Lucene search
K

7485 matches found

OSV
OSV
added 2023/07/20 6:15 p.m.8 views

CVE-2023-38335

Omnis Studio 10.22.00 has incorrect access control. It advertises a feature for making Omnis libraries "always private" - this is supposed to be an irreversible operation. However, due to implementation issues, "always private" Omnis libraries can be opened by the Omnis Studio browser by bypassin...

5.3CVSS5.7AI score0.01091EPSS
Exploits1References4
Cvelist
Cvelist
added 2023/07/20 12:0 a.m.23 views

CVE-2023-38334

Omnis Studio 10.22.00 has incorrect access control. It advertises an irreversible feature for locking classes within Omnis libraries: it should be no longer possible to delete, view, change, copy, rename, duplicate, or print a locked class. Due to implementation issues, locked classes in Omnis...

6.6AI score0.00779EPSS
Exploits1References4
Positive Technologies
Positive Technologies
added 2023/07/20 12:0 a.m.5 views

PT-2023-26369 · Omnis · Omnis Studio

Name of the Vulnerable Software and Affected Versions: Omnis Studio version 10.22.00 Description: The issue is related to incorrect access control in Omnis Studio. It has a feature to make Omnis libraries "always private", which is supposed to be an irreversible operation. However, due to...

5.3CVSS6.8AI score0.01091EPSS
Exploits1References8
CNNVD
CNNVD
added 2023/07/20 12:0 a.m.5 views

Omnis Studio 安全漏洞

Omnis Studio is a rapid application development tool from Omnis. A security vulnerability exists in Omnis Studio version 10.22.00, which stems from an improper access control issue that allows private Omnis libraries to be opened by the Omnis Studio browser...

5.3CVSS5.7AI score0.01091EPSS
Exploits1References5
OpenVAS
OpenVAS
added 2023/07/20 12:0 a.m.134 views

OpenBSD OpenSSH < 9.3p2 RCE Vulnerability

OpenBSD OpenSSH is prone to a remote code execution RCE vulnerability in OpenSSH SPDX-FileCopyrightText: 2023 Greenbone AG Some text descriptions might be excerpted from a referenced sources, and are Copyright C by the respective right holders. SPDX-License-Identifier: GPL-2.0-only CPE =...

9.8CVSS9.9AI score0.76768EPSS
Exploits10References2
vulnersOsv
vulnersOsv
added 2023/07/19 3:30 p.m.6 views

br.com.nitertech:jwt (>=1.1.4.2 <=1.1.5), cn.herodotus.engine:oauth2-sdk-authentication (>=3.0.6.4 <=3.1.1.3) +314 more potentially affected by CVE-2023-34034 via org.springframework.security:spring-security-config (>=6.1.0 <=6.1.1)

org.springframework.security:spring-security-config MAVEN version =6.1.0, =1.1.4.2, =3.0.6.4, =3.0.6.4, =3.0.6.4, =3.0.6.4, =4.0.1, =4.0.1, =0.1.0, =6.1.11, =6.1.11, =7.0.0, =7.0.0, =6.1.11, =6.1.11, =6.2.0 and more Source cves: CVE-2023-34034 Source advisory: OSV:GHSA-3H6F-G5F3-GC4W...

9.8CVSS6.7AI score0.03465EPSS
Exploits1
Ubuntu
Ubuntu
added 2023/07/19 12:11 p.m.116 views

USN-6237-1: curl vulnerabilities

Hiroki Kurosawa discovered that curl incorrectly handled validating certain certificate wildcards. A remote attacker could possibly use this issue to spoof certain website certificates using IDN hosts. CVE-2023-28321 Hiroki Kurosawa discovered that curl incorrectly handled callbacks when certain...

5.9CVSS6.5AI score0.02211EPSS
Exploits2
FreeBSD
FreeBSD
added 2023/07/19 12:0 a.m.858 views

OpenSSH -- remote code execution via a forwarded agent socket

OpenSSH project reports: Fix CVE-2023-38408 - a condition where specific libaries loaded via ssh-agent1's PKCS11 support could be abused to achieve remote code execution via a forwarded agent socket if the following conditions are met: Exploitation requires the presence of specific libraries on t...

