Skip to main content
CVE-2023-32181 MEDIUM This Month

A Buffer Copy without Checking Size of Input ('Classic Buffer Overflow') vulnerability in openSUSE libeconf allows for DoS via malformed configuration files5.2. Rated medium severity (CVSS 6.5), this vulnerability is remotely exploitable, no authentication required, low attack complexity. No vendor patch available.

Buffer Overflow Libeconf
NVD GitHub
CVSS 3.1
6.5
EPSS
0.6%
CVE-2023-22652 MEDIUM This Month

A Buffer Copy without Checking Size of Input ('Classic Buffer Overflow') vulnerability in openSUSE libeconf leads to DoS via malformed config files.5.2. Rated medium severity (CVSS 6.5), this vulnerability is remotely exploitable, no authentication required, low attack complexity. No vendor patch available.

Buffer Overflow Libeconf
NVD GitHub
CVSS 3.1
6.5
EPSS
0.6%
CVE-2023-32715 MEDIUM This Month

In the Splunk App for Lookup File Editing versions below 4.0.1, a user can insert potentially malicious JavaScript code into the app, which causes that code to run on the user’s machine. Rated medium severity (CVSS 6.1), this vulnerability is remotely exploitable, no authentication required, low attack complexity. No vendor patch available.

Splunk XSS Splunk App For Lookup File Editing
NVD
CVSS 3.1
6.1
EPSS
0.3%
CVE-2023-3026 MEDIUM PATCH This Month

Cross-site Scripting (XSS) - Stored in GitHub repository jgraph/drawio prior to 21.2.8. Rated medium severity (CVSS 6.1), this vulnerability is remotely exploitable, no authentication required, low attack complexity.

XSS Drawio
NVD GitHub
CVSS 3.1
6.1
EPSS
0.5%
CVE-2023-33716 MEDIUM This Month

mp4v2 v2.1.3 was discovered to contain a memory leak via the class MP4StringProperty at mp4property.cpp. Rated medium severity (CVSS 5.5), this vulnerability is no authentication required, low attack complexity. No vendor patch available.

Information Disclosure Mp4V2
NVD GitHub
CVSS 3.1
5.5
EPSS
0.2%
CVE-2023-2985 MEDIUM PATCH This Month

A use after free flaw was found in hfsplus_put_super in fs/hfsplus/super.c in the Linux Kernel. Rated medium severity (CVSS 5.5), this vulnerability is low attack complexity.

Use After Free Denial Of Service Linux Memory Corruption Linux Kernel
NVD
CVSS 3.1
5.5
EPSS
0.2%
CVE-2023-32711 MEDIUM This Month

In Splunk Enterprise versions below 9.0.5, 8.2.11, and 8.1.14, a Splunk dashboard view lets a low-privileged user exploit a vulnerability in the Bootstrap web framework (CVE-2019-8331) and build a. Rated medium severity (CVSS 5.4), this vulnerability is remotely exploitable, low attack complexity. No vendor patch available.

Splunk XSS
NVD
CVSS 3.1
5.4
EPSS
0.4%
CVE-2023-23954 MEDIUM This Month

Advanced Secure Gateway and Content Analysis, prior to 7.3.13.1 / 3.1.6.0, may be susceptible to a Stored Cross-Site Scripting vulnerability. Rated medium severity (CVSS 5.4), this vulnerability is remotely exploitable, low attack complexity. No vendor patch available.

XSS Advanced Secure Gateway Content Analysis
NVD
CVSS 3.1
5.4
EPSS
0.3%
CVE-2023-32710 MEDIUM This Month

In Splunk Enterprise versions below 9.0.5, 8.2.11, and 8.1.14, and in Splunk Cloud Platform versions below 9.0.2303.100, a low-privileged user can perform an unauthorized transfer of data from a. Rated medium severity (CVSS 5.3), this vulnerability is remotely exploitable. No vendor patch available.

Splunk Information Disclosure Splunk Cloud Platform
NVD
CVSS 3.1
5.3
EPSS
0.4%
CVE-2023-28824 MEDIUM This Month

Server-side request forgery vulnerability exists in CONPROSYS HMI System (CHS) versions prior to 3.5.3. Rated medium severity (CVSS 4.9), this vulnerability is remotely exploitable, low attack complexity. No vendor patch available.

SSRF Conprosys Hmi System
NVD
CVSS 3.1
4.9
EPSS
0.6%
CVE-2023-28651 MEDIUM This Month

Cross-site scripting vulnerability exists in CONPROSYS HMI System (CHS) versions prior to 3.5.3. Rated medium severity (CVSS 4.8), this vulnerability is remotely exploitable, low attack complexity. No vendor patch available.

XSS Conprosys Hmi System
NVD
CVSS 3.1
4.8
EPSS
62.4%
CVE-2023-32717 MEDIUM This Month

On Splunk Enterprise versions below 9.0.5, 8.2.11, and 8.1.14, and in Splunk Cloud Platform versions below 9.0.2303.100, an unauthorized user can access the {{/services/indexing/preview}} REST. Rated medium severity (CVSS 4.3), this vulnerability is remotely exploitable, low attack complexity. No vendor patch available.

Splunk Authentication Bypass Splunk Cloud Platform
NVD
CVSS 3.1
4.3
EPSS
0.4%
CVE-2023-32709 MEDIUM This Month

In Splunk Enterprise versions below 9.0.5, 8.2.11. Rated medium severity (CVSS 4.3), this vulnerability is remotely exploitable, low attack complexity. No vendor patch available.

Splunk Authentication Bypass Splunk Cloud Platform
NVD
CVSS 3.1
4.3
EPSS
0.4%
CVE-2023-34339 LOW PATCH Monitor

In JetBrains Ktor before 2.3.1 headers containing authentication data could be added to the exception's message. Rated low severity (CVSS 3.3), this vulnerability is low attack complexity.

Information Disclosure Ktor
NVD
CVSS 3.1
3.3
EPSS
0.2%
CVE-2023-32712 LOW Monitor

In Splunk Enterprise versions below 9.1.0.2, 9.0.5.1, and 8.2.11.2, an attacker can inject American National Standards Institute (ANSI) escape codes into Splunk log files that, when a vulnerable. Rated low severity (CVSS 3.1), this vulnerability is remotely exploitable, no authentication required. No vendor patch available.

Splunk RCE
NVD
CVSS 3.1
3.1
EPSS
0.3%
Prev Page 2 of 2

This site uses cookies essential for authentication and security. No tracking or analytics cookies are used. Privacy Policy