Skip to main content
CVE-2023-46603 HIGH POC This Week

In International Color Consortium DemoIccMAX 79ecb74, there is an out-of-bounds read in the CIccPRMG::GetChroma function in IccProfLib/IccPrmg.cpp in libSampleICC.a. Rated high severity (CVSS 8.8), this vulnerability is remotely exploitable, no authentication required, low attack complexity. Public exploit code available and no vendor patch available.

Buffer Overflow Information Disclosure Demoiccmax
NVD GitHub
CVSS 3.1
8.8
EPSS
0.5%
CVE-2023-46602 HIGH POC This Week

In International Color Consortium DemoIccMAX 79ecb74, there is a stack-based buffer overflow in the icFixXml function in IccXML/IccLibXML/IccUtilXml.cpp in libIccXML.a. Rated high severity (CVSS 8.8), this vulnerability is remotely exploitable, no authentication required, low attack complexity. Public exploit code available and no vendor patch available.

Memory Corruption Buffer Overflow Demoiccmax
NVD GitHub
CVSS 3.1
8.8
EPSS
0.5%
CVE-2023-42295 HIGH POC This Week

An issue in OpenImageIO oiio v.2.4.12.0 allows a remote attacker to execute arbitrary code and cause a denial of service via the read_rle_image function of file bifs/unquantize.c. Rated high severity (CVSS 8.8), this vulnerability is remotely exploitable, no authentication required, low attack complexity. Public exploit code available and no vendor patch available.

Integer Overflow RCE Denial Of Service Openimageio
NVD GitHub
CVSS 3.1
8.8
EPSS
0.9%
CVE-2023-45966 HIGH POC This Week

umputun remark42 version 1.12.1 and before has a Blind Server-Side Request Forgery (SSRF) vulnerability. Rated high severity (CVSS 7.5), this vulnerability is remotely exploitable, no authentication required, low attack complexity. Public exploit code available and no vendor patch available.

SSRF Remark42
NVD GitHub
CVSS 3.1
7.5
EPSS
0.6%
CVE-2023-46122 HIGH POC PATCH This Week

sbt is a build tool for Scala, Java, and others. Rated high severity (CVSS 7.1), this vulnerability is no authentication required, low attack complexity. Public exploit code available.

Path Traversal Io Sbt
NVD GitHub
CVSS 3.1
7.1
EPSS
0.3%
CVE-2023-33839 HIGH PATCH This Week

IBM Security Verify Governance 10.0 could allow a remote authenticated attacker to execute arbitrary commands on the system by sending a specially crafted request. Rated high severity (CVSS 8.8), this vulnerability is remotely exploitable, low attack complexity. This OS Command Injection vulnerability could allow attackers to execute arbitrary operating system commands on the host.

Command Injection IBM Security Verify Governance
NVD
CVSS 3.1
8.8
EPSS
1.1%
CVE-2023-5246 HIGH This Week

Authentication Bypass by Capture-replay in SICK Flexi Soft Gateways with Partnumbers 1044073, 1127717, 1130282, 1044074, 1121597, 1099832, 1051432, 1127487, 1069070, 1112296, 1044072, 1121596,. Rated high severity (CVSS 8.8), this vulnerability is remotely exploitable, no authentication required, low attack complexity. No vendor patch available.

Authentication Bypass Fx0 Gent00000 Firmware Fx0 Gent00010 Firmware Fx0 Gent00030 Firmware Fx0 Get00000 Firmware +9
NVD
CVSS 3.1
8.8
EPSS
0.8%
CVE-2023-5633 HIGH PATCH This Week

The reference count changes made as part of the CVE-2023-33951 and CVE-2023-33952 fixes exposed a use-after-free flaw in the way memory objects were handled when they were being used to store a. Rated high severity (CVSS 7.8), this vulnerability is low attack complexity.

Privilege Escalation VMware Linux Kernel Codeready Linux Builder Codeready Linux Builder Eus +19
NVD
CVSS 3.1
7.8
EPSS
0.3%
CVE-2023-43066 HIGH This Week

Dell Unity prior to 5.3 contains a Restricted Shell Bypass vulnerability. Rated high severity (CVSS 7.8), this vulnerability is low attack complexity. No vendor patch available.

Command Injection Dell Unity Operating Environment Unity Xt Operating Environment Unityvsa Operating Environment
NVD
CVSS 3.1
7.8
EPSS
0.2%
CVE-2023-28796 HIGH This Week

Improper Verification of Cryptographic Signature vulnerability in Zscaler Client Connector on Linux allows Code Injection.3.1.6. Rated high severity (CVSS 7.8), this vulnerability is low attack complexity. No vendor patch available.

