Skip to main content
CVE-2023-2002 MEDIUM POC This Month

A vulnerability was found in the HCI sockets implementation due to a missing capability check in net/bluetooth/hci_sock.c in the Linux Kernel. Rated medium severity (CVSS 6.8), this vulnerability is low attack complexity. Public exploit code available and no vendor patch available.

Privilege Escalation Linux Linux Kernel Debian Linux
NVD
CVSS 3.1
6.8
EPSS
1.5%
CVE-2023-2858 MEDIUM POC This Month

NetScaler file parser crash in Wireshark 4.0.0 to 4.0.5 and 3.6.0 to 3.6.13 allows denial of service via crafted capture file. Rated medium severity (CVSS 6.5), this vulnerability is remotely exploitable, no authentication required, low attack complexity. Public exploit code available and no vendor patch available.

Memory Corruption Buffer Overflow Denial Of Service Citrix Wireshark +1
NVD
CVSS 3.1
6.5
EPSS
1.8%
CVE-2023-2857 MEDIUM POC This Month

BLF file parser crash in Wireshark 4.0.0 to 4.0.5 and 3.6.0 to 3.6.13 allows denial of service via crafted capture file. Rated medium severity (CVSS 6.5), this vulnerability is remotely exploitable, no authentication required, low attack complexity. Public exploit code available and no vendor patch available.

Memory Corruption Buffer Overflow Denial Of Service Wireshark Debian Linux
NVD
CVSS 3.1
6.5
EPSS
0.9%
CVE-2023-2856 MEDIUM POC This Month

VMS TCPIPtrace file parser crash in Wireshark 4.0.0 to 4.0.5 and 3.6.0 to 3.6.13 allows denial of service via crafted capture file. Rated medium severity (CVSS 6.5), this vulnerability is remotely exploitable, no authentication required, low attack complexity. Public exploit code available and no vendor patch available.

Memory Corruption Buffer Overflow Denial Of Service Wireshark Debian Linux
NVD
CVSS 3.1
6.5
EPSS
1.8%
CVE-2023-2855 MEDIUM POC This Month

Candump log parser crash in Wireshark 4.0.0 to 4.0.5 and 3.6.0 to 3.6.13 allows denial of service via crafted capture file. Rated medium severity (CVSS 6.5), this vulnerability is remotely exploitable, no authentication required, low attack complexity. Public exploit code available and no vendor patch available.

Memory Corruption Buffer Overflow Denial Of Service Wireshark Debian Linux
NVD
CVSS 3.1
6.5
EPSS
1.6%
CVE-2023-2854 MEDIUM POC This Month

BLF file parser crash in Wireshark 4.0.0 to 4.0.5 and 3.6.0 to 3.6.13 allows denial of service via crafted capture file. Rated medium severity (CVSS 6.5), this vulnerability is remotely exploitable, no authentication required, low attack complexity. Public exploit code available and no vendor patch available.

Memory Corruption Buffer Overflow Denial Of Service Wireshark Debian Linux
NVD
CVSS 3.1
6.5
EPSS
0.9%
CVE-2023-33720 MEDIUM POC This Month

mp4v2 v2.1.2 was discovered to contain a memory leak via the class MP4BytesProperty. Rated medium severity (CVSS 6.5), this vulnerability is remotely exploitable, no authentication required, low attack complexity. Public exploit code available and no vendor patch available.

Denial Of Service Mp4V2
NVD GitHub
CVSS 3.1
6.5
EPSS
0.6%
CVE-2023-33255 MEDIUM POC This Month

An issue was discovered in Papaya Viewer 1.0.1449. Rated medium severity (CVSS 6.1), this vulnerability is remotely exploitable, no authentication required, low attack complexity. Public exploit code available and no vendor patch available.

XSS Papaya Viewer
NVD
CVSS 3.1
6.1
EPSS
0.9%
CVE-2023-28321 MEDIUM POC This Month

An improper certificate validation vulnerability exists in curl <v8.1.0 in the way it supports matching of wildcard patterns when listed as "Subject Alternative Name" in TLS server certificates. Rated medium severity (CVSS 5.9), this vulnerability is remotely exploitable, no authentication required. Public exploit code available and no vendor patch available.

Information Disclosure Curl Debian Linux Fedora Clustered Data Ontap +6
NVD
CVSS 3.1
5.9
EPSS
1.8%
CVE-2023-28320 MEDIUM POC This Month

A denial of service vulnerability exists in curl <v8.1.0 in the way libcurl provides several different backends for resolving host names, selected at build time. Rated medium severity (CVSS 5.9), this vulnerability is remotely exploitable, no authentication required. Public exploit code available and no vendor patch available.

Denial Of Service Curl macOS Clustered Data Ontap Ontap Antivirus Connector +4
NVD
CVSS 3.1
5.9
EPSS
2.7%
CVE-2023-1981 MEDIUM POC This Month

A vulnerability was found in the avahi library. Rated medium severity (CVSS 5.5), this vulnerability is low attack complexity. Public exploit code available and no vendor patch available.

