Lucene search

K

Enterprise Security Vulnerabilities

cve
cve

CVE-2023-22074

Vulnerability in the Oracle Database Sharding component of Oracle Database Server. Supported versions that are affected are 19.3-19.20 and 21.3-21.11. Easily exploitable vulnerability allows high privileged attacker having Create Session, Select Any Dictionary privilege with network access via...

2.4CVSS

2.3AI Score

0.0004EPSS

2023-10-17 10:15 PM
324
cve
cve

CVE-2023-22077

Vulnerability in the Oracle Database Recovery Manager component of Oracle Database Server. Supported versions that are affected are 19.3-19.20 and 21.3-21.11. Easily exploitable vulnerability allows high privileged attacker having DBA account privilege with network access via Oracle Net to...

4.9CVSS

4.8AI Score

0.0004EPSS

2023-10-17 10:15 PM
310
cve
cve

CVE-2023-22083

Vulnerability in the Oracle Enterprise Session Border Controller product of Oracle Communications (component: Web UI). Supported versions that are affected are 9.0-9.2. Easily exploitable vulnerability allows unauthenticated attacker with network access via HTTPS to compromise Oracle Enterprise...

4.3CVSS

3.6AI Score

0.001EPSS

2023-10-17 10:15 PM
17
cve
cve

CVE-2023-22073

Vulnerability in the Oracle Notification Server component of Oracle Database Server. Supported versions that are affected are 19.3-19.20 and 21.3-21.11. Easily exploitable vulnerability allows unauthenticated attacker with access to the physical communication segment attached to the hardware...

4.3CVSS

3.7AI Score

0.0005EPSS

2023-10-17 10:15 PM
308
cve
cve

CVE-2023-4399

Grafana is an open-source platform for monitoring and observability. In Grafana Enterprise, Request security is a deny list that allows admins to configure Grafana in a way so that the instance doesn’t call specific hosts. However, the restriction can be bypassed used punycode encoding of the...

7.2CVSS

7AI Score

0.001EPSS

2023-10-17 08:15 AM
258
cve
cve

CVE-2023-4822

Grafana is an open-source platform for monitoring and observability. The vulnerability impacts Grafana instances with several organizations, and allows a user with Organization Admin permissions in one organization to change the permissions associated with Organization Viewer, Organization Editor.....

7.2CVSS

6.8AI Score

0.001EPSS

2023-10-16 09:15 AM
274
cve
cve

CVE-2023-45176

IBM App Connect Enterprise 11.0.0.1 through 11.0.0.23, 12.0.1.0 through 12.0.10.0 and IBM Integration Bus 10.1 through 10.1.0.1 are vulnerable to a denial of service for integration nodes on Windows. IBM X-Force ID: ...

6.2CVSS

5.3AI Score

0.0004EPSS

2023-10-14 04:15 PM
40
cve
cve

CVE-2023-40682

IBM App Connect Enterprise 12.0.1.0 through 12.0.8.0 contains an unspecified vulnerability that could allow a local privileged user to obtain sensitive information from API logs. IBM X-Force ID: ...

4.4CVSS

4.1AI Score

0.0004EPSS

2023-10-13 04:15 PM
44
cve
cve

CVE-2023-5557

A flaw was found in the tracker-miners package. A weakness in the sandbox allows a maliciously-crafted file to execute code outside the sandbox if the tracker-extract process has first been compromised by a separate...

7.7CVSS

7.4AI Score

0.005EPSS

2023-10-13 02:15 AM
88
cve
cve

CVE-2023-42752

An integer overflow flaw was found in the Linux kernel. This issue leads to the kernel allocating skb_shared_info in the userspace, which is exploitable in systems without SMAP protection since skb_shared_info contains references to function...

5.5CVSS

6.2AI Score

0.0004EPSS

2023-10-13 02:15 AM
74
cve
cve

CVE-2023-43789

A vulnerability was found in libXpm where a vulnerability exists due to a boundary condition, a local user can trigger an out-of-bounds read error and read contents of memory on the...

5.5CVSS

5.1AI Score

0.0004EPSS

2023-10-12 12:15 PM
431
cve
cve

CVE-2023-40829

There is an interface unauthorized access vulnerability in the background of Tencent Enterprise Wechat Privatization 2.5.x and...

7.5CVSS

7.5AI Score

0.001EPSS

2023-10-12 05:15 AM
19
cve
cve

CVE-2023-36569

Microsoft Office Elevation of Privilege...

