Threat and Vulnerability Intelligence Database

RSS Feed

Example Searches:

CVE
Threat Actors
Countries
Vendors
Severity
Known Exploited

CVE-2023-21150
In handle_set_parameters_ctrl of hal_socket.c, there is a possible out of bounds read due to an incorrect bounds check. This could lead to local...
Description: In handle_set_parameters_ctrl of hal_socket.c, there is a possible out of bounds read due to an incorrect bounds check. This could lead to local information disclosure with System execution privileges needed. User interaction is not needed for exploitation.Product: AndroidVersions: Android kernelAndroid ID: A-267312009References: N/A

CVSS: LOW (0.0)

EPSS Score: 0.04%

Source: CVE
December 4th, 2024 (5 months ago)

CVE-2023-21149
In registerGsmaServiceIntentReceiver of ShannonRcsService.java, there is a possible way to activate/deactivate RCS service due to a missing...
Description: In registerGsmaServiceIntentReceiver of ShannonRcsService.java, there is a possible way to activate/deactivate RCS service due to a missing permission check. This could lead to local escalation of privilege with no additional execution privileges needed. User interaction is not needed for exploitation.Product: AndroidVersions: Android kernelAndroid ID: A-270050709References: N/A

CVSS: LOW (0.0)

EPSS Score: 0.04%

Source: CVE
December 4th, 2024 (5 months ago)

CVE-2023-21148
In BuildSetConfig of protocolimsbuilder.cpp, there is a possible out of bounds read due to a missing null check. This could lead to local...
Description: In BuildSetConfig of protocolimsbuilder.cpp, there is a possible out of bounds read due to a missing null check. This could lead to local information disclosure with System execution privileges needed. User interaction is not needed for exploitation.Product: AndroidVersions: Android kernelAndroid ID: A-263783657References: N/A

CVSS: LOW (0.0)

EPSS Score: 0.04%

Source: CVE
December 4th, 2024 (5 months ago)

CVE-2023-21147
In lwis_i2c_device_disable of lwis_device_i2c.c, there is a possible UAF due to a logic error in the code. This could lead to local escalation of...
Description: In lwis_i2c_device_disable of lwis_device_i2c.c, there is a possible UAF due to a logic error in the code. This could lead to local escalation of privilege with no additional execution privileges needed. User interaction is not needed for exploitation.Product: AndroidVersions: Android kernelAndroid ID: A-269661912References: N/A

CVSS: LOW (0.0)

EPSS Score: 0.04%

Source: CVE
December 4th, 2024 (5 months ago)

CVE-2023-2083
The Essential Blocks plugin for WordPress is vulnerable to unauthorized use of functionality due to a missing capability check on the save function...
Description: The Essential Blocks plugin for WordPress is vulnerable to unauthorized use of functionality due to a missing capability check on the save function in versions up to, and including, 4.0.6. This makes it possible for subscriber-level attackers to save plugin settings. While a nonce check is present, it is only executed when a nonce is provided. Not providing a nonce results in the nonce verification to be skipped. There is no capability check.

CVSS: MEDIUM (4.3)

EPSS Score: 0.08%

Source: CVE
December 4th, 2024 (5 months ago)

CVE-2023-20566
Improper address validation in ASP with SNP enabled may potentially allow an attacker to compromise guest memory integrity.
Description: Improper address validation in ASP with SNP enabled may potentially allow an attacker to compromise guest memory integrity.

CVSS: MEDIUM (5.3)

EPSS Score: 0.06%

Source: CVE
December 4th, 2024 (5 months ago)

CVE-2023-2005
Tenable Plugin Feed ID #202306261202 Fixes Privilege Escalation Vulnerability
Description: Vulnerability in Tenable Tenable.Io, Tenable Nessus, Tenable Security Center.This issue affects Tenable.Io: before Plugin Feed ID #202306261202 ; Nessus: before Plugin Feed ID #202306261202 ; Security Center: before Plugin Feed ID #202306261202 . This vulnerability could allow a malicious actor with sufficient permissions on a scan target to place a binary in a specific filesystem location, and abuse the impacted plugin in order to escalate privileges.

CVSS: MEDIUM (6.3)

EPSS Score: 0.11%

Source: CVE
December 4th, 2024 (5 months ago)

CVE-2023-1895
The Getwid – Gutenberg Blocks plugin for WordPress is vulnerable to Server Side Request Forgery via the get_remote_content REST API endpoint in...
Description: The Getwid – Gutenberg Blocks plugin for WordPress is vulnerable to Server Side Request Forgery via the get_remote_content REST API endpoint in versions up to, and including, 1.8.3. This can allow authenticated attackers with subscriber-level permissions or above to make web requests to arbitrary locations originating from the web application and can be used to query and modify information from internal services.

CVSS: HIGH (8.5)

EPSS Score: 0.08%

Source: CVE
December 4th, 2024 (5 months ago)

CVE-2023-0142
Uncontrolled search path element vulnerability in Backup Management functionality in Synology DiskStation Manager (DSM) before 6.2.4-25556-8,...
Description: Uncontrolled search path element vulnerability in Backup Management functionality in Synology DiskStation Manager (DSM) before 6.2.4-25556-8, 7.0.1-42218-7 and 7.1-42661 allows remote authenticated users with administrator privileges to read or write arbitrary files via unspecified vectors.

CVSS: MEDIUM (6.5)

EPSS Score: 0.08%

Source: CVE
December 4th, 2024 (5 months ago)
Misconfigured WAFs Heighten DoS, Breach Risks
Description: Organizations that rely on their content delivery network provider for Web application firewall services may be inadvertently leaving themselves open to attack.
Source: Dark Reading
December 3rd, 2024 (5 months ago)