Skip to main content
CVE-2023-20163 HIGH This Week

Multiple vulnerabilities in Cisco Identity Services Engine (ISE) could allow an authenticated attacker to perform command injection attacks on the underlying operating system and elevate privileges. Rated high severity (CVSS 7.2), this vulnerability is remotely exploitable, low attack complexity. No vendor patch available.

Cisco Command Injection Identity Services Engine
NVD
CVSS 3.1
7.2
EPSS
1.2%
CVE-2023-20166 MEDIUM This Month

Multiple vulnerabilities in Cisco Identity Services Engine (ISE) could allow an authenticated attacker to perform path traversal attacks on the underlying operating system to either elevate. Rated medium severity (CVSS 6.7), this vulnerability is low attack complexity. No vendor patch available.

Path Traversal Cisco Identity Services Engine
NVD
CVSS 3.1
6.7
EPSS
0.2%
CVE-2023-2025 MEDIUM This Month

OpenBlue Enterprise Manager Data Collector versions prior to 3.2.5.75 may expose sensitive information to an unauthorized user under certain circumstances. Rated medium severity (CVSS 6.5), this vulnerability is remotely exploitable, low attack complexity. No vendor patch available.

Information Disclosure Openblue Enterprise Manager Data Collector
NVD
CVSS 3.1
6.5
EPSS
0.5%
CVE-2023-31597 MEDIUM PATCH This Month

An issue in Zammad v5.4.0 allows attackers to bypass e-mail verification using an arbitrary address and manipulate the data of the generated user. Rated medium severity (CVSS 6.5), this vulnerability is remotely exploitable, no authentication required, low attack complexity. This Incorrect Authorization vulnerability could allow attackers to bypass authorization checks to access restricted resources.

Authentication Bypass Zammad
NVD
CVSS 3.1
6.5
EPSS
0.4%
CVE-2023-20171 MEDIUM This Month

Multiple vulnerabilities in Cisco Identity Services Engine (ISE) could allow an authenticated attacker to delete or read arbitrary files on the underlying operating system. Rated medium severity (CVSS 6.5), this vulnerability is remotely exploitable, low attack complexity. No vendor patch available.

Cisco Information Disclosure Identity Services Engine
NVD
CVSS 3.1
6.5
EPSS
0.4%
CVE-2023-20110 MEDIUM This Month

A vulnerability in the web-based management interface of Cisco Smart Software Manager On-Prem (SSM On-Prem) could allow an authenticated, remote attacker to conduct SQL injection attacks on an. Rated medium severity (CVSS 6.5), this vulnerability is remotely exploitable, low attack complexity. No vendor patch available.

Cisco Information Disclosure SQLi Smart Software Manager On Prem
NVD
CVSS 3.1
6.5
EPSS
1.2%
CVE-2023-20087 MEDIUM This Month

Multiple vulnerabilities in the web-based management interface of Cisco Identity Services Engine (ISE) could allow an authenticated, remote attacker to download arbitrary files from the filesystem of. Rated medium severity (CVSS 6.5), this vulnerability is remotely exploitable, low attack complexity. No vendor patch available.

Cisco Information Disclosure Identity Services Engine
NVD
CVSS 3.1
6.5
EPSS
0.8%
CVE-2023-20077 MEDIUM This Month

Multiple vulnerabilities in the web-based management interface of Cisco Identity Services Engine (ISE) could allow an authenticated, remote attacker to download arbitrary files from the filesystem of. Rated medium severity (CVSS 6.5), this vulnerability is remotely exploitable, low attack complexity. No vendor patch available.

Cisco Information Disclosure Identity Services Engine
NVD
CVSS 3.1
6.5
EPSS
0.8%
CVE-2023-33203 MEDIUM PATCH This Month

The Linux kernel before 6.2.9 has a race condition and resultant use-after-free in drivers/net/ethernet/qualcomm/emac/emac.c if a physically proximate attacker unplugs an emac based device. Rated medium severity (CVSS 6.4), this vulnerability is no authentication required.

Race Condition Qualcomm Linux Information Disclosure Linux Kernel +1
NVD
CVSS 3.1
6.4
EPSS
0.4%
CVE-2023-30487 MEDIUM This Month

Unauth. Rated medium severity (CVSS 6.1), this vulnerability is remotely exploitable, no authentication required, low attack complexity. No vendor patch available.

XSS Learnpress
NVD
CVSS 3.1
6.1
EPSS
0.4%
CVE-2023-1195 MEDIUM PATCH This Month

A use-after-free flaw was found in reconn_set_ipaddr_from_hostname in fs/cifs/connect.c in the Linux kernel. Rated medium severity (CVSS 5.5), this vulnerability is low attack complexity. This Use After Free vulnerability could allow attackers to access freed memory to execute arbitrary code or crash the application.

Use After Free Information Disclosure Linux Memory Corruption Linux Kernel
NVD GitHub
CVSS 3.1
5.5
EPSS
0.2%
CVE-2023-2782 MEDIUM This Month

Sensitive information disclosure due to improper authorization. Rated medium severity (CVSS 5.5), this vulnerability is low attack complexity. No vendor patch available.

Information Disclosure Authentication Bypass Cyber Infrastructure
NVD
CVSS 3.1
5.5
EPSS
0.2%
CVE-2023-30780 MEDIUM This Month

Auth. Rated medium severity (CVSS 5.4), this vulnerability is remotely exploitable, low attack complexity. No vendor patch available.

