Threat and Vulnerability Intelligence Database

RSS Feed

Example Searches:

CVE
Threat Actors
Countries
Vendors
Severity
Known Exploited

CVE-2023-44854
Cross Site Scripting (XSS) vulnerability in Cobham SAILOR VSAT Ku v.164B019, allows a remote attacker to execute arbitrary code via a crafted...
Description: Cross Site Scripting (XSS) vulnerability in Cobham SAILOR VSAT Ku v.164B019, allows a remote attacker to execute arbitrary code via a crafted script to the c_set_rslog_decode function in the acu_web file.

CVSS: LOW (0.0)

EPSS Score: 0.04%

Source: CVE
December 4th, 2024 (5 months ago)

CVE-2023-44186
Junos OS and Junos OS Evolved: RPD crash when attempting to send a very long AS PATH to a non-4-byte-AS capable BGP neighbor
Description: An Improper Handling of Exceptional Conditions vulnerability in AS PATH processing of Juniper Networks Junos OS and Junos OS Evolved allows an attacker to send a BGP update message with an AS PATH containing a large number of 4-byte ASes, leading to a Denial of Service (DoS). Continued receipt and processing of these BGP updates will create a sustained Denial of Service (DoS) condition. This issue is hit when the router has Non-Stop Routing (NSR) enabled, has a non-4-byte-AS capable BGP neighbor, receives a BGP update message with a prefix that includes a long AS PATH containing large number of 4-byte ASes, and has to advertise the prefix towards the non-4-byte-AS capable BGP neighbor. Note: NSR is not supported on the SRX Series and is therefore not affected by this vulnerability. This issue affects: Juniper Networks Junos OS: * All versions prior to 20.4R3-S8; * 21.1 versions 21.1R1 and later; * 21.2 versions prior to 21.2R3-S6; * 21.3 versions prior to 21.3R3-S5; * 21.4 versions prior to 21.4R3-S5; * 22.1 versions prior to 22.1R3-S4; * 22.2 versions prior to 22.2R3-S2; * 22.3 versions prior to 22.3R2-S2, 22.3R3-S1; * 22.4 versions prior to 22.4R2-S1, 22.4R3. Juniper Networks Junos OS Evolved * All versions prior to 20.4R3-S8-EVO; * 21.1 versions 21.1R1-EVO and later; * 21.2 versions prior to 21.2R3-S6-EVO; * 21.3 versions prior to 21.3R3-S5-EVO; * 21.4 versions prior to 21.4R3-S5-EVO; * 22.1 versions prior to 22...

CVSS: HIGH (7.5)

EPSS Score: 0.08%

Source: CVE
December 4th, 2024 (5 months ago)

CVE-2023-4399
Grafana is an open-source platform for monitoring and observability. In Grafana Enterprise, Request security is a deny list that allows admins to...
Description: Grafana is an open-source platform for monitoring and observability. In Grafana Enterprise, Request security is a deny list that allows admins to configure Grafana in a way so that the instance doesn’t call specific hosts. However, the restriction can be bypassed used punycode encoding of the characters in the request address.

CVSS: MEDIUM (6.6)

EPSS Score: 0.09%

Source: CVE
December 4th, 2024 (5 months ago)

CVE-2023-43787
Libx11: integer overflow in xcreateimage() leading to a heap overflow
Description: A vulnerability was found in libX11 due to an integer overflow within the XCreateImage() function. This flaw allows a local user to trigger an integer overflow and execute arbitrary code with elevated privileges.

EPSS Score: 0.04%

Source: CVE
December 4th, 2024 (5 months ago)

CVE-2023-4257
Unchecked user input length in the Zephyr WiFi shell module
Description: Unchecked user input length in /subsys/net/l2/wifi/wifi_shell.c can cause buffer overflows.

CVSS: HIGH (7.6)

EPSS Score: 0.11%

Source: CVE
December 4th, 2024 (5 months ago)

CVE-2023-40598
Command Injection in Splunk Enterprise Using External Lookups
Description: In Splunk Enterprise versions below 8.2.12, 9.0.6, and 9.1.1, an attacker can create an external lookup that calls a legacy internal function. The attacker can use this internal function to insert code into the Splunk platform installation directory. From there, a user can execute arbitrary code on the Splunk platform Instance.

CVSS: HIGH (8.5)

EPSS Score: 0.09%

Source: CVE
December 4th, 2024 (5 months ago)

CVE-2023-40592
Reflected Cross-site Scripting (XSS) on "/app/search/table" web endpoint
Description: In Splunk Enterprise versions below 9.1.1, 9.0.6, and 8.2.12, an attacker can craft a special web request that can result in reflected cross-site scripting (XSS) on the “/app/search/table” web endpoint. Exploitation of this vulnerability can lead to the execution of arbitrary commands on the Splunk platform instance.

CVSS: HIGH (8.4)

EPSS Score: 0.08%

Source: CVE
December 4th, 2024 (5 months ago)

CVE-2023-40224
MISP 2.4.174 allows XSS in app/View/Events/index.ctp.
Description: MISP 2.4.174 allows XSS in app/View/Events/index.ctp.

CVSS: LOW (0.0)

EPSS Score: 0.07%

Source: CVE
December 4th, 2024 (5 months ago)

CVE-2023-40093
In multiple files, there is a possible way that trimmed content could be included in PDF output due to a logic error in the code. This could lead...
Description: In multiple files, there is a possible way that trimmed content could be included in PDF output due to a logic error in the code. This could lead to local information disclosure with no additional execution privileges needed. User interaction is not needed for exploitation.

CVSS: LOW (0.0)

EPSS Score: 0.05%

Source: CVE
December 4th, 2024 (5 months ago)

CVE-2023-39418
Postgresql: merge fails to enforce update or select row security policies
Description: A vulnerability was found in PostgreSQL with the use of the MERGE command, which fails to test new rows against row security policies defined for UPDATE and SELECT. If UPDATE and SELECT policies forbid some rows that INSERT policies do not forbid, a user could store such rows.

EPSS Score: 0.5%

Source: CVE
December 4th, 2024 (5 months ago)