Skip to main content
CVE-2023-39516 MEDIUM POC This Month

Cacti is an open source operational monitoring and fault management framework. Rated medium severity (CVSS 4.8), this vulnerability is remotely exploitable, low attack complexity. Public exploit code available and no vendor patch available.

PHP XSS Cacti Fedora
NVD GitHub
CVSS 3.1
4.8
EPSS
0.7%
CVE-2023-39515 MEDIUM POC This Month

Cacti is an open source operational monitoring and fault management framework. Rated medium severity (CVSS 4.8), this vulnerability is remotely exploitable, low attack complexity. Public exploit code available and no vendor patch available.

PHP XSS Cacti Fedora
NVD GitHub
CVSS 3.1
4.8
EPSS
0.7%
CVE-2023-39512 MEDIUM POC This Month

Cacti is an open source operational monitoring and fault management framework. Rated medium severity (CVSS 4.8), this vulnerability is remotely exploitable, low attack complexity. Public exploit code available and no vendor patch available.

PHP XSS Cacti Fedora
NVD GitHub
CVSS 3.1
4.8
EPSS
0.7%
CVE-2023-39510 MEDIUM POC This Month

Cacti is an open source operational monitoring and fault management framework. Rated medium severity (CVSS 4.8), this vulnerability is remotely exploitable, low attack complexity. Public exploit code available and no vendor patch available.

PHP XSS Cacti Fedora
NVD GitHub
CVSS 3.1
4.8
EPSS
0.7%
CVE-2023-39366 MEDIUM POC This Month

Cacti is an open source operational monitoring and fault management framework. Rated medium severity (CVSS 4.8), this vulnerability is remotely exploitable, low attack complexity. Public exploit code available and no vendor patch available.

PHP XSS Cacti Fedora
NVD GitHub
CVSS 3.1
4.8
EPSS
0.8%
CVE-2023-2453 HIGH This Week

There is insufficient sanitization of tainted file names that are directly concatenated with a path that is subsequently passed to a ‘require_once’ statement. Rated high severity (CVSS 8.8), this vulnerability is remotely exploitable, low attack complexity. No vendor patch available.

Information Disclosure PHP Phpfusion
NVD
CVSS 3.1
8.8
EPSS
0.7%
CVE-2023-39448 HIGH PATCH This Week

Path traversal vulnerability in SHIRASAGI prior to v1.18.0 allows a remote authenticated attacker to alter or create arbitrary files on the server, resulting in arbitrary code execution. Rated high severity (CVSS 8.8), this vulnerability is remotely exploitable, low attack complexity.

RCE Path Traversal Shirasagi
NVD
CVSS 3.1
8.8
EPSS
1.1%
CVE-2023-30534 MEDIUM POC This Month

Cacti is an open source operational monitoring and fault management framework. Rated medium severity (CVSS 4.3), this vulnerability is remotely exploitable, low attack complexity. Public exploit code available and no vendor patch available.

PHP Deserialization Cacti Fedora
NVD GitHub
CVSS 3.1
4.3
EPSS
2.6%
CVE-2023-35124 MEDIUM POC This Month

An information disclosure vulnerability exists in the OAS Engine configuration management functionality of Open Automation Software OAS Platform v18.00.0072. Rated medium severity (CVSS 4.3), this vulnerability is remotely exploitable, low attack complexity. Public exploit code available and no vendor patch available.

Information Disclosure Oas Platform
NVD
CVSS 3.1
4.3
EPSS
0.5%
CVE-2023-34994 MEDIUM POC This Month

An improper resource allocation vulnerability exists in the OAS Engine configuration management functionality of Open Automation Software OAS Platform v18.00.0072. Rated medium severity (CVSS 4.3), this vulnerability is remotely exploitable, low attack complexity. Public exploit code available and no vendor patch available.

Denial Of Service Oas Platform
NVD
CVSS 3.1
4.3
EPSS
0.7%
CVE-2023-4761 HIGH This Week

Out of bounds memory access in FedCM in Google Chrome prior to 116.0.5845.179 allowed a remote attacker who had compromised the renderer process to perform an out of bounds memory read via a crafted. Rated high severity (CVSS 8.1), this vulnerability is remotely exploitable, no authentication required, low attack complexity. No vendor patch available.

