CVE-2023-44324

Adobe FrameMaker Publishing Server versions 2022 and earlier are affected by an Improper Authentication vulnerability that could result in a Security feature bypass. An unauthenticated attacker can abuse this vulnerability to access the API and leak default admin's password. Exploitation of this...

PT-2023-7163 · Adobe · Framemaker Publishing Server

Name of the Vulnerable Software and Affected Versions: Adobe FrameMaker Publishing Server versions 2022 and earlier Description: The issue is related to an improper authentication vulnerability that could result in a security feature bypass. An unauthenticated attacker can exploit this to access...

MikroTik RouterOS Security Vulnerability

MikroTik RouterOS is a Linux-based router operating system developed by the Latvian company MikroTik. The system can be deployed in PCs to enable them to provide router functionality. A security vulnerability exists in MikroTik RouterOS versions v7.1 through 7.11 that stems from the presence of a...

ROS-20231109-02

Vulnerability in GLPI's request and incident handling system is related to information disclosure. Exploitation exploitation of the vulnerability could allow a remote attacker to obtain user logins. GLPI request and incident handling system vulnerability related to the lack of path filtering by...

PT-2023-29831 · Lenovo · Thinksystem

Name of the Vulnerable Software and Affected Versions: ThinkSystem versions v2 and v3 Description: An authenticated XCC user with elevated privileges can perform blind SQL injection in limited cases through a crafted API command. Recommendations: For ThinkSystem versions v2 and v3, consider...

PYSEC-2023-218

Exposure of Sensitive Information to an Unauthorized Actor vulnerability in Apache Airflow.This issue affects Apache Airflow from 2.4.0 to 2.7.0.Sensitive configuration information has been exposed to authenticated users with the ability to read configuration via Airflow REST API for configuratio...

UBUNTU-CVE-2023-41321

GLPI stands for Gestionnaire Libre de Parc Informatique is a Free Asset and IT Management Software package, that provides ITIL Service Desk features, licenses tracking and software auditing. An API user can enumerate sensitive fields values on resources on which he has read access. Users are...

Zoho ManageEngine ADManager Plus Authorization Issues Vulnerability

ZOHO ManageEngine ADManager Plus is a suite of Microsoft Active Directory management software from ZOHO designed for enterprise users using Windows domains. The software assists AD administrators and helpdesk technicians with day-to-day administrative tasks, such as batch management of user...

GHSA-GJ2R-PHWG-6RWW Kubernetes users may update Pod labels to bypass network policy

Impact An attacker with the ability to update pod labels can cause Cilium to apply incorrect network policies. This issue arises due to the fact that on pod update, Cilium incorrectly uses user-provided pod labels to select the policies which apply to the workload in question. This can affect:...

PT-2023-26893 · Cilium · Cilium

Name of the Vulnerable Software and Affected Versions: Cilium versions prior to 1.14.2 Cilium versions prior to 1.13.7 Cilium versions prior to 1.12.14 Description: Cilium is a networking, observability, and security solution with an eBPF-based dataplane. An attacker with the ability to update po...

CVE-2023-41301

Vulnerability of unauthorized API access in the PMS module. Successful exploitation of this vulnerability may cause features to perform abnormally...

CVE-2023-41301

CVE-2023-41301 describes a vulnerability in the PMS module enabling unauthorized API access, with exploitation potentially causing features to behave abnormally. The NVD entry lists a CVSS v3.1 base score of 7.5 (HIGH), with network attack vector, no privileges required, no user interaction, and ...

CVE-2023-41301

Vulnerability of unauthorized API access in the PMS module. Successful exploitation of this vulnerability may cause features to perform abnormally...

CVE-2023-41301

Vulnerability of unauthorized API access in the PMS module. Successful exploitation of this vulnerability may cause features to perform abnormally...

PT-2023-27889 · Unknown · Pms Module

Name of the Vulnerable Software and Affected Versions: PMS module affected versions not specified Description: The issue concerns unauthorized API access in the PMS module, which may lead to abnormal feature performance upon successful exploitation. Recommendations: At the moment, there is no...

MinIO Security Feature Bypass Vulnerability

MinIO contains a security feature bypass vulnerability that allows an attacker to use crafted requests to bypass metadata bucket name checking and put an object into any bucket while processing PostPolicyBucket to conduct privilege escalation. To carry out this attack, the attacker requires...

PT-2023-30290 · Unknown · Codemeter Runtime

Name of the Vulnerable Software and Affected Versions: CodeMeter Runtime versions prior to 7.60c Description: The issue is related to an Improper Privilege Management vulnerability, which occurs due to the incorrect use of privileged APIs in CodeMeter Runtime. This allows a local, low-privileged...

CVE-2023-1555

An issue has been discovered in GitLab affecting all versions starting from 15.2 before 16.1.5, all versions starting from 16.2 before 16.2.5, all versions starting from 16.3 before 16.3.1. A namespace-level banned user can access the API...

Design/Logic Flaw

An issue has been discovered in GitLab affecting all versions starting from 15.2 before 16.1.5, all versions starting from 16.2 before 16.2.5, all versions starting from 16.3 before 16.3.1. A namespace-level banned user can access the API...

CVE-2023-1555

Removed by vendor...