Threat and Vulnerability Intelligence Database
Example Searches:
CVE
Threat Actors
Countries
Vendors
Severity
Known Exploited
CVE-2023-48399 |
Description: In ProtocolMiscATCommandAdapter::Init() of protocolmiscadapter.cpp, there is a possible out of bounds read due to a missing bounds check. This could lead to local information disclosure with baseband firmware compromise required. User interaction is not needed for exploitation.
CVSS: LOW (0.0) EPSS Score: 0.04%
December 3rd, 2024 (5 months ago)
|
|
CVE-2023-48389 |
Description: Multisuns EasyLog web+ has a path traversal vulnerability within its parameter in a specific URL. An unauthenticated remote attacker can exploit this vulnerability to bypass authentication and download arbitrary system files.
CVSS: HIGH (7.5) EPSS Score: 0.07%
December 3rd, 2024 (5 months ago)
|
|
CVE-2023-4677 |
Description: Cron log backup files contain administrator session IDs. It is trivial for any attacker who can reach the Pandora FMS Console to scrape the cron logs directory for cron log backups. The contents of these log files can then be abused to authenticate to the application as an administrator. This issue affects Pandora FMS <= 772.
CVSS: HIGH (7.0) EPSS Score: 0.17%
December 3rd, 2024 (5 months ago)
|
|
CVE-2023-45774 |
Description: In fixUpIncomingShortcutInfo of ShortcutService.java, there is a possible way to view another user's image due to a confused deputy. This could lead to local escalation of privilege with no additional execution privileges needed. User interaction is not needed for exploitation.
CVSS: LOW (0.0) EPSS Score: 0.04%
December 3rd, 2024 (5 months ago)
|
|
CVE-2023-45727 |
🚨 Marked as known exploited on December 3rd, 2024 (5 months ago).
Description: Proself Enterprise/Standard Edition Ver5.62 and earlier, Proself Gateway Edition Ver1.65 and earlier, and Proself Mail Sanitize Edition Ver1.08 and earlier allow a remote unauthenticated attacker to conduct XML External Entity (XXE) attacks. By processing a specially crafted request containing malformed XML data, arbitrary files on the server containing account information may be read by the attacker.
CVSS: LOW (0.0) EPSS Score: 23.62%
December 3rd, 2024 (5 months ago)
|
|
CVE-2023-45084 |
Description: An issue exists in SoftIron HyperCloud where drive caddy removal and reinsertion without a reboot may erroneously cause the system to recognize the caddy as new media and wipe all data on the drives due to a missing synchronization flaw, which impacts data availability and integrity.
This issue only impacts SoftIron HyperCloud "density" storage nodes running HyperCloud software versions 1.0 to before 2.0.3.
CVSS: HIGH (7.0) EPSS Score: 0.05%
December 3rd, 2024 (5 months ago)
|
|
CVE-2023-44221 |
Description: Improper neutralization of special elements in the SMA100 SSL-VPN management interface allows a remote authenticated attacker with administrative privilege to inject arbitrary commands as a 'nobody' user, potentially leading to OS Command Injection Vulnerability.
CVSS: LOW (0.0) EPSS Score: 0.14%
December 3rd, 2024 (5 months ago)
|
|
CVE-2023-42744 |
Description: In telecom service, there is a possible missing permission check. This could lead to local denial of service with no additional execution privileges needed
CVSS: LOW (0.0) EPSS Score: 0.04%
December 3rd, 2024 (5 months ago)
|
|
CVE-2023-42742 |
Description: In sysui, there is a possible missing permission check. This could lead to local denial of service with no additional execution privileges needed
CVSS: LOW (0.0) EPSS Score: 0.04%
December 3rd, 2024 (5 months ago)
|
|
CVE-2023-42731 |
Description: In Gnss service, there is a possible out of bounds read due to a missing bounds check. This could lead to local denial of service with System execution privileges needed
CVSS: LOW (0.0) EPSS Score: 0.04%
December 3rd, 2024 (5 months ago)
|