Buffer Overflow Information Disclosure Google Chrome Debian Linux +1
NVD
CVSS 3.1
8.1
EPSS
1.3%
CVE-2023-34998 HIGH This Week

An authentication bypass vulnerability exists in the OAS Engine functionality of Open Automation Software OAS Platform v18.00.0072. Rated high severity (CVSS 8.1), this vulnerability is remotely exploitable, no authentication required. No vendor patch available.

Authentication Bypass Oas Platform
NVD
CVSS 3.1
8.1
EPSS
1.2%
CVE-2023-32615 HIGH This Week

A file write vulnerability exists in the OAS Engine configuration functionality of Open Automation Software OAS Platform v18.00.0072. Rated high severity (CVSS 8.1), this vulnerability is remotely exploitable, low attack complexity. No vendor patch available.

Information Disclosure Oas Platform
NVD
CVSS 3.1
8.1
EPSS
0.7%
CVE-2023-4487 HIGH This Week

GE CIMPLICITY 2023 is by a process control vulnerability, which could allow a local attacker to insert malicious configuration files in the expected web server execution path to escalate privileges. Rated high severity (CVSS 7.8), this vulnerability is low attack complexity. No vendor patch available.

Privilege Escalation Cimplicity
NVD
CVSS 3.1
7.8
EPSS
0.2%
CVE-2023-20898 HIGH PATCH This Week

Git Providers can read from the wrong environment because they get the same cache directory base name in Salt masters prior to 3005.2 or 3006.2. Rated high severity (CVSS 7.8). No vendor patch available.

Denial Of Service Salt
NVD
CVSS 3.1
7.8
EPSS
0.3%
CVE-2023-33021 HIGH PATCH This Week

Memory corruption in Graphics while processing user packets for command submission. Rated high severity (CVSS 7.8), this vulnerability is low attack complexity. This Use After Free vulnerability could allow attackers to access freed memory to execute arbitrary code or crash the application.

Use After Free Buffer Overflow Memory Corruption Apq8064au Firmware Aqt1000 Firmware +161
NVD
CVSS 3.1
7.8
EPSS
0.1%
CVE-2023-28573 HIGH This Week

Memory corruption in WLAN HAL while parsing WMI command parameters. Rated high severity (CVSS 7.8), this vulnerability is low attack complexity. No vendor patch available.

Buffer Overflow 315 5g Iot Firmware Aqt1000 Firmware Ar8035 Firmware Ar9380 Firmware +191
NVD
CVSS 3.1
7.8
EPSS
0.1%
CVE-2023-28567 HIGH This Week

Memory corruption in WLAN HAL while handling command through WMI interfaces. Rated high severity (CVSS 7.8), this vulnerability is low attack complexity. No vendor patch available.

Qca9898 Firmware Qcn5164 Firmware Qca4024 Firmware Ipq6028 Firmware Qca8075 Firmware +281
NVD
CVSS 3.1
7.8
EPSS
0.1%
CVE-2023-28565 HIGH This Week

Memory corruption in WLAN HAL while handling command streams through WMI interfaces. Rated high severity (CVSS 7.8), this vulnerability is low attack complexity. No vendor patch available.

Buffer Overflow 9205 Lte Firmware Apq8017 Firmware Apq8064au Firmware Apq8076 Firmware +288
NVD
CVSS 3.1
7.8
EPSS
0.1%
CVE-2023-28564 HIGH This Week

Memory corruption in WLAN HAL while passing command parameters through WMI interfaces. Rated high severity (CVSS 7.8), this vulnerability is low attack complexity. No vendor patch available.

Memory Corruption Buffer Overflow Aqt1000 Firmware Ar8031 Firmware Ar9380 Firmware +244
NVD
CVSS 3.1
7.8
EPSS
0.1%
CVE-2023-28560 HIGH This Week

Memory corruption in WLAN HAL while processing devIndex from untrusted WMI payload. Rated high severity (CVSS 7.8), this vulnerability is low attack complexity. No vendor patch available.

Buffer Overflow Apq8076 Firmware Apq8084 Firmware Apq8092 Firmware Apq8094 Firmware +263
NVD
CVSS 3.1
7.8
EPSS
0.1%
CVE-2023-28559 HIGH This Week

Memory corruption in WLAN FW while processing command parameters from untrusted WMI payload. Rated high severity (CVSS 7.8), this vulnerability is low attack complexity. No vendor patch available.