Denial Of Service Avahi Fedora Enterprise Linux
NVD GitHub
CVSS 3.1
5.5
EPSS
0.4%
CVE-2023-33196 MEDIUM POC PATCH This Month

Craft is a CMS for creating custom digital experiences. Rated medium severity (CVSS 5.4), this vulnerability is remotely exploitable, low attack complexity. Public exploit code available.

XSS Craft Cms
NVD GitHub
CVSS 3.1
5.4
EPSS
0.7%
CVE-2023-33185 MEDIUM POC PATCH This Month

Django-SES is a drop-in mail backend for Django. Rated medium severity (CVSS 5.4), this vulnerability is remotely exploitable, low attack complexity. Public exploit code available.

Python Jwt Attack Information Disclosure Django Ses
NVD GitHub
CVSS 3.1
5.4
EPSS
0.2%
CVE-2023-33197 MEDIUM POC PATCH This Month

Craft is a CMS for creating custom digital experiences on the web. Rated medium severity (CVSS 5.4), this vulnerability is remotely exploitable, low attack complexity. Public exploit code available.

XSS Craft Cms
NVD GitHub
CVSS 3.1
5.4
EPSS
0.7%
CVE-2023-33780 MEDIUM POC This Month

A stored cross-site scripting (XSS) vulnerability in TFDi Design smartCARS 3 v0.7.0 and below allows attackers to execute arbitrary web scripts or HTML via injecting a crafted payload into the body. Rated medium severity (CVSS 5.4), this vulnerability is remotely exploitable, low attack complexity. Public exploit code available and no vendor patch available.

XSS Smartcars 3
NVD GitHub
CVSS 3.1
5.4
EPSS
0.5%
CVE-2023-33394 MEDIUM POC This Month

skycaiji v2.5.4 is vulnerable to Cross Site Scripting (XSS). Rated medium severity (CVSS 5.4), this vulnerability is remotely exploitable, low attack complexity. Public exploit code available and no vendor patch available.

XSS Skycaiji
NVD
CVSS 3.1
5.4
EPSS
0.4%
CVE-2023-33194 MEDIUM POC PATCH This Month

Craft is a CMS for creating custom digital experiences on the web.The platform does not filter input and encode output in Quick Post validation error message, which can deliver an XSS payload. Rated medium severity (CVSS 4.8), this vulnerability is remotely exploitable, low attack complexity. Public exploit code available.

XSS Craft Cms Craftercms
NVD GitHub
CVSS 3.1
4.8
EPSS
0.6%
CVE-2023-32323 MEDIUM POC PATCH This Month

Synapse is an open-source Matrix homeserver written and maintained by the Matrix.org Foundation. Rated medium severity (CVSS 4.3), this vulnerability is remotely exploitable, low attack complexity. Public exploit code available.

Information Disclosure Synapse
NVD GitHub
CVSS 3.1
4.3
EPSS
1.0%
CVE-2023-32318 MEDIUM PATCH This Month

Nextcloud server provides a home for data. Rated medium severity (CVSS 6.7).

Information Disclosure Nextcloud Nextcloud Server
NVD GitHub
CVSS 3.1
6.7
EPSS
0.2%
CVE-2023-32319 MEDIUM PATCH This Month

Nextcloud server is an open source personal cloud implementation. Rated medium severity (CVSS 6.5), this vulnerability is remotely exploitable, low attack complexity.

Information Disclosure Nextcloud Nextcloud Server
NVD GitHub
CVSS 3.1
6.5
EPSS
0.7%
CVE-2023-33187 MEDIUM PATCH This Month

Highlight is an open source, full-stack monitoring platform. Rated medium severity (CVSS 6.5), this vulnerability is remotely exploitable, low attack complexity.

Information Disclosure Highlight
NVD GitHub
CVSS 3.1
6.5
EPSS
0.3%
CVE-2023-2283 MEDIUM This Month

A vulnerability was found in libssh, where the authentication check of the connecting client can be bypassed in the`pki_verify_data_signature` function in memory allocation problems. Rated medium severity (CVSS 6.5), this vulnerability is remotely exploitable, no authentication required, low attack complexity. No vendor patch available.

Authentication Bypass Libssh Fedora Enterprise Linux
NVD
CVSS 3.1
6.5
EPSS
1.1%
CVE-2023-1667 MEDIUM This Month

A NULL pointer dereference was found In libssh during re-keying with algorithm guessing. Rated medium severity (CVSS 6.5), this vulnerability is remotely exploitable, low attack complexity. No vendor patch available.

Denial Of Service Null Pointer Dereference Libssh Fedora Debian Linux +1
NVD
CVSS 3.1
6.5
EPSS
1.3%
CVE-2023-1664 MEDIUM PATCH This Month

A flaw was found in Keycloak. Rated medium severity (CVSS 6.5), this vulnerability is remotely exploitable, no authentication required, low attack complexity. No vendor patch available.

