CVE Search Engine - Security Vulnerabilities and Exploits Search Tool

Zero Day Initiative•added 2024/03/28 12:0 a.m.•33 views

Linux Kernel nft_exthdr_tcp_eval Stack-based Buffer Overflow Information Disclosure Vulnerability

7.3CVSS6.5AI score0.00007EPSS

NCSC•added 2024/03/06 12:0 a.m.•5 views

Vulnerabilities fixed in ArubaOS and Aruba SD-WAN

Aruba Networks has fixed vulnerabilities in ArubaOS and SD-WAN as used by, among others, Aruba Mobility Conductor former Mobility Master, Mobility Controllers, Access-Points and SD-WAN Gateways. A malicious party can exploit the vulnerabilities to launch a denial-of-service DoS, gain access to...

9.1CVSS8AI score0.00133EPSS

Exploits0

Zero Day Initiative•added 2024/02/28 12:0 a.m.•17 views

NI FlexLogger TagHistorian Missing Authorization Local Privilege Escalation Vulnerability

This vulnerability allows local attackers to escalate privileges on affected installations of NI FlexLogger. An attacker must first obtain the ability to execute low-privileged code on the target system in order to exploit this vulnerability. The specific flaw exists within the TagHistorian...

7.8CVSS7.8AI score0.00083EPSS

Exploits1References1

Zero Day Initiative•added 2024/02/28 12:0 a.m.•18 views

NI FlexLogger DocumentManager Missing Authorization Local Privilege Escalation Vulnerability

7.8CVSS7.8AI score0.00083EPSS

Exploits1References1

Zero Day Initiative•added 2024/02/21 12:0 a.m.•31 views

Schneider Electric EcoStruxure IT Gateway Hard-Coded Credentials Local Privilege Escalation Vulnerability

This vulnerability allows local attackers to escalate privileges on affected installations of Schneider Electric EcoStruxure IT Gateway. An attacker must first obtain the ability to execute low-privileged code on the target system in order to exploit this vulnerability. The specific flaw exists...

7CVSS7.5AI score0.00109EPSS

Zero Day Initiative•added 2024/02/09 12:0 a.m.•23 views

X.Org Server DisableDevice Heap-based Buffer Overflow Local Privilege Escalation Vulnerability

This vulnerability allows local attackers to escalate privileges on affected installations of X.Org Server. An attacker must first obtain the ability to execute low-privileged code on the target system in order to exploit this vulnerability. The specific flaw exists within the DisableDevice...

7.8CVSS7.5AI score0.00239EPSS

NVD•added 2024/01/23 9:15 p.m.•15 views

CVE-2023-52338

A link following vulnerability in the Trend Micro Deep Security 20.0 and Trend Micro Cloud One - Endpoint and Workload Security Agent could allow a local attacker to escalate privileges on affected installations. Please note: an attacker must first obtain the ability to execute low-privileged cod...

7.8CVSS7.8AI score0.00148EPSS

NVD•added 2024/01/23 9:15 p.m.•10 views

CVE-2023-52331

A post-authenticated server-side request forgery SSRF vulnerability in Trend Micro Apex Central could allow an attacker to interact with internal or local services directly. Please note: an attacker must first obtain the ability to execute low-privileged code on the target system in order to...

7.1CVSS7AI score0.00265EPSS

NVD•added 2024/01/23 9:15 p.m.•11 views

CVE-2023-52091

An anti-spyware engine link following vulnerability in Trend Micro Apex One could allow a local attacker to escalate privileges on affected installations. Please note: an attacker must first obtain the ability to execute low-privileged code on the target system in order to exploit this...

7.8CVSS7.7AI score0.00054EPSS

NVD•added 2024/01/23 9:15 p.m.•13 views

CVE-2023-47193

An origin validation vulnerability in the Trend Micro Apex One security agent could allow a local attacker to escalate privileges on affected installations. Please note: an attacker must first obtain the ability to execute low-privileged code on the target system in order to exploit this...

NVD•added 2024/01/23 9:15 p.m.•17 views

CVE-2023-47194

NVD•added 2024/01/23 9:15 p.m.•8 views

CVE-2023-38625

A post-authenticated server-side request forgery SSRF vulnerability in Trend Micro Apex Central 2019 lower than build 6481 could allow an attacker to interact with internal or local services directly. Please note: an attacker must first obtain the ability to execute low-privileged code on the...

5.4CVSS5.5AI score0.00148EPSS

NVD•added 2024/01/23 9:15 p.m.•10 views

CVE-2023-47201

A plug-in manager origin validation vulnerability in the Trend Micro Apex One security agent could allow a local attacker to escalate privileges on affected installations. Please note: an attacker must first obtain the ability to execute low-privileged code on the target system in order to exploi...

7.8CVSS7.7AI score0.00047EPSS

NVD•added 2024/01/23 9:15 p.m.•16 views

CVE-2023-47195

NVD•added 2024/01/23 9:15 p.m.•8 views

CVE-2023-38624

5.4CVSS5.5AI score0.00148EPSS

NVD•added 2024/01/23 9:15 p.m.•15 views

CVE-2023-47192

An agent link vulnerability in the Trend Micro Apex One security agent could allow a local attacker to escalate privileges on affected installations. Please note: an attacker must first obtain the ability to execute low-privileged code on the target system in order to exploit this vulnerability...

7.8CVSS7.8AI score0.0008EPSS

NVD•added 2024/01/23 9:15 p.m.•14 views

CVE-2023-47197