XSS User Ip And Location
NVD
CVSS 3.1
5.4
EPSS
0.4%
CVE-2023-23999 MEDIUM This Month

Auth. Rated medium severity (CVSS 5.4), this vulnerability is remotely exploitable, low attack complexity. No vendor patch available.

XSS Google Analytics Dashboard
NVD
CVSS 3.1
5.4
EPSS
0.4%
CVE-2023-23667 MEDIUM This Month

Auth. Rated medium severity (CVSS 5.4), this vulnerability is remotely exploitable, low attack complexity. No vendor patch available.

WordPress XSS Brands For Woocommerce
NVD
CVSS 3.1
5.4
EPSS
0.4%
CVE-2023-29857 MEDIUM This Month

An issue in Teslamate v1.27.1 allows attackers to obtain sensitive information via directly accessing the teslamate link. Rated medium severity (CVSS 5.3), this vulnerability is remotely exploitable, no authentication required, low attack complexity. No vendor patch available.

Information Disclosure Teslamate
NVD GitHub
CVSS 3.1
5.3
EPSS
0.5%
CVE-2023-20174 MEDIUM This Month

Multiple vulnerabilities in the web-based management interface of Cisco Identity Services Engine (ISE) could allow an authenticated, remote attacker to read arbitrary files or conduct a server-side. Rated medium severity (CVSS 4.9), this vulnerability is remotely exploitable, low attack complexity. No vendor patch available.

Cisco XXE SSRF Identity Services Engine
NVD
CVSS 3.1
4.9
EPSS
0.7%
CVE-2023-20173 MEDIUM This Month

Multiple vulnerabilities in the web-based management interface of Cisco Identity Services Engine (ISE) could allow an authenticated, remote attacker to read arbitrary files or conduct a server-side. Rated medium severity (CVSS 4.9), this vulnerability is remotely exploitable, low attack complexity. No vendor patch available.

Cisco XXE SSRF Identity Services Engine
NVD
CVSS 3.1
4.9
EPSS
0.8%
CVE-2023-20172 MEDIUM This Month

Multiple vulnerabilities in Cisco Identity Services Engine (ISE) could allow an authenticated attacker to delete or read arbitrary files on the underlying operating system. Rated medium severity (CVSS 4.9), this vulnerability is remotely exploitable, low attack complexity. No vendor patch available.

Cisco Information Disclosure Identity Services Engine
NVD
CVSS 3.1
4.9
EPSS
0.4%
CVE-2023-20167 MEDIUM This Month

Multiple vulnerabilities in Cisco Identity Services Engine (ISE) could allow an authenticated attacker to perform path traversal attacks on the underlying operating system to either elevate. Rated medium severity (CVSS 4.9), this vulnerability is remotely exploitable, low attack complexity. No vendor patch available.

Path Traversal Cisco Identity Services Engine
NVD
CVSS 3.1
4.9
EPSS
0.5%
CVE-2023-32515 MEDIUM This Month

Auth. Rated medium severity (CVSS 4.8), this vulnerability is remotely exploitable, low attack complexity. No vendor patch available.

XSS Custom Field Suite
NVD
CVSS 3.1
4.8
EPSS
0.4%
CVE-2023-31233 MEDIUM This Month

Auth. Rated medium severity (CVSS 4.8), this vulnerability is remotely exploitable, low attack complexity. No vendor patch available.

XSS Baidu Tongji Generator
NVD
CVSS 3.1
4.8
EPSS
0.4%
CVE-2023-20184 MEDIUM This Month

Multiple vulnerabilities in the API of Cisco DNA Center Software could allow an authenticated, remote attacker to read information from a restricted container, enumerate user information, or execute. Rated medium severity (CVSS 4.3), this vulnerability is remotely exploitable, low attack complexity. No vendor patch available.

Cisco Authentication Bypass Catalyst Center
NVD
CVSS 3.1
4.3
EPSS
0.5%
CVE-2023-20183 MEDIUM This Month

Multiple vulnerabilities in the API of Cisco DNA Center Software could allow an authenticated, remote attacker to read information from a restricted container, enumerate user information, or execute. Rated medium severity (CVSS 4.3), this vulnerability is remotely exploitable, low attack complexity. No vendor patch available.

Cisco Authentication Bypass Catalyst Center
NVD
CVSS 3.1
4.3
EPSS
0.5%
CVE-2023-20106 LOW Monitor

Multiple vulnerabilities in Cisco Identity Services Engine (ISE) could allow an authenticated attacker to delete or read arbitrary files on the underlying operating system. Rated low severity (CVSS 3.8), this vulnerability is remotely exploitable, low attack complexity. No vendor patch available.

Cisco Information Disclosure Identity Services Engine
NVD
CVSS 3.1
3.8
EPSS
0.4%
CVE-2023-28369 LOW Monitor

Brother iPrint&Scan V6.11.2 and earlier contains an improper access control vulnerability. Rated low severity (CVSS 3.3), this vulnerability is no authentication required, low attack complexity. No vendor patch available.

Information Disclosure Google Iprint Scan
NVD
CVSS 3.1
3.3
EPSS
0.2%
Prev Page 2 of 2

This site uses cookies essential for authentication and security. No tracking or analytics cookies are used. Privacy Policy