Buffer Overflow Aqt1000 Firmware Ar8031 Firmware Ar9380 Firmware Csr8811 Firmware +207
NVD
CVSS 3.1
7.8
EPSS
0.1%
CVE-2023-28558 HIGH This Week

Memory corruption in WLAN handler while processing PhyID in Tx status handler. Rated high severity (CVSS 7.8), this vulnerability is low attack complexity. No vendor patch available.

Buffer Overflow 315 5g Iot Modem Firmware Aqt1000 Firmware Ar8031 Firmware Ar8035 Firmware +191
NVD
CVSS 3.1
7.8
EPSS
0.1%
CVE-2023-28557 HIGH This Week

Memory corruption in WLAN HAL while processing command parameters from untrusted WMI payload. Rated high severity (CVSS 7.8), this vulnerability is low attack complexity. No vendor patch available.

Buffer Overflow 315 5g Iot Modem Firmware Aqt1000 Firmware Ar8031 Firmware Ar8035 Firmware +269
NVD
CVSS 3.1
7.8
EPSS
0.1%
CVE-2023-28549 HIGH This Week

Memory corruption in WLAN HAL while parsing Rx buffer in processing TLV payload. Rated high severity (CVSS 7.8), this vulnerability is low attack complexity. No vendor patch available.

Buffer Overflow 315 5g Iot Modem Firmware Aqt1000 Firmware Ar8035 Firmware Ar9380 Firmware +216
NVD
CVSS 3.1
7.8
EPSS
0.1%
CVE-2023-28548 HIGH PATCH This Week

Memory corruption in WLAN HAL while processing Tx/Rx commands from QDART. Rated high severity (CVSS 7.8), this vulnerability is low attack complexity.

Buffer Overflow Aqt1000 Firmware Ar8035 Firmware Ar9380 Firmware Csr8811 Firmware +175
NVD
CVSS 3.1
7.8
EPSS
0.1%
CVE-2023-28544 HIGH This Week

Memory corruption in WLAN while sending transmit command from HLOS to UTF handlers. Rated high severity (CVSS 7.8), this vulnerability is low attack complexity. No vendor patch available.

Buffer Overflow Aqt1000 Firmware Ar9380 Firmware Csr8811 Firmware Csra6620 Firmware +201
NVD
CVSS 3.1
7.8
EPSS
0.1%
CVE-2023-28538 HIGH This Week

Memory corruption in WIN Product while invoking WinAcpi update driver in the UEFI region. Rated high severity (CVSS 7.8), this vulnerability is low attack complexity. No vendor patch available.

Stack Overflow Buffer Overflow Aqt1000 Firmware Csra6620 Firmware Csra6640 Firmware +127
NVD
CVSS 3.1
7.8
EPSS
0.1%
CVE-2023-21664 HIGH This Week

Memory Corruption in Core Platform while printing the response buffer in log. Rated high severity (CVSS 7.8), this vulnerability is low attack complexity. No vendor patch available.

Buffer Overflow Aqt1000 Firmware Ar8035 Firmware Fsm10056 Firmware Ipq5010 Firmware +133
NVD
CVSS 3.1
7.8
EPSS
0.1%
CVE-2023-21663 HIGH PATCH This Week

Memory Corruption while accessing metadata in Display. Rated high severity (CVSS 7.8), this vulnerability is low attack complexity. This Buffer Overflow vulnerability could allow attackers to corrupt memory to execute arbitrary code or crash the application.

Buffer Overflow Aqt1000 Firmware Qca6420 Firmware Qca6430 Firmware Qca6574au Firmware +34
NVD
CVSS 3.1
7.8
EPSS
0.1%
CVE-2023-21662 HIGH This Week

Memory corruption in Core Platform while printing the response buffer in log. Rated high severity (CVSS 7.8), this vulnerability is low attack complexity. No vendor patch available.

Buffer Overflow Aqt1000 Firmware Ar8035 Firmware Fsm10056 Firmware Ipq5010 Firmware +132
NVD
CVSS 3.1
7.8
EPSS
0.1%
CVE-2023-21655 HIGH PATCH This Week

Memory corruption in Audio while validating and mapping metadata. Rated high severity (CVSS 7.8), this vulnerability is low attack complexity. This Integer Overflow vulnerability could allow attackers to cause unexpected behavior through arithmetic overflow.

