CVE-2023-2013

CVE-2023-2013 affects GitLab CE/EE with versions starting from 1.2 up to 15.10.8, versions from 15.11 up to 15.11.7, and 16.0 up to 16.0.2. The issue arises from a discrepancy between the web application display and the Git CLI, which can be abused to social engineer victims into cloning non-trus...

GitLab 1.2 < 15.10.8 / 15.11 < 15.11.7 / 16.0 < 16.0.2 (CVE-2023-2013)

The version of GitLab installed on the remote host is affected by a vulnerability, as follows: - An issue has been discovered in GitLab CE/EE affecting all versions starting from 1.2 before 15.10.8, all versions starting from 15.11 before 15.11.7, all versions starting from 16.0 before 16.0.2. An...

CVE-2023-31186

Avaya IX Workforce Engagement v15.2.7.1195 - User Enumeration - Observable Response Discrepancy...

CVE-2023-31186

Avaya IX Workforce Engagement v15.2.7.1195 - User Enumeration - Observable Response Discrepancy...

Code injection

Avaya IX Workforce Engagement v15.2.7.1195 - User Enumeration - Observable Response Discrepancy...

CVE-2023-31186 Avaya IX Workforce Engagement - User Enumeration - CWE-204: Observable Response Discrepancy

Avaya IX Workforce Engagement v15.2.7.1195 - User Enumeration - Observable Response Discrepancy...

CVE-2023-31186

CVE-2023-31186 affects Avaya IX Workforce Engagement, specifically version 15.2.7.1195, where a user enumeration vulnerability is described as an observable response discrepancy. The connected documents (e.g., CNNVD-202305-2542 and NVD entry) corroborate that an attacker could enumerate users via...

CVE-2023-31186 Avaya IX Workforce Engagement - User Enumeration - CWE-204: Observable Response Discrepancy

Avaya IX Workforce Engagement v15.2.7.1195 - User Enumeration - Observable Response Discrepancy...

CVE-2023-31186

Avaya IX Workforce Engagement v15.2.7.1195 - User Enumeration - Observable Response Discrepancy...

SUSE-SU-2023:2228-1 Security update for curl

This update for curl fixes the following issues: - CVE-2023-28320: Fixed siglongjmp race condition bsc1211231. - CVE-2023-28321: Fixed IDN wildcard matching bsc1211232. - CVE-2023-28322: Fixed POST-after-PUT confusion bsc1211233. - CVE-2023-27533: Fixed TELNET option IAC injection bsc1209209. -...

Snap One OvrC Cloud (Update A)

1. EXECUTIVE SUMMARY CVSS v3 8.6 ATTENTION: Exploitable remotely/low attack complexity Vendor: Snap One Equipment: OvrC Cloud, OvrC Pro Devices Vulnerabilities: Improper Input Validation, Observable Response Discrepancy, Improper Access Control, Cleartext Transmission of Sensitive Information,...

CVE-2023-23449

Observable Response Discrepancy in SICK FTMg AIR FLOW SENSOR with Partnumbers 1100214, 1100215, 1100216, 1120114, 1120116, 1122524, 1122526 allows a remote attacker to gain information about valid usernames by analyzing challenge responses from the server via the REST interface...

Teltonika Remote Management System and RUT Model Routers

1. EXECUTIVE SUMMARY CVSS v3 9.0 ATTENTION: Exploitable remotely/low attack complexity Vendor: Teltonika Equipment: Remote Management System and RUT model routers Vulnerabilities: Observable Response Discrepancy, Improper Authentication, Server-Side Request Forgery, Cross-site Scripting, Inclusio...

Hitachi Energy's RTU500 Series Product (UPDATE B)

View CSAF 1. EXECUTIVE SUMMARY CVSS v3 9.8 ATTENTION : Exploitable remotely/low attack complexity Vendor : Hitachi Energy Equipment : RTU500 Series Vulnerabilities : Type Confusion, Observable Timing Discrepancy, Out-of-bounds Read, Infinite Loop, Classic Buffer Overflow 2. RISK EVALUATION...

CVE-2023-27464

A vulnerability has been identified in Mendix Forgot Password Mendix 7 compatible All versions V3.7.1, Mendix Forgot Password Mendix 8 compatible All versions V4.1.1, Mendix Forgot Password Mendix 9 compatible All versions V5.1.1. The affected versions of the module contain an observable response...

CVE-2023-27464

A vulnerability has been identified in Mendix Forgot Password Mendix 7 compatible All versions V3.7.1, Mendix Forgot Password Mendix 8 compatible All versions V4.1.1, Mendix Forgot Password Mendix 9 compatible All versions V5.1.1. The affected versions of the module contain an observable response...

sfrxETH.ethPerDerivative is incorrect, leading to incorrect minting amount of safETH

Lines of code Vulnerability details SafeETH.stake allows users to stake ETH and be minted an amount of safETH that corresponds to the ETH value of the derivatives that resulted from their deposit. The minting amount is based on: preDepositPrice, which is a function of the total safETH minted and...

CVE-2023-26071

An issue was discovered in MCUBO ICT through 10.12.4 aka 6.0.2. An Observable Response Discrepancy can occur under the login web page. In particular, the web application provides different responses to incoming requests in a way that reveals internal state information to an unauthorized actor. Th...

CVE-2023-26071

An issue was discovered in MCUBO ICT through 10.12.4 aka 6.0.2. An Observable Response Discrepancy can occur under the login web page. In particular, the web application provides different responses to incoming requests in a way that reveals internal state information to an unauthorized actor. Th...

Code injection

An issue was discovered in MCUBO ICT through 10.12.4 aka 6.0.2. An Observable Response Discrepancy can occur under the login web page. In particular, the web application provides different responses to incoming requests in a way that reveals internal state information to an unauthorized actor. Th...