Skip to main content
CVE-2023-32629 HIGH POC PATCH Act Now

Local privilege escalation vulnerability in Ubuntu Kernels overlayfs ovl_copy_up_meta_inode_data skip permission checks when calling ovl_do_setxattr on Ubuntu kernels. Rated high severity (CVSS 7.8), this vulnerability is low attack complexity. Public exploit code available.

Ubuntu Privilege Escalation Authentication Bypass Ubuntu Linux
NVD
CVSS 3.1
7.8
EPSS
8.9%
CVE-2023-2640 HIGH POC PATCH THREAT Act Now

On Ubuntu kernels carrying both c914c0e27eb0 and "UBUNTU: SAUCE: overlayfs: Skip permission checking for trusted.overlayfs.* xattrs", an unprivileged user may set privileged extended attributes on. Rated high severity (CVSS 7.8), this vulnerability is low attack complexity. Public exploit code available.

Ubuntu Authentication Bypass Ubuntu Linux
NVD
CVSS 3.1
7.8
EPSS
15.8%
CVE-2023-30577 HIGH POC This Week

AMANDA (Advanced Maryland Automatic Network Disk Archiver) before tag-community-3.5.4 mishandles argument checking for runtar.c, a different vulnerability than CVE-2022-37705. Rated high severity (CVSS 7.8), this vulnerability is low attack complexity. Public exploit code available and no vendor patch available.

Information Disclosure Amanda
NVD GitHub
CVSS 3.1
7.8
EPSS
0.5%
CVE-2023-30367 HIGH POC This Week

Multi-Remote Next Generation Connection Manager (mRemoteNG) is free software that enables users to store and manage multi-protocol connection configurations to remotely connect to systems. Rated high severity (CVSS 7.5), this vulnerability is remotely exploitable, no authentication required, low attack complexity. Public exploit code available and no vendor patch available.

Authentication Bypass Mremoteng
NVD GitHub
CVSS 3.1
7.5
EPSS
0.4%
CVE-2023-38672 HIGH POC PATCH This Week

FPE in paddle.trace in PaddlePaddle before 2.5.0. Rated high severity (CVSS 7.5), this vulnerability is remotely exploitable, no authentication required, low attack complexity. Public exploit code available and no vendor patch available.

Denial Of Service Paddlepaddle
NVD GitHub
CVSS 3.1
7.5
EPSS
0.6%
CVE-2023-38670 HIGH POC PATCH This Week

Null pointer dereference in paddle.flip in PaddlePaddle before 2.5.0. Rated high severity (CVSS 7.5), this vulnerability is remotely exploitable, no authentication required, low attack complexity. Public exploit code available and no vendor patch available.

Denial Of Service Null Pointer Dereference Paddlepaddle
NVD GitHub
CVSS 3.1
7.5
EPSS
0.6%
CVE-2023-38433 HIGH POC This Week

Fujitsu Real-time Video Transmission Gear "IP series" use hard-coded credentials, which may allow a remote unauthenticated attacker to initialize or reboot the products, and as a result, terminate. Rated high severity (CVSS 7.5), this vulnerability is remotely exploitable, no authentication required, low attack complexity. No vendor patch available.

Authentication Bypass Ip He950E Firmware Ip He950D Firmware Ip He900E Firmware Ip He900D Firmware +7
NVD
CVSS 3.1
7.5
EPSS
3.0%
CVE-2023-28130 HIGH POC THREAT This Week

Local user may lead to privilege escalation using Gaia Portal hostnames page. Rated high severity (CVSS 7.2), this vulnerability is remotely exploitable, low attack complexity. Public exploit code available and no vendor patch available.

Privilege Escalation Gaia Portal
NVD
CVSS 3.1
7.2
EPSS
21.4%
CVE-2023-38555 HIGH This Week

Authentication bypass vulnerability in Fujitsu network devices Si-R series and SR-M series allows a network-adjacent unauthenticated attacker to obtain, change, and/or reset configuration settings of. Rated high severity (CVSS 8.8), this vulnerability is no authentication required, low attack complexity. No vendor patch available.

