Skip to main content
CVE-2023-40061 HIGH This Week

Insecure job execution mechanism vulnerability. Rated high severity (CVSS 8.8), this vulnerability is no authentication required, low attack complexity. No vendor patch available.

Information Disclosure Solarwinds Platform
NVD
CVSS 3.1
8.8
EPSS
0.4%
CVE-2023-33227 HIGH This Week

The Network Configuration Manager was susceptible to a Directory Traversal Remote Code Execution Vulnerability This vulnerability allows a low level user to perform the actions with SYSTEM privileges. Rated high severity (CVSS 8.8), this vulnerability is remotely exploitable, low attack complexity. No vendor patch available.

RCE Path Traversal Network Configuration Manager
NVD
CVSS 3.1
8.8
EPSS
1.8%
CVE-2023-33226 HIGH This Week

The Network Configuration Manager was susceptible to a Directory Traversal Remote Code Execution Vulnerability. Rated high severity (CVSS 8.8), this vulnerability is remotely exploitable, low attack complexity. No vendor patch available.

RCE Path Traversal Network Configuration Manager
NVD
CVSS 3.1
8.8
EPSS
1.8%
CVE-2023-4197 HIGH PATCH This Week

Improper input validation in Dolibarr ERP CRM <= v18.0.1 fails to strip certain PHP code from user-supplied input when creating a Website, allowing an attacker to inject and evaluate arbitrary PHP. Rated high severity (CVSS 8.8), this vulnerability is remotely exploitable, low attack complexity.

RCE PHP Dolibarr Erp Crm
NVD GitHub
CVSS 3.1
8.8
EPSS
32.8%
CVE-2023-47098 MEDIUM POC This Month

A Stored Cross-Site Scripting (XSS) vulnerability in the Manage Extra Admins under Administration Options in Virtualmin 7.7 allows remote attackers to inject arbitrary web script or HTML via the real. Rated medium severity (CVSS 4.8), this vulnerability is remotely exploitable, low attack complexity. Public exploit code available and no vendor patch available.

XSS Virtualmin
NVD GitHub
CVSS 3.1
4.8
EPSS
0.5%
CVE-2023-20095 HIGH This Week

A vulnerability in the remote access VPN feature of Cisco Adaptive Security Appliance (ASA) Software and Cisco Firepower Threat Defense (FTD) Software could allow an unauthenticated, remote attacker. Rated high severity (CVSS 8.6), this vulnerability is remotely exploitable, no authentication required, low attack complexity. No vendor patch available.

Cisco Denial Of Service Adaptive Security Appliance Software Firepower Threat Defense
NVD
CVSS 3.1
8.6
EPSS
0.6%
CVE-2023-20083 HIGH This Week

A vulnerability in ICMPv6 inspection when configured with the Snort 2 detection engine for Cisco Firepower Threat Defense (FTD) Software could allow an unauthenticated, remote attacker to cause the. Rated high severity (CVSS 8.6), this vulnerability is remotely exploitable, no authentication required, low attack complexity. No vendor patch available.

Cisco Denial Of Service Firepower Threat Defense
NVD
CVSS 3.1
8.6
EPSS
0.7%
CVE-2023-20042 HIGH This Week

A vulnerability in the AnyConnect SSL VPN feature of Cisco Adaptive Security Appliance (ASA) Software and Cisco Firepower Threat Defense (FTD) Software could allow an unauthenticated, remote attacker. Rated high severity (CVSS 8.6), this vulnerability is remotely exploitable, no authentication required, low attack complexity. No vendor patch available.

Cisco Denial Of Service Firepower Threat Defense Adaptive Security Appliance Software
NVD
CVSS 3.1
8.6
EPSS
0.7%
CVE-2023-20244 HIGH This Week

A vulnerability in the internal packet processing of Cisco Firepower Threat Defense (FTD) Software for Cisco Firepower 2100 Series Firewalls could allow an unauthenticated, remote attacker to cause a. Rated high severity (CVSS 8.6), this vulnerability is remotely exploitable, no authentication required, low attack complexity. No vendor patch available.

Cisco Denial Of Service Firepower Threat Defense
NVD
CVSS 3.1
8.6
EPSS
0.8%
CVE-2023-20086 HIGH This Week

A vulnerability in ICMPv6 processing of Cisco Adaptive Security Appliance (ASA) Software and Cisco Firepower Threat Defense (FTD) Software could allow an unauthenticated, remote attacker to cause a. Rated high severity (CVSS 8.6), this vulnerability is remotely exploitable, no authentication required, low attack complexity. No vendor patch available.

