Threat and Vulnerability Intelligence Database
Example Searches:
CVE
Threat Actors
Countries
Vendors
Severity
Known Exploited
CVE-2023-31100 |
Description: Improper Access Control in SMI handler vulnerability in Phoenix SecureCore™ Technology™ 4 allows SPI flash modification.
This issue affects SecureCore™ Technology™ 4:
* from 4.3.0.0 before 4.3.0.203
*
from
4.3.1.0 before 4.3.1.163
*
from
4.4.0.0 before 4.4.0.217
*
from
4.5.0.0 before 4.5.0.138
CVSS: HIGH (8.4) EPSS Score: 0.04%
December 3rd, 2024 (6 months ago)
|
|
CVE-2023-29076 |
Description: A maliciously crafted MODEL, SLDASM, SAT or CATPART file when parsed through Autodesk AutoCAD 2024 and 2023 could cause memory corruption vulnerability. This vulnerability, along with other vulnerabilities, could lead to code execution in the current process.
CVSS: LOW (0.0) EPSS Score: 0.27%
December 3rd, 2024 (6 months ago)
|
|
CVE-2023-29065 |
Description: The FACSChorus software database can be accessed directly with the privileges of the currently logged-in user. A threat actor with physical access could potentially gain credentials, which could be used to alter or destroy data stored in the database.
CVSS: MEDIUM (4.1) EPSS Score: 0.04%
December 3rd, 2024 (6 months ago)
|
|
CVE-2023-28895 |
Description: The password for access to the debugging console of the PoWer Controller chip (PWC) of the MIB3 infotainment is hard-coded in the firmware. The console allows attackers with physical access to the MIB3 unit to gain full control over the PWC chip.
Vulnerability found on Škoda Superb III (3V3) - 2.0 TDI manufactured in 2022.
CVSS: LOW (3.5) EPSS Score: 0.05%
December 3rd, 2024 (6 months ago)
|
|
CVE-2023-28812 |
Description: There is a buffer overflow vulnerability in a web browser plug-in could allow an attacker to exploit the vulnerability by sending crafted messages to computers installed with this plug-in, which could lead to arbitrary code execution or cause process exception of the plug-in.
CVSS: CRITICAL (9.1) EPSS Score: 0.28%
December 3rd, 2024 (6 months ago)
|
|
CVE-2023-28802 |
Description: An Improper Validation of Integrity Check Value in Zscaler Client Connector on Windows allows an authenticated user to disable ZIA/ZPA by interrupting the service restart from Zscaler Diagnostics. This issue affects Client Connector: before 4.2.0.149.
CVSS: MEDIUM (4.9) EPSS Score: 0.06%
December 3rd, 2024 (6 months ago)
|
|
CVE-2023-28586 |
Description: Information disclosure when the trusted application metadata symbol addresses are accessed while loading an ELF in TEE.
CVSS: MEDIUM (6.0) EPSS Score: 0.04%
December 3rd, 2024 (6 months ago)
|
|
CVE-2023-28461 |
Description: Array Networks Array AG Series and vxAG (9.4.0.481 and earlier) allow remote code execution. An attacker can browse the filesystem on the SSL VPN gateway using a flags attribute in an HTTP header without authentication. The product could then be exploited through a vulnerable URL. The 2023-03-09 vendor advisory stated "a new Array AG release with the fix will be available soon."
CVSS: LOW (0.0) EPSS Score: 35.59%
December 3rd, 2024 (6 months ago)
|
|
CVE-2023-28022 |
Description: HCL Connections is vulnerable to an information disclosure vulnerability which could allow a user to obtain sensitive information they are not entitled to, caused by improper handling of request data.
CVSS: LOW (3.5) EPSS Score: 0.06%
December 3rd, 2024 (6 months ago)
|
|
CVE-2023-28017 |
Description: HCL Connections is vulnerable to a cross-site scripting attack where an attacker may leverage this issue to execute arbitrary script code in the browser of an unsuspecting user after visiting the vulnerable URL which leads to executing malicious script code. This may let the attacker steal cookie-based authentication credentials and comprise a user's account then launch other attacks.
CVSS: MEDIUM (5.4) EPSS Score: 0.05%
December 3rd, 2024 (6 months ago)
|