8.4CVSS

8.2AI Score

0.001EPSS

2023-10-10 06:15 PM
89
cve
cve

CVE-2023-36568

Microsoft Office Click-To-Run Elevation of Privilege...

7CVSS

6.9AI Score

0.001EPSS

2023-10-10 06:15 PM
72
cve
cve

CVE-2023-44487

The HTTP/2 protocol allows a denial of service (server resource consumption) because request cancellation can reset many streams quickly, as exploited in the wild in August through October...

7.5CVSS

8AI Score

0.732EPSS

2023-10-10 02:15 PM
2909
In Wild
cve
cve

CVE-2023-43786

A vulnerability was found in libX11 due to an infinite loop within the PutSubImage() function. This flaw allows a local user to consume all available system resources and cause a denial of service...

5.5CVSS

5.7AI Score

0.0004EPSS

2023-10-10 01:15 PM
435
cve
cve

CVE-2023-43787

A vulnerability was found in libX11 due to an integer overflow within the XCreateImage() function. This flaw allows a local user to trigger an integer overflow and execute arbitrary code with elevated...

7.8CVSS

7.7AI Score

0.0004EPSS

2023-10-10 01:15 PM
432
cve
cve

CVE-2023-43788

A vulnerability was found in libXpm due to a boundary condition within the XpmCreateXpmImageFromBuffer() function. This flaw allows a local attacker to trigger an out-of-bounds read error and read the contents of memory on the...

5.5CVSS

5.1AI Score

0.0004EPSS

2023-10-10 01:15 PM
427
cve
cve

CVE-2023-43785

A vulnerability was found in libX11 due to a boundary condition within the _XkbReadKeySyms() function. This flaw allows a local user to trigger an out-of-bounds read error and read the contents of memory on the...

6.5CVSS

5.6AI Score

0.0004EPSS

2023-10-10 01:15 PM
436
cve
cve

CVE-2023-39192

A flaw was found in the Netfilter subsystem in the Linux kernel. The xt_u32 module did not validate the fields in the xt_u32 structure. This flaw allows a local privileged attacker to trigger an out-of-bounds read by setting the size fields with a value beyond the array boundaries, leading to a...

6.7CVSS

5.5AI Score

0.0004EPSS

2023-10-09 06:15 PM
408
cve
cve

CVE-2023-39193

A flaw was found in the Netfilter subsystem in the Linux kernel. The sctp_mt_check did not validate the flag_count field. This flaw allows a local privileged (CAP_NET_ADMIN) attacker to trigger an out-of-bounds read, leading to a crash or information...

6.1CVSS

7.1AI Score

0.0004EPSS

2023-10-09 06:15 PM
419
cve
cve

CVE-2023-39194

A flaw was found in the XFRM subsystem in the Linux kernel. The specific flaw exists within the processing of state filters, which can result in a read past the end of an allocated buffer. This flaw allows a local privileged (CAP_NET_ADMIN) attacker to trigger an out-of-bounds read, potentially...

4.4CVSS

4.1AI Score

0.0005EPSS

2023-10-09 06:15 PM
447
cve
cve

CVE-2023-39189

A flaw was found in the Netfilter subsystem in the Linux kernel. The nfnl_osf_add_callback function did not validate the user mode controlled opt_num field. This flaw allows a local privileged (CAP_NET_ADMIN) attacker to trigger an out-of-bounds read, leading to a crash or information...

6CVSS

5.5AI Score

0.0004EPSS

2023-10-09 06:15 PM
135
cve
cve

CVE-2023-3589

A Cross-Site Request Forgery (CSRF) vulnerability affecting Teamwork Cloud from No Magic Release 2021x through No Magic Release 2022x could allow with some very specific conditions an attacker to send a specifically crafted query to the...

7.5CVSS

7.5AI Score

0.001EPSS

2023-10-09 09:15 AM
28
cve
cve

CVE-2023-5366

A flaw was found in Open vSwitch that allows ICMPv6 Neighbor Advertisement packets between virtual machines to bypass OpenFlow rules. This issue may allow a local attacker to create specially crafted packets with a modified or spoofed target IP address field that can redirect ICMPv6 traffic to...