Cisco Denial Of Service Adaptive Security Appliance Software Firepower Threat Defense
NVD
CVSS 3.1
8.6
EPSS
0.7%
CVE-2023-20063 HIGH This Week

A vulnerability in the inter-device communication mechanisms between devices that are running Cisco Firepower Threat Defense (FTD) Software and devices that are running Cisco Firepower Management. Rated high severity (CVSS 8.2), this vulnerability is low attack complexity. No vendor patch available.

RCE Cisco Code Injection Firepower Threat Defense Secure Firewall Management Center
NVD
CVSS 3.1
8.2
EPSS
0.2%
CVE-2023-3972 HIGH PATCH This Week

A vulnerability was found in insights-client. Rated high severity (CVSS 7.8), this vulnerability is low attack complexity.

Privilege Escalation RCE Insights Client Enterprise Linux Enterprise Linux Aus +16
NVD GitHub
CVSS 3.1
7.8
EPSS
0.3%
CVE-2023-46724 HIGH PATCH This Week

Squid is a caching proxy for the Web. Rated high severity (CVSS 7.5), this vulnerability is remotely exploitable, no authentication required, low attack complexity. This Out-of-bounds Read vulnerability could allow attackers to read data from memory outside the intended buffer boundaries.

OpenSSL Buffer Overflow Information Disclosure Denial Of Service Squid
NVD GitHub
CVSS 3.1
7.5
EPSS
4.0%
CVE-2023-5627 HIGH This Week

A vulnerability has been identified in NPort 6000 Series, making the authentication mechanism vulnerable. Rated high severity (CVSS 7.5), this vulnerability is remotely exploitable, no authentication required, low attack complexity. No vendor patch available.

Authentication Bypass Nport 6150 T Firmware Nport 6150 Firmware Nport 6250 M Sc T Firmware Nport 6250 M Sc Firmware +23
NVD
CVSS 3.1
7.5
EPSS
0.3%
CVE-2023-4452 HIGH This Week

A vulnerability has been identified in the EDR-810, EDR-G902, and EDR-G903 Series, making them vulnerable to the denial-of-service vulnerability. Rated high severity (CVSS 7.5), this vulnerability is remotely exploitable, no authentication required, low attack complexity. No vendor patch available.

Buffer Overflow Edr G903 Firmware Edr G903 T Firmware Edr G902 Firmware Edr G902 T Firmware +4
NVD
CVSS 3.1
7.5
EPSS
0.4%
CVE-2023-5625 HIGH PATCH This Week

A regression was introduced in the Red Hat build of python-eventlet due to a change in the patch application strategy, resulting in a patch for CVE-2021-21419 not being applied for all builds of all. Rated high severity (CVSS 7.5), this vulnerability is remotely exploitable, no authentication required, low attack complexity. This Allocation of Resources Without Limits vulnerability could allow attackers to exhaust system resources through uncontrolled allocation.

Red Hat Python Denial Of Service Openshift Container Platform For Arm64 Openshift Container Platform For Linuxone +3
NVD
CVSS 3.1
7.5
EPSS
0.8%
CVE-2023-5847 HIGH This Week

Under certain conditions, a low privileged attacker could load a specially crafted file during installation or upgrade to escalate privileges on Windows and Linux hosts. Rated high severity (CVSS 7.3), this vulnerability is low attack complexity. No vendor patch available.

Privilege Escalation Microsoft Nessus Nessus Agent
NVD
CVSS 3.1
7.3
EPSS
0.2%
CVE-2023-20196 HIGH This Week

Two vulnerabilities in Cisco ISE could allow an authenticated, remote attacker to upload arbitrary files to an affected device. Rated high severity (CVSS 7.2), this vulnerability is remotely exploitable, low attack complexity. No vendor patch available.

RCE File Upload Cisco Identity Services Engine
NVD
CVSS 3.1
7.2
EPSS
0.6%
CVE-2023-20195 HIGH This Week

Two vulnerabilities in Cisco ISE could allow an authenticated, remote attacker to upload arbitrary files to an affected device. Rated high severity (CVSS 7.2), this vulnerability is remotely exploitable, low attack complexity. No vendor patch available.

RCE File Upload Cisco Identity Services Engine
NVD
CVSS 3.1
7.2
EPSS
0.6%
CVE-2023-20170 MEDIUM This Month

A vulnerability in a specific Cisco ISE CLI command could allow an authenticated, local attacker to perform command injection attacks on the underlying operating system and elevate privileges to. Rated medium severity (CVSS 6.7), this vulnerability is low attack complexity. No vendor patch available.