Authentication Bypass Si R 30B Firmware Si R 130B Firmware Si R 90Brin Firmware Si R570B Firmware +12
NVD
CVSS 3.1
8.8
EPSS
0.3%
CVE-2023-26911 HIGH This Week

ASUS SetupAsusServices v1.0.5.1 in Asus Armoury Crate v5.3.4.0 contains an unquoted service path vulnerability which allows local users to launch processes with elevated privileges. Rated high severity (CVSS 7.8), this vulnerability is no authentication required, low attack complexity. No vendor patch available.

Information Disclosure Armoury Crate Setupasusservices
NVD
CVSS 3.1
7.8
EPSS
0.2%
CVE-2023-39261 HIGH This Week

In JetBrains IntelliJ IDEA before 2023.2 plugin for Space was requesting excessive permissions. Rated high severity (CVSS 7.8), this vulnerability is low attack complexity. No vendor patch available.

Privilege Escalation Intellij Idea
NVD
CVSS 3.1
7.8
EPSS
0.3%
CVE-2023-38285 HIGH This Week

Trustwave ModSecurity 3.x before 3.0.10 has Inefficient Algorithmic Complexity. Rated high severity (CVSS 7.5), this vulnerability is remotely exploitable, no authentication required, low attack complexity. No vendor patch available.

Information Disclosure Modsecurity
NVD
CVSS 3.1
7.5
EPSS
0.8%
CVE-2023-3442 HIGH PATCH This Week

A missing authorization vulnerability exists in versions of the Jenkins Plug-in for ServiceNow DevOps prior to 1.38.1 that, if exploited successfully, could cause the unwanted exposure of sensitive. Rated high severity (CVSS 7.5), this vulnerability is remotely exploitable, no authentication required, low attack complexity. No vendor patch available.

Jenkins Authentication Bypass Servicenow Devops
NVD
CVSS 3.1
7.5
EPSS
0.6%
CVE-2023-23842 HIGH This Week

The SolarWinds Network Configuration Manager was susceptible to the Directory Traversal Vulnerability. Rated high severity (CVSS 7.2), this vulnerability is remotely exploitable, low attack complexity. No vendor patch available.

Path Traversal Network Configuration Monitor
NVD
CVSS 3.1
7.2
EPSS
3.3%
CVE-2023-33225 HIGH This Week

The SolarWinds Platform was susceptible to the Incorrect Comparison Vulnerability. Rated high severity (CVSS 7.2), this vulnerability is remotely exploitable, low attack complexity. No vendor patch available.

Information Disclosure Solarwinds Platform
NVD
CVSS 3.1
7.2
EPSS
3.3%
CVE-2023-33224 HIGH This Week

The SolarWinds Platform was susceptible to the Incorrect Behavior Order Vulnerability. Rated high severity (CVSS 7.2), this vulnerability is remotely exploitable, low attack complexity. No vendor patch available.

Information Disclosure Solarwinds Platform
NVD
CVSS 3.1
7.2
EPSS
2.8%
CVE-2023-23844 HIGH This Week

The SolarWinds Platform was susceptible to the Incorrect Comparison Vulnerability. Rated high severity (CVSS 7.2), this vulnerability is remotely exploitable, low attack complexity. No vendor patch available.

Information Disclosure Solarwinds Platform
NVD
CVSS 3.1
7.2
EPSS
3.0%
CVE-2023-23843 HIGH This Week

The SolarWinds Platform was susceptible to the Incorrect Comparison Vulnerability. Rated high severity (CVSS 7.2), this vulnerability is remotely exploitable, low attack complexity. No vendor patch available.

Information Disclosure Solarwinds Platform
NVD
CVSS 3.1
7.2
EPSS
2.6%

This site uses cookies essential for authentication and security. No tracking or analytics cookies are used. Privacy Policy