7.1CVSS

5.4AI Score

0.0004EPSS

2023-10-06 06:15 PM
58
cve
cve

CVE-2023-42755

A flaw was found in the IPv4 Resource Reservation Protocol (RSVP) classifier in the Linux kernel. The xprt pointer may go beyond the linear part of the skb, leading to an out-of-bounds read in the rsvp_classify function. This issue may allow a local user to crash the system and cause a denial of...

6.5CVSS

5.2AI Score

0.001EPSS

2023-10-05 07:15 PM
149
cve
cve

CVE-2023-40745

LibTIFF is vulnerable to an integer overflow. This flaw allows remote attackers to cause a denial of service (application crash) or possibly execute an arbitrary code via a crafted tiff image, which triggers a heap-based buffer...

6.5CVSS

7AI Score

0.001EPSS

2023-10-05 07:15 PM
122
cve
cve

CVE-2023-41175

A vulnerability was found in libtiff due to multiple potential integer overflows in raw2tiff.c. This flaw allows remote attackers to cause a denial of service or possibly execute an arbitrary code via a crafted tiff image, which triggers a heap-based buffer...

6.5CVSS

6.9AI Score

0.001EPSS

2023-10-05 07:15 PM
110
cve
cve

CVE-2023-42754

A NULL pointer dereference flaw was found in the Linux kernel ipv4 stack. The socket buffer (skb) was assumed to be associated with a device before calling __ip_options_compile, which is not always the case if the skb is re-routed by ipvs. This issue may allow a local user with CAP_NET_ADMIN...

5.5CVSS

7AI Score

0.0004EPSS

2023-10-05 07:15 PM
431
cve
cve

CVE-2023-3576

A memory leak flaw was found in Libtiff's tiffcrop utility. This issue occurs when tiffcrop operates on a TIFF image file, allowing an attacker to pass a crafted TIFF image file to tiffcrop utility, which causes this memory leak issue, resulting an application crash, eventually leading to a denial....

5.5CVSS

5.6AI Score

0.0004EPSS

2023-10-04 07:15 PM
121
cve
cve

CVE-2023-39191

An improper input validation flaw was found in the eBPF subsystem in the Linux kernel. The issue occurs due to a lack of proper validation of dynamic pointers within user-supplied eBPF programs prior to executing them. This may allow an attacker with CAP_BPF privileges to escalate privileges and...

8.2CVSS

8.1AI Score

0.0005EPSS

2023-10-04 07:15 PM
95
cve
cve

CVE-2023-3428

A heap-based buffer overflow vulnerability was found in coders/tiff.c in ImageMagick. This issue may allow a local attacker to trick the user into opening a specially crafted file, resulting in an application crash and denial of...

6.2CVSS

6.1AI Score

0.0004EPSS

2023-10-04 07:15 PM
81
cve
cve

CVE-2023-5113

Certain HP Enterprise LaserJet and HP LaserJet Managed Printers are potentially vulnerable to denial of service due to WS-Print request and potential injections of Cross Site Scripting via...

6.1CVSS

6.2AI Score

0.0004EPSS

2023-10-04 03:15 PM
31
cve
cve

CVE-2023-3971

An HTML injection flaw was found in Controller in the user interface settings. This flaw allows an attacker to capture credentials by creating a custom login page by injecting HTML, resulting in a complete...

7.3CVSS

5.4AI Score

0.001EPSS

2023-10-04 03:15 PM
87
cve
cve

CVE-2023-4380

A logic flaw exists in Ansible Automation platform. Whenever a private project is created with incorrect credentials, they are logged in plaintext. This flaw allows an attacker to retrieve the credentials from the log, resulting in the loss of confidentiality, integrity, and...

6.3CVSS

6AI Score

0.001EPSS

2023-10-04 03:15 PM
92
cve
cve

CVE-2023-3153

A flaw was found in Open Virtual Network where the service monitor MAC does not properly rate limit. This issue could allow an attacker to cause a denial of service, including on deployments with CoPP enabled and properly...

5.3CVSS

5.3AI Score

0.001EPSS

2023-10-04 12:15 PM
32
cve
cve

CVE-2022-4132

A flaw was found in JSS. A memory leak in JSS requires non-standard configuration but is a low-effort DoS vector if configured that way (repeatedly hitting the login...

5.9CVSS

5.7AI Score

0.0005EPSS

2023-10-04 12:15 PM
61
cve
cve

CVE-2023-2422

A flaw was found in Keycloak. A Keycloak server configured to support mTLS authentication for OAuth/OpenID clients does not properly verify the client certificate chain. A client that possesses a proper certificate can authorize itself as any other client, therefore, access data that belongs to...

