The vulnerability of the Zimbra Collaboration Suite’s corporate email management system lies in the use of certain JVM arguments within the mail server. This allows attackers to compromise the confidentiality, integrity, and accessibility of the protected information.

The vulnerability of the Zimbra Collaboration Suite email management system is related to the use of certain arguments in the Java Virtual Machine JVM used by the mail server. Exploiting this vulnerability could allow a malicious actor to compromise the confidentiality, integrity, and accessibili...

The vulnerability of the S/MIME protocol implementation in the Thunderbird email client allows a perpetrator to circumvent existing security restrictions and gain unauthorized access to protected information.

The vulnerability of the S/MIME protocol implementation in Thunderbird’s email client is related to resource release errors. Exploiting this vulnerability allows a malicious actor to bypass existing security restrictions and gain unauthorized access to protected information...

The vulnerability in the web interface of the Cisco Identity Services Engine (ISE) management platform allows a perpetrator to gain unauthorized access to protected information.

The vulnerability in the web interface of the Cisco Identity Services Engine ISE management platform relates to incorrect restrictions on XML links to external objects. Exploiting this vulnerability can allow a malicious actor, operating remotely, to gain unauthorized access to protected...

PT-2023-3647 · Apple · Macos Ventura +5

Name of the Vulnerable Software and Affected Versions: iOS versions prior to 16.5 iPadOS versions prior to 16.5 watchOS versions prior to 9.5 tvOS versions prior to 16.5 macOS Ventura versions prior to 13.4 Description: The issue is related to errors in state management in the System Settings...

The vulnerability of the Windows NFS Portmapper component on Windows operating systems, which allows a hacker to disclose sensitive information

The vulnerability of the Windows NFS Portmapper component in operating systems involves a lack of protection for service data. Exploiting this vulnerability allows a malicious actor to disclose the protected information remotely...

The vulnerability of the sub-component “Application” within the Oracle Financial Services Behavior Detection Platform of the banking analytics system’s simulation model. This vulnerability allows a perpetrator to gain unauthorized access to protected information.

The vulnerability of the sub-component “Application” within the Oracle Financial Services Behavior Detection Platform of a bank analytics system’s simulation model involves insufficient validation of input data. Exploiting this vulnerability could allow an attacker operating remotely to gain...

The vulnerability of the Web Server component of the Oracle PeopleSoft Enterprise PeopleTools business application allows a perpetrator to gain unauthorized access to protected information.

The vulnerability of the Web Server component of the Oracle PeopleSoft Enterprise PeopleTools business application exists due to insufficient validation of input data. Exploiting this vulnerability may allow an attacker, operating remotely, to gain unauthorized access to protected information...

The vulnerability of the Hotspot component of Oracle’s software platform and the Oracle GraalVM Enterprise Edition virtual machine allows attackers to disclose protected information.

The vulnerability of the Hotspot component of Oracle’s software platform and the Oracle GraalVM Enterprise Edition virtual machine exists due to insufficient testing of input data. Exploiting this vulnerability can allow a malicious actor, operating remotely, to disclose sensitive information...

The vulnerability of the Security component of the Oracle BI Publisher software allows a perpetrator to disclose protected information.

The vulnerability of the Security component of the Oracle BI Publisher software exists due to insufficient verification of input data. Exploiting this vulnerability can allow a malicious actor to disclose sensitive information through HTTP requests...

The vulnerability of the Merge request approvals function in the software platform based on Git for collaborative code development on GitLab allows a violator to gain unauthorized access to protected information.

The vulnerability of the Merge request approvals function in a Git-based software platform for collaborative code development on GitLab is related to the provision of direct links to objects. Exploiting this vulnerability could allow an attacker, operating remotely, to gain unauthorized access to...

CVE-2023-29103

A vulnerability has been identified in SIMATIC Cloud Connect 7 CC712 All versions = V2.0 = V2.0 V2.1, SIMATIC Cloud Connect 7 CC716 All versions V2.1. The affected device uses a hard-coded password to protect the diagnostic files. This could allow an authenticated attacker to access protected dat...

CVE-2023-29103

A vulnerability has been identified in SIMATIC Cloud Connect 7 CC712 All versions = V2.0 = V2.0 V2.1, SIMATIC Cloud Connect 7 CC716 All versions V2.1. The affected device uses a hard-coded password to protect the diagnostic files. This could allow an authenticated attacker to access protected dat...

CVE-2023-21493

Improper access control vulnerability in SemShareFileProvider prior to SMR May-2023 Release 1 allows local attackers to access protected data...

Improper access control

Improper access control vulnerability in SemShareFileProvider prior to SMR May-2023 Release 1 allows local attackers to access protected data...

CVE-2023-21493

Improper access control vulnerability in SemShareFileProvider prior to SMR May-2023 Release 1 allows local attackers to access protected data...

SAMSUNG Mobile devices 安全漏洞

SAMSUNG Mobile devices are a range of Samsung mobile devices, including cell phones, tablets, etc. from the South Korean company Samsung SAMSUNG. A security vulnerability previously existed in SAMSUNG Mobile devices SMR May-2023 Release 1 version, which originated when SemShareFileProvider allowe...

CVE-2023-21493

CVE-2023-21493 affects SemShareFileProvider prior to SMR May-2023 Release 1. The vulnerability is an improper access-control issue that enables local attackers to access protected data. Root cause is insufficient access restrictions on SemShareFileProvider components. Affected software is SemShar...

CVE-2023-21493

Improper access control vulnerability in SemShareFileProvider prior to SMR May-2023 Release 1 allows local attackers to access protected data...

The vulnerability of the Administer Workforce component of the PeopleSoft Enterprise HCM Human Resources platform allows a malicious individual to gain unauthorized access to protected information.

The vulnerability of the Administer Workforce component of the PeopleSoft Enterprise HCM Human Resources platform exists due to insufficient validation of input data. Exploiting this vulnerability could allow an attacker, operating remotely, to gain unauthorized access to protected information...

The vulnerability of the Web Server component of the Oracle BI Publisher software, which is used for creating reports, allows a hacker to disclose protected information.

The vulnerability of the Web Server component of the Oracle BI Publisher software exists due to insufficient verification of input data. Exploiting this vulnerability can allow an attacker, operating remotely, to disclose sensitive information through HTTP requests...