CVE & Exploit Intelligence Database

CVE-2023-23501 5.5 MEDIUM EPSS 0.00

The issue was addressed with improved memory handling This issue is fixed in macOS Ventura 13.2. An app may be able to disclose kernel memory.

CWE-668 Feb 27, 2023

CVE-2023-27265 2.7 LOW EPSS 0.00

Mattermost fails to honor the ShowEmailAddress setting when constructing a response to the "Regenerate Invite Id" API endpoint, allowing an attacker with team admin privileges to learn the team owner's email address in the response.

CWE-200 Feb 27, 2023

CVE-2022-44310 7.5 HIGH EPSS 0.00

In Development IL ecdh before 0.2.0, an attacker can send an invalid point (not on the curve) as the public key, and obtain the derived shared secret.

CWE-668 Feb 24, 2023

CVE-2023-0481 3.3 LOW EPSS 0.00

In RestEasy Reactive implementation of Quarkus the insecure File.createTempFile() is used in the FileBodyHandler class which creates temp files with insecure permissions that could be read by a local user.

CWE-378 Feb 24, 2023

CVE-2023-26081 7.5 HIGH EPSS 0.00

In Epiphany (aka GNOME Web) through 43.0, untrusted web content can trick users into exfiltrating passwords, because autofill occurs in sandboxed contexts.

CWE-668 Feb 20, 2023

CVE-2022-39952 9.8 CRITICAL EXPLOITED 6 PoCs Analysis NUCLEI EPSS 0.94

A external control of file name or path in Fortinet FortiNAC versions 9.4.0, 9.2.0 through 9.2.5, 9.1.0 through 9.1.7, 8.8.0 through 8.8.11, 8.7.0 through 8.7.6, 8.6.0 through 8.6.5, 8.5.0 through 8.5.4, 8.3.7 may allow an unauthenticated attacker to execute unauthorized code or commands via specifically crafted HTTP request.

CWE-668 Feb 16, 2023

CVE-2023-25192 5.3 MEDIUM EPSS 0.00

AMI MegaRAC SPX devices allow User Enumeration through Redfish. The fixed versions are SPx12-update-7.00 and SPx13-update-5.00.

CWE-668 Feb 15, 2023

CVE-2023-21714 5.5 MEDIUM EPSS 0.02

Microsoft Office Information Disclosure Vulnerability

CWE-125 Feb 14, 2023

CVE-2023-21687 5.5 MEDIUM EPSS 0.03

HTTP.sys Information Disclosure Vulnerability

CWE-125 Feb 14, 2023

CVE-2023-24523 8.8 HIGH EPSS 0.00

An attacker authenticated as a non-admin user with local access to a server port assigned to the SAP Host Agent (Start Service) - versions 7.21, 7.22, can submit a crafted ConfigureOutsideDiscovery request with an operating system command which will be executed with administrator privileges.  The OS command can read or modify any user or system data and can make the system unavailable.

CWE-668 Feb 14, 2023

CVE-2022-34387 6.4 MEDIUM EPSS 0.00

Dell SupportAssist for Home PCs (version 3.11.4 and prior) and SupportAssist for Business PCs (version 3.2.0 and prior) contain a privilege escalation vulnerability. A local authenticated malicious user could potentially exploit this vulnerability to elevate privileges and gain total control of the system.

CWE-377 Feb 11, 2023

CVE-2022-34364 4.4 MEDIUM EPSS 0.00

Dell BSAFE SSL-J, versions before 6.5 and version 7.0 contain a debug message revealing unnecessary information vulnerability. This may lead to disclosing sensitive information to a locally privileged user. .

CWE-1295 Feb 10, 2023

CVE-2022-4903 5.0 MEDIUM 1 Writeup EPSS 0.00

A vulnerability was found in CodenameOne 7.0.70. It has been classified as problematic. Affected is an unknown function. The manipulation leads to use of implicit intent for sensitive communication. It is possible to launch the attack remotely. The complexity of an attack is rather high. The exploitability is told to be difficult. Upgrading to version 7.0.71 is able to address this issue. The patch is identified as dad49c9ef26a598619fc48d2697151a02987d478. It is recommended to upgrade the affected component. VDB-220470 is the identifier assigned to this vulnerability.

CWE-927 Feb 10, 2023

CVE-2022-34452 2.7 LOW EPSS 0.00

PowerPath Management Appliance with versions 3.3, 3.2*, 3.1 & 3.0* contains sensitive information disclosure vulnerability. An Authenticated admin user can able to exploit the issue and view sensitive information stored in the logs.

CWE-598 Feb 10, 2023

CVE-2023-21447 4.0 MEDIUM EPSS 0.00

Improper access control vulnerabilities in Samsung Cloud prior to version 5.3.0.32 allows local attackers to access information with Samsung Cloud's privilege via implicit intent.

CWE-284 Feb 09, 2023

CVE-2023-21445 5.5 MEDIUM EPSS 0.00

Improper access control vulnerability in MyFiles prior to versions 12.2.09 in Android R(11), 13.1.03.501 in Android S(12) and 14.1.00.422 in Android T(13) allows local attacker to write file with MyFiles privilege via implicit intent.

CWE-284 Feb 09, 2023

CVE-2023-21438 2.1 LOW EPSS 0.00

Improper logic in HomeScreen prior to SMR Feb-2023 Release 1 allows physical attacker to access App preview protected by Secure Folder.

CWE-284 Feb 09, 2023

CVE-2022-46756 8.2 HIGH EPSS 0.00

Dell VxRail, versions prior to 7.0.410, contain a Container Escape Vulnerability. A local high-privileged attacker could potentially exploit this vulnerability, leading to the execution of arbitrary OS commands on the container's underlying OS. Exploitation may lead to a system take over by an attacker.

CWE-668 Feb 01, 2023

CVE-2022-22732 3.9 LOW EPSS 0.00

A CWE-668: Exposure of Resource to Wrong Sphere vulnerability exists that could cause all remote domains to access the resources (data) supplied by the server when an attacker sends a fetch request from third-party site or malicious site. Affected Products: EcoStruxure Power Commission (Versions prior to V2.22)

CWE-668 Jan 30, 2023

CVE-2022-26329 1.8 LOW EPSS 0.00

File existence disclosure vulnerability in NetIQ Identity Manager plugin prior to version 4.8.5 allows attacker to determine whether a file exists on the filesystem. This issue affects: Micro Focus NetIQ Identity Manager NetIQ Identity Manager versions prior to 4.8.5 on ALL.

CWE-538 Jan 26, 2023