Threat and Vulnerability Intelligence Database
Example Searches:
CVE
Threat Actors
Countries
Vendors
Severity
Known Exploited
CVE-2023-3725 |
Description: Potential buffer overflow vulnerability in the Zephyr CAN bus subsystem
CVSS: HIGH (7.6) EPSS Score: 0.15%
December 4th, 2024 (4 months ago)
|
|
CVE-2023-36662 |
Description: The TechTime User Management components for Atlassian products allow stored XSS on the Bulk User Actions page. This affects User Management for Jira 2.0.0 through 2.17.1, User Management for Confluence 2.0.0 through 2.15.24, and User Management for Bitbucket 2.2.2 through 2.15.24.
CVSS: LOW (0.0) EPSS Score: 0.05%
December 4th, 2024 (4 months ago)
|
|
CVE-2023-36464 |
Description: pypdf is an open source, pure-python PDF library. In affected versions an attacker may craft a PDF which leads to an infinite loop if `__parse_content_stream` is executed. That is, for example, the case if the user extracted text from such a PDF. This issue was introduced in pull request #969 and resolved in pull request #1828. Users are advised to upgrade. Users unable to upgrade may modify the line `while peek not in (b"\r", b"\n")` in `pypdf/generic/_data_structures.py` to `while peek not in (b"\r", b"\n", b"")`.
CVSS: MEDIUM (6.2) EPSS Score: 0.07%
December 4th, 2024 (4 months ago)
|
|
CVE-2023-36463 |
Description: Meldekarten generator is an open source project to create a program, running locally in the browser without the need for an internet-connection, to create, store and print registration cards for volunteers. All text fields on the webpage are vulnerable to XSS attacks. The user input isn't (fully) sanitized after submission. This issue has been addressed in commit `77e04f4af` which is included in the `1.0.0b1.1.2` release. Users are advised to upgrade. There are no known workarounds for this vulnerability.
CVSS: MEDIUM (5.3) EPSS Score: 0.07%
December 4th, 2024 (4 months ago)
|
|
CVE-2023-36301 |
Description: Talend Data Catalog before 8.0-20230221 contain a directory traversal vulnerability in HeaderImageServlet.
CVSS: LOW (0.0) EPSS Score: 0.15%
December 4th, 2024 (4 months ago)
|
|
CVE-2023-36252 |
Description: An issue in Ateme Flamingo XL v.3.6.20 and XS v.3.6.5 allows a remote authenticated attacker to execute arbitrary code and cause a denial of service via a the session expiration function.
CVSS: LOW (0.0) EPSS Score: 0.21%
December 4th, 2024 (4 months ago)
|
|
CVE-2023-35933 |
Description: OPenFGA is an open source authorization/permission engine built for developers. OpenFGA versions v1.1.0 and prior are vulnerable to a DoS attack when Check and ListObjects calls are executed against authorization models that contain circular relationship definitions. Users are affected by this vulnerability if they are using OpenFGA v1.1.0 or earlier, and if you are executing `Check` or `ListObjects` calls against a vulnerable authorization model. Users are advised to upgrade to version 1.1.1. There are no known workarounds for this vulnerability. Users that do not have circular relationships in their models are not affected.
CVSS: MEDIUM (5.9) EPSS Score: 0.16%
December 4th, 2024 (4 months ago)
|
|
CVE-2023-34924 |
Description: H3C Magic B1STW B1STV100R012 was discovered to contain a stack overflow via the function SetAPInfoById. This vulnerability allows attackers to cause a Denial of Service (DoS) via a crafted POST request.
CVSS: LOW (0.0) EPSS Score: 0.06%
December 4th, 2024 (4 months ago)
|
|
CVE-2023-34475 |
Description: A heap use after free issue was discovered in ImageMagick's ReplaceXmpValue() function in MagickCore/profile.c. An attacker could trick user to open a specially crafted file to convert, triggering an heap-use-after-free write error, allowing an application to crash, resulting in a denial of service.
CVSS: LOW (0.0) EPSS Score: 0.08%
December 4th, 2024 (4 months ago)
|
|
CVE-2023-34418 |
Description: A valid, authenticated LXCA user may be able to gain unauthorized access to events and other data stored in LXCA due to a SQL injection vulnerability in a specific web API.
CVSS: HIGH (8.1) EPSS Score: 0.08%
December 4th, 2024 (4 months ago)
|