RCE Code Injection Client Connector
NVD
CVSS 3.1
7.8
EPSS
0.2%
CVE-2023-28795 HIGH This Week

Origin Validation Error vulnerability in Zscaler Client Connector on Linux allows Inclusion of Code in Existing Process.3.1.6. Rated high severity (CVSS 7.8), this vulnerability is low attack complexity. No vendor patch available.

Information Disclosure Client Connector
NVD
CVSS 3.1
7.8
EPSS
0.1%
CVE-2023-28793 HIGH This Week

Buffer overflow vulnerability in the signelf library used by Zscaler Client Connector on Linux allows Code Injection.3.1.6. Rated high severity (CVSS 7.8), this vulnerability is low attack complexity. No vendor patch available.

Buffer Overflow RCE Code Injection Client Connector
NVD
CVSS 3.1
7.8
EPSS
0.3%
CVE-2023-33517 HIGH This Week

carRental 1.0 is vulnerable to Incorrect Access Control (Arbitrary File Read on the Back-end System). Rated high severity (CVSS 7.5), this vulnerability is remotely exploitable, no authentication required, low attack complexity. No vendor patch available.

Path Traversal Information Disclosure Carrental
NVD GitHub
CVSS 3.1
7.5
EPSS
0.7%
CVE-2023-33837 HIGH PATCH This Week

IBM Security Verify Governance 10.0 does not encrypt sensitive or critical information before storage or transmission. Rated high severity (CVSS 7.5), this vulnerability is remotely exploitable, no authentication required, low attack complexity.

Information Disclosure IBM Security Verify Governance
NVD
CVSS 3.1
7.5
EPSS
0.3%
CVE-2023-43045 HIGH PATCH This Week

IBM Sterling Partner Engagement Manager 6.1.2, 6.2.0, and 6.2.2 could allow a remote user to perform unauthorized actions due to improper authentication. Rated high severity (CVSS 7.5), this vulnerability is remotely exploitable, no authentication required, low attack complexity.

Authentication Bypass IBM Sterling Partner Engagement Manager
NVD
CVSS 3.1
7.5
EPSS
0.7%
CVE-2023-43074 HIGH This Week

Dell Unity 5.3 contain(s) an Arbitrary File Creation vulnerability. Rated high severity (CVSS 7.5), this vulnerability is remotely exploitable, no authentication required, low attack complexity. No vendor patch available.

Information Disclosure Dell Unity Operating Environment Unity Xt Operating Environment Unityvsa Operating Environment
NVD
CVSS 3.1
7.5
EPSS
0.5%
CVE-2023-43622 HIGH This Week

An attacker, opening a HTTP/2 connection with an initial window size of 0, was able to block handling of that connection indefinitely in Apache HTTP Server. Rated high severity (CVSS 7.5), this vulnerability is remotely exploitable, no authentication required, low attack complexity. No vendor patch available.

Apache Denial Of Service Http Server
NVD
CVSS 3.1
7.5
EPSS
70.6%
CVE-2023-31122 HIGH This Week

Out-of-bounds Read vulnerability in mod_macro of Apache HTTP Server.4.57. Rated high severity (CVSS 7.5), this vulnerability is remotely exploitable, no authentication required, low attack complexity. No vendor patch available.

Buffer Overflow Information Disclosure Apache Debian Linux Http Server +1
NVD
CVSS 3.1
7.5
EPSS
3.0%
CVE-2023-46324 HIGH PATCH This Week

pkg/suci/suci.go in free5GC udm before 1.2.0, when Go before 1.19 is used, allows an Invalid Curve Attack because it may compute a shared secret via an uncompressed public key that has not been. Rated high severity (CVSS 7.5), this vulnerability is remotely exploitable, no authentication required, low attack complexity.

Information Disclosure Jwt Attack Udm
NVD GitHub
CVSS 3.1
7.5
EPSS
0.4%
CVE-2023-46319 HIGH This Week

WALLIX Bastion 9.x before 9.0.9 and 10.x before 10.0.5 allows unauthenticated access to sensitive information by bypassing access control on a network access administration web interface. Rated high severity (CVSS 7.5), this vulnerability is remotely exploitable, no authentication required, low attack complexity. No vendor patch available.

Information Disclosure Bastion
NVD
CVSS 3.1
7.5
EPSS
0.5%
CVE-2023-28797 HIGH This Week

Zscaler Client Connector for Windows before 4.1 writes/deletes a configuration file inside specific folders on the disk. Rated high severity (CVSS 7.3), this vulnerability is low attack complexity. No vendor patch available.

Information Disclosure Microsoft Client Connector
NVD
CVSS 3.1
7.3
EPSS
0.2%

This site uses cookies essential for authentication and security. No tracking or analytics cookies are used. Privacy Policy