Cisco Command Injection Identity Services Engine
NVD
CVSS 3.1
6.7
EPSS
0.5%
CVE-2023-42655 MEDIUM This Month

In sim service, there is a possible way to write permission usage records of an app due to a missing permission check. Rated medium severity (CVSS 6.7), this vulnerability is low attack complexity. No vendor patch available.

Privilege Escalation Authentication Bypass Android
NVD
CVSS 3.1
6.7
EPSS
0.1%
CVE-2023-1193 MEDIUM PATCH This Month

A use-after-free flaw was found in setup_async_work in the KSMBD implementation of the in-kernel samba server and CIFS in the Linux kernel. Rated medium severity (CVSS 6.5), this vulnerability is remotely exploitable, low attack complexity. This Use After Free vulnerability could allow attackers to access freed memory to execute arbitrary code or crash the application.

Use After Free Denial Of Service Linux Memory Corruption Linux Kernel
NVD
CVSS 3.1
6.5
EPSS
1.0%
CVE-2023-1192 MEDIUM This Month

A use-after-free flaw was found in smb2_is_status_io_timeout() in CIFS in the Linux Kernel. Rated medium severity (CVSS 6.5), this vulnerability is remotely exploitable, low attack complexity. No vendor patch available.

Use After Free Denial Of Service Linux Memory Corruption Linux Kernel +1
NVD
CVSS 3.1
6.5
EPSS
1.1%
CVE-2023-20155 MEDIUM This Month

A vulnerability in a logging API in Cisco Firepower Management Center (FMC) Software could allow an unauthenticated, remote attacker to cause the device to become unresponsive or trigger an. Rated medium severity (CVSS 6.5), this vulnerability is remotely exploitable, low attack complexity. No vendor patch available.

Cisco Denial Of Service Secure Firewall Management Center
NVD
CVSS 3.1
6.5
EPSS
0.7%
CVE-2023-20114 MEDIUM This Month

A vulnerability in the file download feature of Cisco Firepower Management Center (FMC) Software could allow an authenticated, remote attacker to download arbitrary files from an affected system. Rated medium severity (CVSS 6.5), this vulnerability is remotely exploitable, low attack complexity. No vendor patch available.

Cisco Information Disclosure Secure Firewall Management Center
NVD
CVSS 3.1
6.5
EPSS
0.5%
CVE-2023-2621 MEDIUM This Month

The McFeeder server (distributed as part of SSW package), is susceptible to an arbitrary file write vulnerability on the MAIN computer system. Rated medium severity (CVSS 6.5), this vulnerability is remotely exploitable, low attack complexity. No vendor patch available.

Path Traversal Modular Advanced Control For Hvdc
NVD
CVSS 3.1
6.5
EPSS
0.5%
CVE-2023-46278 MEDIUM This Month

Uncontrolled resource consumption vulnerability in Cybozu Remote Service 4.1.0 to 4.1.1 allows a remote authenticated attacker to consume huge storage space or cause significantly delayed. Rated medium severity (CVSS 6.5), this vulnerability is remotely exploitable, low attack complexity. No vendor patch available.

Denial Of Service Cybozu Remote Service
NVD
CVSS 3.1
6.5
EPSS
0.6%
CVE-2023-3397 MEDIUM PATCH This Month

A race condition occurred between the functions lmLogClose and txEnd in JFS, in the Linux Kernel, executed in different threads. Rated medium severity (CVSS 6.3). This Use After Free vulnerability could allow attackers to access freed memory to execute arbitrary code or crash the application.

Use After Free Denial Of Service Linux Memory Corruption Linux Kernel
NVD
CVSS 3.1
6.3
EPSS
0.2%
CVE-2023-5480 MEDIUM This Month

Inappropriate implementation in Payments in Google Chrome prior to 119.0.6045.105 allowed a remote attacker to bypass XSS preventions via a malicious file. Rated medium severity (CVSS 6.1), this vulnerability is remotely exploitable, no authentication required, low attack complexity. No vendor patch available.

Google XSS Chrome Debian Linux Fedora
NVD
CVSS 3.1
6.1
EPSS
1.1%
CVE-2023-20264 MEDIUM This Month

A vulnerability in the implementation of Security Assertion Markup Language (SAML) 2.0 single sign-on (SSO) for remote access VPN in Cisco Adaptive Security Appliance (ASA) Software and Cisco. Rated medium severity (CVSS 6.1), this vulnerability is remotely exploitable, no authentication required, low attack complexity. No vendor patch available.