9.8CVSS7.5AI score0.76768EPSS
Exploits10References1
Cvelist
Cvelist
added 2023/07/17 10:13 p.m.11 views

CVE-2023-37479 Improper sanitization of MXCSR and RFLAGS in OpenEnclave

Open Enclave is a hardware-agnostic open source library for developing applications that utilize Hardware-based Trusted Execution Environments, also known as Enclaves. There are two issues that are mitigated in version 0.19.3. First, Open Enclave SDK does not properly sanitize the MXCSR register ...

5.3CVSS7.7AI score0.00634EPSS
Exploits0References3
IBM Security Bulletins
IBM Security Bulletins
added 2023/07/14 2:51 a.m.27 views

Security Bulletin: Multiple vulnerabilities in IBM Java SDK (April 2023) affect IBM InfoSphere Information Server

Summary There are multiple vulnerabilities in the IBM® SDK Java™ Technology Edition, Version 8 that is used by IBM InfoSphere Information Server. These issues were disclosed as part of the IBM Java SDK updates in April 2023. Vulnerability Details CVEID:CVE-2023-21967 DESCRIPTION: An unspecified...

5.9CVSS6.6AI score0.02474EPSS
Exploits1Affected Software1
IBM Security Bulletins
IBM Security Bulletins
added 2023/07/13 2:52 p.m.24 views

Security Bulletin: IBM Event Streams is affected by multiple Semaru Java vulnerabilities

Summary IBM Event Streams has addressed the following IBM Semaru Java vulnerabilities before version 17.0.7.0 CVE-2023-21930, CVE-2023-21967, CVE-2023-21954, CVE-2023-21939, CVE-2023-21968, CVE-2023-21937, CVE-2023-21938, CVE-2023-2597 Vulnerability Details CVEID:CVE-2023-21930 DESCRIPTION: An...

9.1CVSS8.5AI score0.02474EPSS
Exploits1Affected Software1
vulnersOsv
vulnersOsv
added 2023/07/12 9:30 p.m.4 views

ai.ancf.lmos:lmos-operator (>=0.5.0 <=0.6.0), ai.berktest:BerkClient (>=1.0.0 <=1.0.3) +16308 more potentially affected by CVE-2023-3635 via com.squareup.okio:okio (>=0.6.0 <=1.17.5)

com.squareup.okio:okio MAVEN version =0.6.0, =0.5.0, =1.0.0, =0.80.7, =0.80.7, =0.80.7, =0.80.7, =3.24.0.1, =3.0.1.4, =3.32.0.1-2-2.1, =3.32.0.1-2-3.0, =3.34.0.3-1-2.2, =3.34.0.3-1-3.0, =3.34.0.3-1-2.2, =3.34.0.3-1-3.0, =3.36.0.2-1-3.1 and more Source cves: CVE-2023-3635 Source advisory:...

7.5CVSS6.6AI score0.01077EPSS
Exploits1
IBM Security Bulletins
IBM Security Bulletins
added 2023/07/12 10:11 a.m.47 views

Security Bulletin: Multiple Vulnerabilities of Apache HttpClient and Jackson-mapper have affected IBM Tivoli Monitoring for Virtual Environments Agent for Linux Kernel-based Virtual Machines

Summary IBM Tivoli Monitoring for Virtual Environments Agent for Linux Kernel-based Virtual Machines is vulnerable to Apache HttpClient and jackson-mapper as described in 220912, CVE-2020-13956, CVE-2019-10202, CVE-2019-10172. The fix includes upgrading required libraries to latest version...

9.8CVSS8.7AI score0.17044EPSS
Exploits1Affected Software1
OSV
OSV
added 2023/07/08 11:5 a.m.7 views

OESA-2023-1411 guava20 security update

Guava is a set of core libraries that includes new collection types ,immutable collections, a graph library, and utilities for concurrency, I/O, hashing, primitives, strings, and more. Security Fixes: Use of Java's default temporary directory for file creation in FileBackedOutputStream in Google...

