Threat and Vulnerability Intelligence Database
Example Searches:
CVE
Threat Actors
Countries
Vendors
Severity
Known Exploited
CVE-2023-43787 |
Description: A vulnerability was found in libX11 due to an integer overflow within the XCreateImage() function. This flaw allows a local user to trigger an integer overflow and execute arbitrary code with elevated privileges.
EPSS Score: 0.04%
December 4th, 2024 (5 months ago)
|
|
CVE-2023-4257 |
Description: Unchecked user input length in /subsys/net/l2/wifi/wifi_shell.c can cause buffer overflows.
CVSS: HIGH (7.6) EPSS Score: 0.11%
December 4th, 2024 (5 months ago)
|
|
CVE-2023-40598 |
Description: In Splunk Enterprise versions below 8.2.12, 9.0.6, and 9.1.1, an attacker can create an external lookup that calls a legacy internal function. The attacker can use this internal function to insert code into the Splunk platform installation directory. From there, a user can execute arbitrary code on the Splunk platform Instance.
CVSS: HIGH (8.5) EPSS Score: 0.09%
December 4th, 2024 (5 months ago)
|
|
CVE-2023-40592 |
Description: In Splunk Enterprise versions below 9.1.1, 9.0.6, and 8.2.12, an attacker can craft a special web request that can result in reflected cross-site scripting (XSS) on the “/app/search/table” web endpoint. Exploitation of this vulnerability can lead to the execution of arbitrary commands on the Splunk platform instance.
CVSS: HIGH (8.4) EPSS Score: 0.08%
December 4th, 2024 (5 months ago)
|
|
CVE-2023-40224 |
Description: MISP 2.4.174 allows XSS in app/View/Events/index.ctp.
CVSS: LOW (0.0) EPSS Score: 0.07%
December 4th, 2024 (5 months ago)
|
|
CVE-2023-40093 |
Description: In multiple files, there is a possible way that trimmed content could be included in PDF output due to a logic error in the code. This could lead to local information disclosure with no additional execution privileges needed. User interaction is not needed for exploitation.
CVSS: LOW (0.0) EPSS Score: 0.05%
December 4th, 2024 (5 months ago)
|
|
CVE-2023-39418 |
Description: A vulnerability was found in PostgreSQL with the use of the MERGE command, which fails to test new rows against row security policies defined for UPDATE and SELECT. If UPDATE and SELECT policies forbid some rows that INSERT policies do not forbid, a user could store such rows.
EPSS Score: 0.5%
December 4th, 2024 (5 months ago)
|
|
CVE-2023-3750 |
Description: A flaw was found in libvirt. The virStoragePoolObjListSearch function does not return a locked pool as expected, resulting in a race condition and denial of service when attempting to lock the same object from another thread. This issue could allow clients connecting to the read-only socket to crash the libvirt daemon.
EPSS Score: 0.07%
December 4th, 2024 (5 months ago)
|
|
CVE-2023-3725 |
Description: Potential buffer overflow vulnerability in the Zephyr CAN bus subsystem
CVSS: HIGH (7.6) EPSS Score: 0.15%
December 4th, 2024 (5 months ago)
|
|
CVE-2023-36662 |
Description: The TechTime User Management components for Atlassian products allow stored XSS on the Bulk User Actions page. This affects User Management for Jira 2.0.0 through 2.17.1, User Management for Confluence 2.0.0 through 2.15.24, and User Management for Bitbucket 2.2.2 through 2.15.24.
CVSS: LOW (0.0) EPSS Score: 0.05%
December 4th, 2024 (5 months ago)
|