service security agent could allow a local attacker to escalate privileges and write an arbitrary value to specific Trend Micro agent subkeys on affected installations. Please note: an attacker must first obtain the ability to execute low-privileged code on the target system in order to exploit this vulnerability. This is a similar, but not identical vulnerability as CVE-2023-34146 and CVE-2023-34148.

CVSS: LOW (0.0)

EPSS Score: 0.05%

Source: CVE
December 5th, 2024 (5 months ago)

CVE-2023-34146
An exposed dangerous function vulnerability in the Trend Micro Apex One and Apex One as a Service security agent could allow a local attacker to...
Description: An exposed dangerous function vulnerability in the Trend Micro Apex One and Apex One as a Service security agent could allow a local attacker to escalate privileges and write an arbitrary value to specific Trend Micro agent subkeys on affected installations. Please note: an attacker must first obtain the ability to execute low-privileged code on the target system in order to exploit this vulnerability. This is a similar, but not identical vulnerability as CVE-2023-34147 and CVE-2023-34148.

CVSS: LOW (0.0)

EPSS Score: 0.05%

Source: CVE
December 5th, 2024 (5 months ago)

CVE-2023-33987
Request smuggling and request concatenation in SAP Web Dispatcher
Description: An unauthenticated attacker in SAP Web Dispatcher - versions WEBDISP 7.49, WEBDISP 7.53, WEBDISP 7.54, WEBDISP 7.77, WEBDISP 7.81, WEBDISP 7.85, WEBDISP 7.88, WEBDISP 7.89, WEBDISP 7.90, KERNEL 7.49, KERNEL 7.53, KERNEL 7.54 KERNEL 7.77, KERNEL 7.81, KERNEL 7.85, KERNEL 7.88, KERNEL 7.89, KERNEL 7.90, KRNL64NUC 7.49, KRNL64UC 7.49, KRNL64UC 7.53, HDB 2.00, XS_ADVANCED_RUNTIME 1.00, SAP_EXTENDED_APP_SERVICES 1, can submit a malicious crafted request over a network to a front-end server which may, over several attempts, result in a back-end server confusing the boundaries of malicious and legitimate messages. This can result in the back-end server executing a malicious payload which can be used to read or modify information on the server or make it temporarily unavailable.

CVSS: HIGH (8.6)

EPSS Score: 0.2%

Source: CVE
December 5th, 2024 (5 months ago)

CVE-2023-33904
In hci_server, there is a possible out of bounds read due to a missing bounds check. This could lead to local denial of service with System...
Description: In hci_server, there is a possible out of bounds read due to a missing bounds check. This could lead to local denial of service with System execution privileges needed.

CVSS: LOW (0.0)

EPSS Score: 0.04%

Source: CVE
December 5th, 2024 (5 months ago)

CVE-2023-33903
In FM service, there is a possible missing params check. This could lead to local denial of service with System execution privileges needed.
Description: In FM service, there is a possible missing params check. This could lead to local denial of service with System execution privileges needed.

CVSS: LOW (0.0)

EPSS Score: 0.04%

Source: CVE
December 5th, 2024 (5 months ago)

CVE-2023-33900
In telephony service, there is a missing permission check. This could lead to local information disclosure with no additional execution privileges...
Description: In telephony service, there is a missing permission check. This could lead to local information disclosure with no additional execution privileges needed.

CVSS: LOW (0.0)

EPSS Score: 0.04%

Source: CVE
December 5th, 2024 (5 months ago)