Threat and Vulnerability Intelligence Database
Example Searches:
CVE
Threat Actors
Countries
Vendors
Severity
Known Exploited
CVE-2023-35800 |
Description: Stormshield Endpoint Security Evolution 2.0.0 through 2.4.2 has Insecure Permissions. An ACL entry on the SES Evolution agent directory that contains the agent logs displayed in the GUI allows interactive users to read data, which could allow access to information reserved to administrators.
CVSS: LOW (0.0) EPSS Score: 0.07%
December 3rd, 2024 (5 months ago)
|
|
CVE-2023-35799 |
Description: Stormshield Endpoint Security Evolution 2.0.0 through 2.3.2 has Insecure Permissions. An interactive user can use the SES Evolution agent to create arbitrary files with local system privileges.
CVSS: LOW (0.0) EPSS Score: 0.04%
December 3rd, 2024 (5 months ago)
|
|
CVE-2023-35690 |
Description: In RGXDestroyHWRTData of rgxta3d.c, there is a possible arbitrary code execution due to an uncaught exception. This could lead to local escalation of privilege in the kernel with no additional execution privileges needed. User interaction is not needed for exploitation.
CVSS: LOW (0.0) EPSS Score: 0.12%
December 3rd, 2024 (5 months ago)
|
|
CVE-2023-34839 |
Description: A Cross Site Request Forgery (CSRF) vulnerability in Issabel issabel-pbx v.4.0.0-6 allows a remote attacker to gain privileges via a Custom CSRF exploit to create new user function in the application.
CVSS: LOW (0.0) EPSS Score: 0.17%
December 3rd, 2024 (5 months ago)
|
|
CVE-2023-34838 |
Description: A Cross Site Scripting vulnerability in Microworld Technologies eScan Management console v.14.0.1400.2281 allows a remote attacker to execute arbitrary code via a crafted script to the Description parameter.
CVSS: LOW (0.0) EPSS Score: 0.06%
December 3rd, 2024 (5 months ago)
|
|
CVE-2023-34837 |
Description: A Cross Site Scripting vulnerability in Microworld Technologies eScan Management console v.14.0.1400.2281 allows a remote attacker to execute arbitrary code via a vulnerable parameter GrpPath.
CVSS: LOW (0.0) EPSS Score: 0.06%
December 3rd, 2024 (5 months ago)
|
|
CVE-2023-34389 |
Description: An allocation of resources without limits or throttling vulnerability in the Schweitzer Engineering Laboratories SEL-451 could allow a remote authenticated attacker to make the system unavailable for an indefinite amount of time.
See product Instruction Manual Appendix A dated 20230830 for more details.
CVSS: MEDIUM (4.5) EPSS Score: 0.09%
December 3rd, 2024 (5 months ago)
|
|
CVE-2023-34203 |
Description: In Progress OpenEdge OEM (OpenEdge Management) and OEE (OpenEdge Explorer) before 12.7, a remote user (who has any OEM or OEE role) could perform a URL injection attack to change identity or role membership, e.g., escalate to admin. This affects OpenEdge LTS before 11.7.16, 12.x before 12.2.12, and 12.3.x through 12.6.x before 12.7.
CVSS: LOW (0.0) EPSS Score: 0.18%
December 3rd, 2024 (5 months ago)
|
|
CVE-2023-34188 |
Description: The HTTP server in Mongoose before 7.10 accepts requests containing negative Content-Length headers. By sending a single attack payload over TCP, an attacker can cause an infinite loop in which the server continuously reparses that payload, and does not respond to any other requests.
CVSS: LOW (0.0) EPSS Score: 0.16%
December 3rd, 2024 (5 months ago)
|
|
CVE-2023-3371 |
Description: The User Registration plugin for WordPress is vulnerable to Sensitive Information Exposure due to hardcoded encryption key on the 'lock_content_form_handler' and 'display_password_form' function in versions up to, and including, 3.7.3. This makes it possible for unauthenticated attackers to decrypt and view the password protected content.
CVSS: MEDIUM (5.3) EPSS Score: 0.16%
December 3rd, 2024 (5 months ago)
|