Threat and Vulnerability Intelligence Database
Example Searches:
CVE
Threat Actors
Countries
Vendors
Severity
Known Exploited
CVE-2024-10490 |
Description: An “Authentication Bypass Using an Alternate Path or Channel” vulnerability in the OPC UA Server configuration required for B&R mapp Cockpit before 6.0, B&R mapp View before 6.0, B&R mapp Services before 6.0, B&R mapp Motion before 6.0 and B&R mapp Vision before 6.0 may be used by an unauthenticated network-based attacker to cause information disclosure, unintended change of data, or denial of service conditions.
B&R mapp Services is only affected, when mpUserX or mpCodeBox are used in the Automation Studio project.
CVSS: HIGH (8.4) EPSS Score: 0.04%
December 3rd, 2024 (5 months ago)
|
|
CVE-2024-0967 |
Description: A potential vulnerability has been identified in OpenText / Micro Focus ArcSight Enterprise Security Manager (ESM). The vulnerability could be remotely exploited.
CVSS: MEDIUM (4.3) EPSS Score: 0.04%
December 3rd, 2024 (5 months ago)
|
|
CVE-2023-6793 |
Description: An improper privilege management vulnerability in Palo Alto Networks PAN-OS software enables an authenticated read-only administrator to revoke active XML API keys from the firewall and disrupt XML API usage.
CVSS: LOW (2.7) EPSS Score: 0.07%
December 3rd, 2024 (5 months ago)
|
|
CVE-2023-6459 |
Description: Mattermost is grouping calls in the /metrics endpoint by id and reports that id in the response. Since this id is the channelID, the public /metrics endpoint is revealing channelIDs.
CVSS: MEDIUM (5.3) EPSS Score: 0.06%
December 3rd, 2024 (5 months ago)
|
|
CVE-2023-6245 |
Description: The Candid library causes a Denial of Service while
parsing a specially crafted payload with 'empty' data type. For example,
if the payload is `record { * ; empty }` and the canister interface expects `record { * }` then the Rust candid decoder treats empty as an extra field required by the type. The problem with the type empty is that the candid Rust library wrongly categorizes empty as a recoverable error when skipping the field and thus causing an infinite decoding loop.
Canisters using affected versions of candid
are exposed to denial of service by causing the decoding to run
indefinitely until the canister traps due to reaching maximum
instruction limit per execution round. Repeated exposure to the payload
will result in degraded performance of the canister. Note: Canisters written in Motoko are unaffected.
CVSS: HIGH (7.5) EPSS Score: 0.08%
December 3rd, 2024 (5 months ago)
|
|
CVE-2023-6185 |
Description: Improper Input Validation vulnerability in GStreamer integration of The Document Foundation LibreOffice allows an attacker to execute arbitrary GStreamer plugins.
In affected versions the filename of the embedded video is not sufficiently escaped when passed to GStreamer enabling an attacker to run arbitrary gstreamer plugins depending on what plugins are installed on the target system.
CVSS: HIGH (8.3) EPSS Score: 0.27%
December 3rd, 2024 (5 months ago)
|
|
CVE-2023-6118 |
Description: Path Traversal: '/../filedir' vulnerability in Neutron IP Camera allows Absolute Path Traversal.This issue affects IP Camera: before b1130.1.0.1.
CVSS: HIGH (7.5) EPSS Score: 0.04%
December 3rd, 2024 (5 months ago)
|
|
CVE-2023-6061 |
Description: Multiple components of Iconics SCADA Suite are prone to a Phantom DLL loading vulnerability. This issue arises from the applications improperly searching for and loading dynamic link libraries, potentially allowing an attacker to execute malicious code via a DLL with a matching name in an accessible search path. The affected components are:
* MMXFax.exe * winfax.dll
* MelSim2ComProc.exe
* Sim2ComProc.dll
* MMXCall_in.exe * libdxxmt.dll
* libsrlmt.dll
CVSS: MEDIUM (6.6) EPSS Score: 0.04%
December 3rd, 2024 (5 months ago)
|
|
CVE-2023-6033 |
Description: Improper neutralization of input in Jira integration configuration in GitLab CE/EE, affecting all versions from 15.10 prior to 16.6.1, 16.5 prior to 16.5.3, and 16.4 prior to 16.4.3 allows attacker to execute javascript in victim's browser.
CVSS: HIGH (8.7) EPSS Score: 0.05%
December 3rd, 2024 (5 months ago)
|
|
CVE-2023-5986 |
Description:
A CWE-601 URL Redirection to Untrusted Site vulnerability exists that could cause an openredirect vulnerability leading to a cross site scripting attack. By providing a URL-encoded input
attackers can cause the software’s web application to redirect to the chosen domain after a
successful login is performed.
CVSS: HIGH (8.2) EPSS Score: 0.06%
December 3rd, 2024 (5 months ago)
|