Threat and Vulnerability Intelligence Database

RSS Feed

Example Searches:

CVE
Threat Actors
Countries
Vendors
Severity
Known Exploited

CVE-2023-39978
Description: ImageMagick before 6.9.12-91 allows attackers to cause a denial of service (memory consumption) in Magick::Draw.

CVSS: LOW (0.0)

EPSS Score: 0.06%

Source: CVE
November 28th, 2024 (5 months ago)

CVE-2023-39340
Description: A vulnerability exists on all versions of Ivanti Connect Secure below 22.6R2 where an attacker can send a specific request which may lead to Denial of Service (DoS) of the appliance.

CVSS: HIGH (7.5)

EPSS Score: 0.08%

Source: CVE
November 28th, 2024 (5 months ago)

CVE-2023-39018
Description: FFmpeg 0.7.0 and below was discovered to contain a code injection vulnerability in the component net.bramp.ffmpeg.FFmpeg.. This vulnerability is exploited via passing an unchecked argument. NOTE: this is disputed by multiple third parties because there are no realistic use cases in which FFmpeg.java uses untrusted input for the path of the executable file.

CVSS: LOW (0.0)

EPSS Score: 0.25%

Source: CVE
November 28th, 2024 (5 months ago)

CVE-2023-38552
Description: When the Node.js policy feature checks the integrity of a resource against a trusted manifest, the application can intercept the operation and return a forged checksum to the node's policy implementation, thus effectively disabling the integrity check. Impacts: This vulnerability affects all users using the experimental policy mechanism in all active release lines: 18.x and, 20.x. Please note that at the time this CVE was issued, the policy mechanism is an experimental feature of Node.js.

CVSS: LOW (0.0)

EPSS Score: 1.53%

Source: CVE
November 28th, 2024 (5 months ago)

CVE-2023-38403
Description: iperf3 before 3.14 allows peers to cause an integer overflow and heap corruption via a crafted length field.

CVSS: LOW (0.0)

EPSS Score: 0.58%

Source: CVE
November 28th, 2024 (5 months ago)

CVE-2023-37306
Description: MISP 2.4.172 mishandles different certificate file extensions in server sync. An attacker can obtain sensitive information because of the nature of the error messages.

CVSS: LOW (0.0)

EPSS Score: 0.13%

Source: CVE
November 28th, 2024 (5 months ago)

CVE-2023-37303
Description: An issue was discovered in the CheckUser extension for MediaWiki through 1.39.3. In certain situations, an attempt to block a user fails after a temporary browser hang and a DBQueryDisconnectedError error message.

CVSS: LOW (0.0)

EPSS Score: 0.25%

Source: CVE
November 28th, 2024 (5 months ago)

CVE-2023-37301
Description: An issue was discovered in SubmitEntityAction in Wikibase in MediaWiki through 1.39.3. Because it doesn't use EditEntity for undo and restore, the intended interaction with AbuseFilter does not occur.

CVSS: LOW (0.0)

EPSS Score: 0.07%

Source: CVE
November 28th, 2024 (5 months ago)

CVE-2023-37300
Description: An issue was discovered in the CheckUserLog API in the CheckUser extension for MediaWiki through 1.39.3. There is incorrect access control for visibility of hidden users.

CVSS: LOW (0.0)

EPSS Score: 0.07%

Source: CVE
November 28th, 2024 (5 months ago)

CVE-2023-37299
Description: Joplin before 2.11.5 allows XSS via an AREA element of an image map.

CVSS: LOW (0.0)

EPSS Score: 0.09%

Source: CVE
November 28th, 2024 (5 months ago)