Information Disclosure Build Of Quarkus Jboss A Mq Keycloak Migration Toolkit For Runtimes +1
NVD
CVSS 3.1
6.5
EPSS
0.4%
CVE-2023-32681 MEDIUM PATCH This Month

Requests is a HTTP library. Rated medium severity (CVSS 6.1), this vulnerability is remotely exploitable, no authentication required. This Exposure of Sensitive Information vulnerability could allow attackers to access sensitive data that should not be disclosed.

Information Disclosure Requests Fedora
NVD GitHub
CVSS 3.1
6.1
EPSS
3.0%
CVE-2023-20868 MEDIUM This Month

NSX-T contains a reflected cross-site scripting vulnerability due to a lack of input validation. Rated medium severity (CVSS 6.1), this vulnerability is remotely exploitable, no authentication required, low attack complexity. No vendor patch available.

XSS Vmware Nsx T Data Center
NVD
CVSS 3.1
6.1
EPSS
0.5%
CVE-2023-29098 MEDIUM This Month

Unauth. Rated medium severity (CVSS 6.1), this vulnerability is remotely exploitable, no authentication required, low attack complexity. No vendor patch available.

XSS Copysafe Web Protection
NVD
CVSS 3.1
6.1
EPSS
0.4%
CVE-2023-20882 MEDIUM This Month

In Cloud foundry routing release versions from 0.262.0 and prior to 0.266.0,a bug in the gorouter process can lead to a denial of service of applications hosted on Cloud Foundry. Rated medium severity (CVSS 5.9), this vulnerability is remotely exploitable, no authentication required. No vendor patch available.

Denial Of Service Cf Deployment Routing Release
NVD
CVSS 3.1
5.9
EPSS
0.6%
CVE-2023-2817 MEDIUM PATCH This Month

A post-authentication stored cross-site scripting vulnerability exists in Craft CMS versions <= 4.4.11. Rated medium severity (CVSS 5.4), this vulnerability is remotely exploitable, low attack complexity. This Cross-Site Scripting (XSS) vulnerability could allow attackers to inject malicious scripts into web pages viewed by other users.

XSS Craft Cms
NVD GitHub
CVSS 3.1
5.4
EPSS
0.4%
CVE-2023-33199 MEDIUM PATCH This Month

Rekor's goals are to provide an immutable tamper resistant ledger of metadata generated within a software projects supply chain. Rated medium severity (CVSS 5.3), this vulnerability is remotely exploitable, no authentication required, low attack complexity.

Information Disclosure Rekor
NVD GitHub
CVSS 3.1
5.3
EPSS
0.7%
CVE-2023-27311 MEDIUM This Month

NetApp Blue XP Connector versions prior to 3.9.25 expose information via a directory listing. Rated medium severity (CVSS 5.3), this vulnerability is remotely exploitable, no authentication required, low attack complexity. No vendor patch available.

Path Traversal Blue Xp Connector
NVD
CVSS 3.1
5.3
EPSS
0.6%
CVE-2023-0117 MEDIUM This Month

The online authentication provided by the hwKitAssistant lacks strict identity verification of applications. Rated medium severity (CVSS 5.3), this vulnerability is remotely exploitable, no authentication required, low attack complexity. No vendor patch available.

Authentication Bypass Emui
NVD
CVSS 3.1
5.3
EPSS
0.4%
CVE-2023-25781 MEDIUM This Month

Auth. Rated medium severity (CVSS 4.8), this vulnerability is remotely exploitable, low attack complexity. No vendor patch available.

XSS Upload File Type Settings Plugin
NVD
CVSS 3.1
4.8
EPSS
0.4%
CVE-2023-2898 MEDIUM PATCH This Month

There is a null-pointer-dereference flaw found in f2fs_write_end_io in fs/f2fs/data.c in the Linux kernel. Rated medium severity (CVSS 4.7). This NULL Pointer Dereference vulnerability could allow attackers to crash the application by dereferencing a null pointer.

Denial Of Service Null Pointer Dereference Linux Linux Kernel Debian Linux +5
NVD
CVSS 3.1
4.7
EPSS
0.2%
CVE-2023-32316 MEDIUM This Month

CloudExplorer Lite is an open source cloud management tool. Rated medium severity (CVSS 4.3), this vulnerability is remotely exploitable, low attack complexity. No vendor patch available.

Authentication Bypass Cloudexplorer
NVD GitHub
CVSS 3.1
4.3
EPSS
0.4%
CVE-2023-32311 MEDIUM This Month

CloudExplorer Lite is an open source cloud management platform. Rated medium severity (CVSS 4.3), this vulnerability is remotely exploitable, low attack complexity. No vendor patch available.

Authentication Bypass Cloudexplorer
NVD GitHub
CVSS 3.1
4.3
EPSS
0.4%

This site uses cookies essential for authentication and security. No tracking or analytics cookies are used. Privacy Policy