Cisco Open Redirect Adaptive Security Appliance Software Firepower Threat Defense
NVD
CVSS 3.1
6.1
EPSS
0.4%
CVE-2023-20206 MEDIUM This Month

Multiple vulnerabilities in the web-based management interface of Cisco Firepower Management Center (FMC) Software could allow an unauthenticated, remote attacker to conduct a stored cross-site. Rated medium severity (CVSS 6.1), this vulnerability is remotely exploitable, no authentication required, low attack complexity. No vendor patch available.

Cisco XSS Secure Firewall Management Center
NVD
CVSS 3.1
6.1
EPSS
0.4%
CVE-2023-20074 MEDIUM This Month

Multiple vulnerabilities in the web-based management interface of Cisco Firepower Management Center (FMC) Software could allow an unauthenticated, remote attacker to conduct a stored cross-site. Rated medium severity (CVSS 6.1), this vulnerability is remotely exploitable, no authentication required, low attack complexity. No vendor patch available.

Cisco XSS Secure Firewall Management Center
NVD
CVSS 3.1
6.1
EPSS
0.4%
CVE-2023-20041 MEDIUM This Month

Multiple vulnerabilities in the web-based management interface of Cisco Firepower Management Center (FMC) Software could allow an unauthenticated, remote attacker to conduct a stored cross-site. Rated medium severity (CVSS 6.1), this vulnerability is remotely exploitable, no authentication required, low attack complexity. No vendor patch available.

Cisco XSS Secure Firewall Management Center
NVD
CVSS 3.1
6.1
EPSS
0.4%
CVE-2023-20005 MEDIUM This Month

Multiple vulnerabilities in the web-based management interface of Cisco Firepower Management Center (FMC) Software could allow an unauthenticated, remote attacker to conduct a stored cross-site. Rated medium severity (CVSS 6.1), this vulnerability is remotely exploitable, no authentication required, low attack complexity. No vendor patch available.

Cisco XSS Secure Firewall Management Center
NVD
CVSS 3.1
6.1
EPSS
0.4%
CVE-2023-20071 MEDIUM This Month

Multiple Cisco products are affected by a vulnerability in the Snort detection engine that could allow an unauthenticated, remote attacker to bypass the configured policies on an affected system. Rated medium severity (CVSS 5.8), this vulnerability is remotely exploitable, no authentication required, low attack complexity. No vendor patch available.

Cisco Authentication Bypass Firepower Threat Defense Cyber Vision Unified Threat Defense +1
NVD
CVSS 3.1
5.8
EPSS
0.5%
CVE-2023-20270 MEDIUM This Month

A vulnerability in the interaction between the Server Message Block (SMB) protocol preprocessor and the Snort 3 detection engine for Cisco Firepower Threat Defense (FTD) Software could allow an. Rated medium severity (CVSS 5.8), this vulnerability is remotely exploitable, no authentication required, low attack complexity. No vendor patch available.

Cisco Denial Of Service Firepower Threat Defense
NVD
CVSS 3.1
5.8
EPSS
0.7%
CVE-2023-20256 MEDIUM This Month

Multiple vulnerabilities in the per-user-override feature of Cisco Adaptive Security Appliance (ASA) Software and Cisco Firepower Threat Defense (FTD) Software could allow an unauthenticated, remote. Rated medium severity (CVSS 5.8), this vulnerability is remotely exploitable, no authentication required, low attack complexity. No vendor patch available.

Cisco Authentication Bypass Adaptive Security Appliance Software Firepower Threat Defense
NVD
CVSS 3.1
5.8
EPSS
0.6%
CVE-2023-20245 MEDIUM This Month

Multiple vulnerabilities in the per-user-override feature of Cisco Adaptive Security Appliance (ASA) Software and Cisco Firepower Threat Defense (FTD) Software could allow an unauthenticated, remote. Rated medium severity (CVSS 5.8), this vulnerability is remotely exploitable, no authentication required, low attack complexity. No vendor patch available.

Cisco Authentication Bypass Adaptive Security Appliance Software Firepower Threat Defense
NVD
CVSS 3.1
5.8
EPSS
0.5%
CVE-2023-46928 MEDIUM PATCH This Month

GPAC 2.3-DEV-rev605-gfc9e29089-master contains a SEGV in gpac/MP4Box in gf_media_change_pl /afltest/gpac/src/media_tools/isom_tools.c:3293:42. Rated medium severity (CVSS 5.5), this vulnerability is no authentication required, low attack complexity. This Out-of-bounds Write vulnerability could allow attackers to write data beyond allocated buffer boundaries leading to code execution or crashes.