7.1CVSS

7.1AI Score

0.001EPSS

2023-10-04 11:15 AM
102
cve
cve

CVE-2023-4911

A buffer overflow was discovered in the GNU C Library's dynamic loader ld.so while processing the GLIBC_TUNABLES environment variable. This issue could allow a local attacker to use maliciously crafted GLIBC_TUNABLES environment variables when launching binaries with SUID permission to execute...

7.8CVSS

8AI Score

0.014EPSS

2023-10-03 06:15 PM
906
In Wild
cve
cve

CVE-2023-5255

For certificates that utilize the auto-renew feature in Puppet Server, a flaw exists which prevents the certificates from being...

7.5CVSS

7.4AI Score

0.0005EPSS

2023-10-03 06:15 PM
146
cve
cve

CVE-2023-4732

A flaw was found in pfn_swap_entry_to_page in memory management subsystem in the Linux Kernel. In this flaw, an attacker with a local user privilege may cause a denial of service problem due to a BUG statement referencing pmd_t...

4.7CVSS

5.3AI Score

0.0004EPSS

2023-10-03 05:15 PM
123
cve
cve

CVE-2023-3440

Incorrect Default Permissions vulnerability in Hitachi JP1/Performance Management on Windows allows File Manipulation.This issue affects JP1/Performance Management - Manager: from 09-00 before 12-50-07; JP1/Performance Management - Base: from 09-00 through 10-50-*; JP1/Performance Management -...

8.4CVSS

7.6AI Score

0.0004EPSS

2023-10-03 02:15 AM
43
cve
cve

CVE-2023-37605

Weak Exception Handling vulnerability in baramundi software GmbH EMM Agent 23.1.50 and before allows an attacker to cause a denial of service via a crafted request to the password...

5.5CVSS

7.3AI Score

0.0004EPSS

2023-10-02 07:15 PM
22
cve
cve

CVE-2023-44488

VP9 in libvpx before 1.13.1 mishandles widths, leading to a crash related to...

7.5CVSS

7.9AI Score

0.001EPSS

2023-09-30 08:15 PM
414
cve
cve

CVE-2022-35908

Cambium Enterprise Wi-Fi System Software before 6.4.2 does not sanitize the ping host argument in...

8.8CVSS

8.6AI Score

0.001EPSS

2023-09-29 09:15 PM
29
cve
cve

CVE-2023-5077

The Vault and Vault Enterprise ("Vault") Google Cloud secrets engine did not preserve existing Google Cloud IAM Conditions upon creating or updating rolesets. Fixed in Vault...

7.6CVSS

7.3AI Score

0.0005EPSS

2023-09-29 12:15 AM
100
cve
cve

CVE-2023-3775

A Vault Enterprise Sentinel Role Governing Policy created by an operator to restrict access to resources in one namespace can be applied to requests outside in another non-descendant namespace, potentially resulting in denial of service. Fixed in Vault Enterprise 1.15.0, 1.14.4,...

4.9CVSS

5AI Score

0.0004EPSS

2023-09-29 12:15 AM
93
cve
cve

CVE-2023-5215

A flaw was found in libnbd. A server can reply with a block size larger than 2^63 (the NBD spec states the size is a 64-bit unsigned value). This issue could lead to an application crash or other unintended behavior for NBD clients that doesn't treat the return value of the nbd_get_size() function....

6.5CVSS

6.1AI Score

0.0004EPSS

2023-09-28 02:15 PM
100
cve
cve

CVE-2023-42756

A flaw was found in the Netfilter subsystem of the Linux kernel. A race condition between IPSET_CMD_ADD and IPSET_CMD_SWAP can lead to a kernel panic due to the invocation of __ip_set_put on a wrong set. This issue may allow a local user to crash the...

4.7CVSS

5.6AI Score

0.0004EPSS

2023-09-28 02:15 PM
89
cve
cve

CVE-2023-4066

A flaw was found in Red Hat's AMQ Broker, which stores certain passwords in a secret security-properties-prop-module, defined in ActivemqArtemisSecurity CR; however, they are shown in plaintext in the StatefulSet details yaml of AMQ...

5.5CVSS

5.4AI Score

0.0004EPSS

2023-09-27 09:15 PM
99
Total number of security vulnerabilities8264