Threat and Vulnerability Intelligence Database
Example Searches:
CVE
Threat Actors
Countries
Vendors
Severity
Known Exploited
CVE-2023-27561 |
Description: runc through 1.1.4 has Incorrect Access Control leading to Escalation of Privileges, related to libcontainer/rootfs_linux.go. To exploit this, an attacker must be able to spawn two containers with custom volume-mount configurations, and be able to run custom images. NOTE: this issue exists because of a CVE-2019-19921 regression.
CVSS: LOW (0.0) EPSS Score: 0.05%
December 7th, 2024 (5 months ago)
|
|
CVE-2023-27266 |
Description: Mattermost fails to honor the ShowEmailAddress setting when constructing a response to the /api/v4/users/me/teams API endpoint, allowing an attacker with team admin privileges to learn the team owner's email address in the response.
CVSS: LOW (2.7) EPSS Score: 0.05%
December 7th, 2024 (5 months ago)
|
|
CVE-2023-27265 |
Description: Mattermost fails to honor the ShowEmailAddress setting when constructing a response to the "Regenerate Invite Id" API endpoint, allowing an attacker with team admin privileges to learn the team owner's email address in the response.
CVSS: LOW (2.7) EPSS Score: 0.05%
December 7th, 2024 (5 months ago)
|
|
CVE-2023-27264 |
Description: A missing permissions check in Mattermost Playbooks in Mattermost allows an attacker to modify a playbook via the /plugins/playbooks/api/v0/playbooks/[playbookID] API.
CVSS: HIGH (7.1) EPSS Score: 0.05%
December 7th, 2024 (5 months ago)
|
|
CVE-2023-27263 |
Description: A missing permissions check in the /plugins/playbooks/api/v0/runs API in Mattermost allows an attacker to list and view playbooks belonging to a team they are not a member of.
CVSS: MEDIUM (4.3) EPSS Score: 0.06%
December 7th, 2024 (5 months ago)
|
|
CVE-2023-27243 |
Description: An access control issue in Makves DCAP v3.0.0.122 allows unauthenticated attackers to obtain cleartext credentials via a crafted web request to the product API.
CVSS: LOW (0.0) EPSS Score: 0.18%
December 7th, 2024 (5 months ago)
|
|
CVE-2023-27083 |
Description: An issue discovered in /admin.php in Pluck CMS 4.7.15 through 4.7.16-dev5 allows remote attackers to run arbitrary code via manage file functionality.
CVSS: LOW (0.0) EPSS Score: 0.19%
December 7th, 2024 (5 months ago)
|
|
CVE-2023-25435 |
Description: libtiff 4.5.0 is vulnerable to Buffer Overflow via extractContigSamplesShifted8bits() at /libtiff/tools/tiffcrop.c:3753.
CVSS: LOW (0.0) EPSS Score: 0.05%
December 7th, 2024 (5 months ago)
|
|
CVE-2023-2515 |
Description: Mattermost fails to restrict a user with permissions to edit other users and to create personal access tokens from elevating their privileges to system admin
CVSS: MEDIUM (4.7) EPSS Score: 0.11%
December 7th, 2024 (5 months ago)
|
|
CVE-2023-2514 |
Description: Mattermost Sever fails to redact the DB username and password before emitting an application log during server initialization.
CVSS: MEDIUM (6.7) EPSS Score: 0.12%
December 7th, 2024 (5 months ago)
|