Memory Corruption Buffer Overflow Gpac
NVD GitHub
CVSS 3.1
5.5
EPSS
0.2%
CVE-2023-46927 MEDIUM PATCH This Month

GPAC 2.3-DEV-rev605-gfc9e29089-master contains a heap-buffer-overflow in gf_isom_use_compact_size gpac/src/isomedia/isom_write.c:3403:3 in gpac/MP4Box. Rated medium severity (CVSS 5.5), this vulnerability is no authentication required, low attack complexity. This Out-of-bounds Write vulnerability could allow attackers to write data beyond allocated buffer boundaries leading to code execution or crashes.

Memory Corruption Buffer Overflow Gpac
NVD GitHub
CVSS 3.1
5.5
EPSS
0.2%
CVE-2023-46931 MEDIUM PATCH This Month

GPAC 2.3-DEV-rev605-gfc9e29089-master contains a heap-buffer-overflow in ffdmx_parse_side_data /afltest/gpac/src/filters/ff_dmx.c:202:14 in gpac/MP4Box. Rated medium severity (CVSS 5.5), this vulnerability is no authentication required, low attack complexity. This Out-of-bounds Write vulnerability could allow attackers to write data beyond allocated buffer boundaries leading to code execution or crashes.

Memory Corruption Buffer Overflow Gpac
NVD GitHub
CVSS 3.1
5.5
EPSS
0.2%
CVE-2023-46930 MEDIUM PATCH This Month

GPAC 2.3-DEV-rev605-gfc9e29089-master contains a SEGV in gpac/MP4Box in gf_isom_find_od_id_for_track /afltest/gpac/src/isomedia/media_odf.c:522:14. Rated medium severity (CVSS 5.5), this vulnerability is no authentication required, low attack complexity. This Out-of-bounds Write vulnerability could allow attackers to write data beyond allocated buffer boundaries leading to code execution or crashes.

Memory Corruption Buffer Overflow Gpac
NVD GitHub
CVSS 3.1
5.5
EPSS
0.2%
CVE-2023-42654 MEDIUM This Month

In dm service, there is a possible missing permission check. Rated medium severity (CVSS 5.5), this vulnerability is low attack complexity. No vendor patch available.

Information Disclosure Authentication Bypass Android
NVD
CVSS 3.1
5.5
EPSS
0.1%
CVE-2023-42653 MEDIUM This Month

In faceid service, there is a possible out of bounds write due to a missing bounds check. Rated medium severity (CVSS 5.5), this vulnerability is low attack complexity. No vendor patch available.

Memory Corruption Buffer Overflow Denial Of Service Android
NVD
CVSS 3.1
5.5
EPSS
0.1%
CVE-2023-42652 MEDIUM This Month

In engineermode, there is a possible missing permission check. Rated medium severity (CVSS 5.5), this vulnerability is low attack complexity. No vendor patch available.

Information Disclosure Authentication Bypass Android
NVD
CVSS 3.1
5.5
EPSS
0.1%
CVE-2023-42651 MEDIUM This Month

In engineermode, there is a possible missing permission check. Rated medium severity (CVSS 5.5), this vulnerability is low attack complexity. No vendor patch available.

Information Disclosure Authentication Bypass Android
NVD
CVSS 3.1
5.5
EPSS
0.1%
CVE-2023-42650 MEDIUM This Month

In engineermode, there is a possible missing permission check. Rated medium severity (CVSS 5.5), this vulnerability is low attack complexity. No vendor patch available.

Information Disclosure Authentication Bypass Android
NVD
CVSS 3.1
5.5
EPSS
0.1%
CVE-2023-42649 MEDIUM This Month

In engineermode, there is a possible missing permission check. Rated medium severity (CVSS 5.5), this vulnerability is low attack complexity. No vendor patch available.

Information Disclosure Android
NVD
CVSS 3.1
5.5
EPSS
0.1%
CVE-2023-42648 MEDIUM This Month

In engineermode, there is a possible missing permission check. Rated medium severity (CVSS 5.5), this vulnerability is low attack complexity. No vendor patch available.

Information Disclosure Authentication Bypass Android
NVD
CVSS 3.1
5.5
EPSS
0.1%
CVE-2023-42647 MEDIUM This Month

In Ifaa service, there is a possible way to write permission usage records of an app due to a missing permission check. Rated medium severity (CVSS 5.5), this vulnerability is low attack complexity. No vendor patch available.

Information Disclosure Android
NVD
CVSS 3.1
5.5
EPSS
0.1%
Prev Page 2 of 3 Next

This site uses cookies essential for authentication and security. No tracking or analytics cookies are used. Privacy Policy