7.1CVSS8.7AI score0.00248EPSS
Exploits0References2
BDU FSTEC
BDU FSTEC
added 2023/07/06 12:0 a.m.7 views

The vulnerabilities of the libraries CatiaV5_3dRead, CatiaV6_3dRead, Step3dRead, Ug3dReadPsr, and Jt3dReadPsr—programming environments for rendering 3D models by Luxion KeyShot—allow attackers to execute arbitrary code.

The vulnerability of the Luxion KeyShot 3D-modeling software libraries—CatiaV53dRead, CatiaV63dRead, Step3dRead, Ug3dReadPsr, and Jt3dReadPsr—is related to reading data beyond the buffer boundaries in memory. Exploiting this vulnerability can allow attackers to execute arbitrary code...

7.8CVSS7.7AI score0.02029EPSS
Exploits0References9Affected Software2
IBM Security Bulletins
IBM Security Bulletins
added 2023/07/05 9:3 p.m.30 views

Security Bulletin: IBM Watson Assistant for IBM Cloud Pak for Data is vulnerable to unspecified multiple vulnerabilities in Oracle Java SE, Oracle GraalVM Enterprise Edition

Summary Potential unspecified multiple vulnerabilities in Oracle Java SE, Oracle GraalVM Enterprise Edition has been identified that may affect IBM Watson Assistant for IBM Cloud Pak for Data. Refer to details for additional information Vulnerability Details CVEID:CVE-2023-21930 DESCRIPTION: An...

9.1CVSS8.6AI score0.02474EPSS
Exploits1Affected Software1
vulnersOsv
vulnersOsv
added 2023/07/05 3:30 a.m.5 views

com.baomidou:kisso (>=2.0 <=3.6.10), com.baomidou:spring-wind (>=1.0 <=1.1.4) +91 more potentially affected by CVE-2023-33201 via org.bouncycastle:bcprov-jdk14 (>=1.49 <=1.73)

org.bouncycastle:bcprov-jdk14 MAVEN version =1.49, =2.0, =1.0, =9.1.20, =0.1.1, =1.5.4, =2.2, =2.0.1, =7.0, =1.5, =12.3, =22.2.3 and more Source cves: CVE-2023-33201 Source advisory: OSV:GHSA-HR8G-6V94-X4M9...

5.3CVSS6.6AI score0.00772EPSS
Exploits0
CNNVD
CNNVD
added 2023/07/05 12:0 a.m.6 views

PAX Technology A930 安全漏洞

PAX Technology A930 is an Android mobile payment terminal from PAX Global PAX Technology, China. A security vulnerability exists in the PAX A930 PayDroid7.1.1VirgoV04.5.0220220722 version, which originates from a vulnerability that allows an attacker to compile malicious shared libraries and bypa...

6.7CVSS6.6AI score0.00212EPSS
Exploits0References2
IBM Security Bulletins
IBM Security Bulletins
added 2023/07/04 11:37 a.m.36 views

Security Bulletin: Multiple CVEs may affect IBM® SDK, Java™ Technology Edition shipped with IBM CICS TX Advanced

Summary CVE-2023-21930, CVE-2023-21967, CVE-2023-21954, CVE-2023-21939, CVE-2023-21968, CVE-2023-21937, CVE-2023-21938 and CVE-2023-2597 may affect IBM® SDK, Java™ Technology Edition shipped with IBM CICS TX Advanced. IBM CICS TX Advanced has addressed the applicable CVEs. Vulnerability Details...

9.1CVSS8.2AI score0.02474EPSS
Exploits1Affected Software1
IBM Security Bulletins
IBM Security Bulletins
added 2023/07/04 11:36 a.m.25 views

Security Bulletin: Multiple CVEs may affect IBM® SDK, Java™ Technology Edition shipped with IBM CICS TX Standard

Summary CVE-2023-21930, CVE-2023-21967, CVE-2023-21954, CVE-2023-21939, CVE-2023-21968, CVE-2023-21937, CVE-2023-21938 and CVE-2023-2597 may affect IBM® SDK, Java™ Technology Edition shipped with IBM CICS TX Standard. IBM CICS TX Standard has addressed the applicable CVEs. Vulnerability Details...

9.1CVSS8.2AI score0.02474EPSS
Exploits1Affected Software1
Rows per page
Query Builder