Threat and Vulnerability Intelligence Database
Example Searches:
CVE
Threat Actors
Countries
Vendors
Severity
Known Exploited
CVE-2023-2991 |
Description: Fortra Globalscape EFT's administration server suffers from an information disclosure vulnerability where the serial number of the harddrive that Globalscape is installed on can be remotely determined via a "trial extension request" message
CVSS: LOW (0.0) EPSS Score: 0.07%
December 7th, 2024 (5 months ago)
|
|
CVE-2023-29709 |
Description: An issue was discovered in /cgi-bin/login_rj.cgi in Wildix WSG24POE version 103SP7D190822, allows attackers to bypass authentication.
CVSS: LOW (0.0) EPSS Score: 0.1%
December 7th, 2024 (5 months ago)
|
|
CVE-2023-29708 |
Description: An issue was discovered in /cgi-bin/adm.cgi in WavLink WavRouter version RPT70HA1.x, allows attackers to force a factory reset via crafted payload.
CVSS: LOW (0.0) EPSS Score: 0.1%
December 7th, 2024 (5 months ago)
|
|
CVE-2023-29707 |
Description: Cross Site Scripting (XSS) vulnerability in GBCOM LAC WEB Control Center version lac-1.3.x, allows attackers to create an arbitrary device.
CVSS: LOW (0.0) EPSS Score: 0.07%
December 7th, 2024 (5 months ago)
|
|
CVE-2023-29405 |
Description: The go command may execute arbitrary code at build time when using cgo. This may occur when running "go get" on a malicious module, or when running any other command which builds untrusted code. This is can by triggered by linker flags, specified via a "#cgo LDFLAGS" directive. Flags containing embedded spaces are mishandled, allowing disallowed flags to be smuggled through the LDFLAGS sanitization by including them in the argument of another flag. This only affects usage of the gccgo compiler.
CVSS: LOW (0.0) EPSS Score: 0.93%
December 7th, 2024 (5 months ago)
|
|
CVE-2023-2911 |
Description: If the `recursive-clients` quota is reached on a BIND 9 resolver configured with both `stale-answer-enable yes;` and `stale-answer-client-timeout 0;`, a sequence of serve-stale-related lookups could cause `named` to loop and terminate unexpectedly due to a stack overflow.
This issue affects BIND 9 versions 9.16.33 through 9.16.41, 9.18.7 through 9.18.15, 9.16.33-S1 through 9.16.41-S1, and 9.18.11-S1 through 9.18.15-S1.
CVSS: HIGH (7.5) EPSS Score: 0.1%
December 7th, 2024 (5 months ago)
|
|
CVE-2023-28800 |
Description: When using local accounts for administration, the redirect url parameter was not encoded correctly, allowing for an XSS attack providing admin login.
CVSS: HIGH (8.1) EPSS Score: 0.18%
December 7th, 2024 (5 months ago)
|
|
CVE-2023-28642 |
Description: runc is a CLI tool for spawning and running containers according to the OCI specification. It was found that AppArmor can be bypassed when `/proc` inside the container is symlinked with a specific mount configuration. This issue has been fixed in runc version 1.1.5, by prohibiting symlinked `/proc`. See PR #3785 for details. users are advised to upgrade. Users unable to upgrade should avoid using an untrusted container image.
CVSS: MEDIUM (6.1) EPSS Score: 0.04%
December 7th, 2024 (5 months ago)
|
|
CVE-2023-2831 |
Description: Mattermost fails to unescape Markdown strings in a memory-efficient way, allowing an attacker to cause a Denial of Service by sending a message containing a large number of escaped characters.
CVSS: MEDIUM (4.3) EPSS Score: 0.09%
December 7th, 2024 (5 months ago)
|
|
CVE-2023-2829 |
Description: A `named` instance configured to run as a DNSSEC-validating recursive resolver with the Aggressive Use of DNSSEC-Validated Cache (RFC 8198) option (`synth-from-dnssec`) enabled can be remotely terminated using a zone with a malformed NSEC record.
This issue affects BIND 9 versions 9.16.8-S1 through 9.16.41-S1 and 9.18.11-S1 through 9.18.15-S1.
CVSS: HIGH (7.5) EPSS Score: 0.04%
December 7th, 2024 (5 months ago)
|