Integer Overflow Buffer Overflow Qca6391 Firmware Qca6574au Firmware Qca6696 Firmware +28
NVD
CVSS 3.1
7.8
EPSS
0.1%
CVE-2023-21654 HIGH PATCH This Week

Memory corruption in Audio during playback session with audio effects enabled. Rated high severity (CVSS 7.8), this vulnerability is low attack complexity. This Buffer Overflow vulnerability could allow attackers to corrupt memory to execute arbitrary code or crash the application.

Buffer Overflow Apq8096Au Firmware Aqt1000 Firmware Mdm9150 Firmware Mdm9628 Firmware +52
NVD
CVSS 3.1
7.8
EPSS
0.1%
CVE-2023-21644 HIGH This Week

Memory corruption in RIL due to Integer Overflow while triggering qcril_uim_request_apdu request. Rated high severity (CVSS 7.8), this vulnerability is low attack complexity. No vendor patch available.

Buffer Overflow Aqt1000 Firmware Qca6390 Firmware Qca6391 Firmware Qca6420 Firmware +47
NVD
CVSS 3.1
7.8
EPSS
0.1%
CVE-2023-21636 HIGH This Week

Memory Corruption due to improper validation of array index in Linux while updating adn record. Rated high severity (CVSS 7.8), this vulnerability is low attack complexity. No vendor patch available.

Buffer Overflow Aqt1000 Firmware Qca6390 Firmware Qca6391 Firmware Qca6420 Firmware +47
NVD
CVSS 3.1
7.8
EPSS
0.1%
CVE-2023-4540 HIGH PATCH This Week

Improper Handling of Exceptional Conditions vulnerability in Daurnimator lua-http library allows Excessive Allocation and a denial of service (DoS) attack to be executed by sending a properly crafted. Rated high severity (CVSS 7.5), this vulnerability is remotely exploitable, no authentication required, low attack complexity.

Denial Of Service Lua Http
NVD GitHub
CVSS 3.1
7.5
EPSS
0.9%
CVE-2023-41909 HIGH PATCH This Week

An issue was discovered in FRRouting FRR through 9.0. Rated high severity (CVSS 7.5), this vulnerability is remotely exploitable, no authentication required, low attack complexity. This NULL Pointer Dereference vulnerability could allow attackers to crash the application by dereferencing a null pointer.

Denial Of Service Null Pointer Dereference Frrouting Debian Linux Fedora
NVD GitHub
CVSS 3.1
7.5
EPSS
0.9%
CVE-2023-33020 HIGH PATCH This Week

Transient DOS in WLAN Host when an invalid channel (like channel out of range) is received in STA during CSA IE. Rated high severity (CVSS 7.5), this vulnerability is remotely exploitable, no authentication required, low attack complexity.

Authentication Bypass 9206 Lte Firmware Apq8017 Firmware Apq8052 Firmware Apq8056 Firmware +78
NVD
CVSS 3.1
7.5
EPSS
0.3%
CVE-2023-33019 HIGH PATCH This Week

Transient DOS in WLAN Host while doing channel switch announcement (CSA), when a mobile station receives invalid channel in CSA IE. Rated high severity (CVSS 7.5), this vulnerability is remotely exploitable, no authentication required, low attack complexity.

Authentication Bypass 9206 Lte Firmware Apq8017 Firmware Apq8052 Firmware Apq8056 Firmware +78
NVD
CVSS 3.1
7.5
EPSS
0.3%
CVE-2023-33016 HIGH This Week

Transient DOS in WLAN firmware while parsing MLO (multi-link operation). Rated high severity (CVSS 7.5), this vulnerability is remotely exploitable, no authentication required, low attack complexity. No vendor patch available.

Buffer Overflow Csr8811 Firmware Fastconnect 6900 Firmware Fastconnect 7800 Firmware Immersive Home 214 Firmware +62
NVD
CVSS 3.1
7.5
EPSS
0.3%
CVE-2023-33015 HIGH This Week

Transient DOS in WLAN Firmware while interpreting MBSSID IE of a received beacon frame. Rated high severity (CVSS 7.5), this vulnerability is remotely exploitable, no authentication required, low attack complexity. No vendor patch available.

Buffer Overflow 315 5G Firmware Aqt1000 Firmware Ar8035 Firmware Ar9380 Firmware +186
NVD
CVSS 3.1
7.5
EPSS
0.3%
CVE-2023-28584 HIGH PATCH This Week

Transient DOS in WLAN Host when a mobile station receives invalid channel in CSA IE while doing channel switch announcement (CSA). Rated high severity (CVSS 7.5), this vulnerability is remotely exploitable, no authentication required, low attack complexity.

Authentication Bypass Aqt1000 Firmware Csrb31024 Firmware Fastconnect 6200 Firmware Fastconnect 6700 Firmware +66
NVD
CVSS 3.1
7.5
EPSS
0.3%
CVE-2023-21653 HIGH This Week

Transient DOS in Modem while processing RRC reconfiguration message. Rated high severity (CVSS 7.5), this vulnerability is remotely exploitable, no authentication required, low attack complexity. No vendor patch available.

Information Disclosure Ar8035 Firmware Qca8081 Firmware Qca8337 Firmware Qcn6024 Firmware +6
NVD
CVSS 3.1
7.5
EPSS
0.3%
CVE-2023-21646 HIGH This Week

Transient DOS in Modem while processing invalid System Information Block 1. Rated high severity (CVSS 7.5), this vulnerability is remotely exploitable, no authentication required, low attack complexity. No vendor patch available.

Information Disclosure Ar8035 Firmware Qca6390 Firmware Qca6391 Firmware Qca6574a Firmware +50
NVD
CVSS 3.1
7.5
EPSS
0.3%
CVE-2023-35906 HIGH PATCH This Week

IBM Aspera Faspex 5.0.5 could allow a remote attacked to bypass IP restrictions due to improper access controls. Rated high severity (CVSS 7.5), this vulnerability is remotely exploitable, no authentication required, low attack complexity.

Authentication Bypass IBM Aspera Faspex
NVD
CVSS 3.1
7.5
EPSS
0.3%
CVE-2023-3375 HIGH This Week

Unrestricted Upload of File with Dangerous Type vulnerability in Unisign Bookreen allows OS Command Injection.0.0. Rated high severity (CVSS 7.2), this vulnerability is remotely exploitable, low attack complexity. No vendor patch available.

File Upload Command Injection
NVD VulDB
CVSS 3.1
7.2
EPSS
0.1%
CVE-2023-4764 MEDIUM This Month

Incorrect security UI in BFCache in Google Chrome prior to 116.0.5845.179 allowed a remote attacker to spoof the contents of the Omnibox (URL bar) via a crafted HTML page. Rated medium severity (CVSS 6.5), this vulnerability is remotely exploitable, no authentication required, low attack complexity. No vendor patch available.

Information Disclosure Google Chrome Debian Linux
NVD
CVSS 3.1
6.5
EPSS
1.0%
CVE-2023-21667 MEDIUM PATCH This Month

Transient DOS in Bluetooth HOST while passing descriptor to validate the blacklisted BT keyboard. Rated medium severity (CVSS 6.5), this vulnerability is no authentication required, low attack complexity.

Buffer Overflow Qca6390 Firmware Qca6391 Firmware Qca6426 Firmware Qca6436 Firmware +39
NVD
CVSS 3.1
6.5
EPSS
0.3%
CVE-2023-36492 MEDIUM PATCH This Month

Reflected cross-site scripting vulnerability in SHIRASAGI prior to v1.18.0 allows a remote unauthenticated attacker to execute an arbitrary script on the web browser of the user who is logging in to. Rated medium severity (CVSS 6.1), this vulnerability is remotely exploitable, no authentication required, low attack complexity. This Cross-Site Scripting (XSS) vulnerability could allow attackers to inject malicious scripts into web pages viewed by other users.

XSS Shirasagi
NVD
CVSS 3.1
6.1
EPSS
0.4%
CVE-2023-39938 MEDIUM This Month

Reflected cross-site scripting vulnerability in VI Web Client prior to 7.9.6 allows a remote unauthenticated attacker to inject an arbitrary script. Rated medium severity (CVSS 6.1), this vulnerability is remotely exploitable, no authentication required, low attack complexity. No vendor patch available.

XSS Video Insight
NVD
CVSS 3.1
6.1
EPSS
0.4%
Prev Page 2 of 3 Next

This site uses cookies essential for authentication and security. No tracking or analytics cookies are used. Privacy Policy