CVE-2023-31198

OS command injection vulnerability exists in Wi-Fi AP UNIT allows. If this vulnerability is exploited, a remote authenticated attacker with an administrative privilege to execute an arbitrary OS command. Affected products and versions are as follows: AC-PD-WAPU v1.05B04 and earlier, AC-PD-WAPUM...

CVE-2023-1711

A vulnerability exists in a FOXMAN-UN and UNEM logging component, it only affects systems that use remote authentication to the network elements. If exploited an attacker could obtain confidential information. List of CPEs: cpe:2.3:a:hitachienergy:foxmanun:R9C:::::::...

CVE-2023-1711

A vulnerability exists in a FOXMAN-UN and UNEM logging component, it only affects systems that use remote authentication to the network elements. If exploited an attacker could obtain confidential information. List of CPEs: cpe:2.3:a:hitachienergy:foxmanun:R9C:::::::...

Authentication flaw

A vulnerability exists in a FOXMAN-UN and UNEM logging component, it only affects systems that use remote authentication to the network elements. If exploited an attacker could obtain confidential information. List of CPEs: cpe:2.3:a:hitachienergy:foxmanun:R9C:::::::...

CVE-2023-1711

A vulnerability exists in a FOXMAN-UN and UNEM logging component, it only affects systems that use remote authentication to the network elements. If exploited an attacker could obtain confidential information. List of CPEs: cpe:2.3:a:hitachienergy:foxmanun:R9C:::::::...

CVE-2023-1711

CVE-2023-1711 affects Hitachi Energy FOXMAN-UN and UNEM logging components. Affected products/versions include FOXMAN-UN: R9C, R10C, R11A, R11B, R14A, R14B, R15A, R15B, R16A and UNEM: R9C, R10C, R11A, R11B, R14A, R14B, R15A, R15B, R16A. The vulnerability is described as improper output neutraliza...

CVE-2023-1711

A vulnerability exists in a FOXMAN-UN and UNEM logging component, it only affects systems that use remote authentication to the network elements. If exploited an attacker could obtain confidential information. List of CPEs: cpe:2.3:a:hitachienergy:foxmanun:R9C:::::::...

CVE-2023-33947

The Object module in Liferay Portal 7.4.3.4 through 7.4.3.60, and Liferay DXP 7.4 before update 61 does not segment object definition by virtual instance in search which allows remote authenticated users in one virtual instance to view object definition from a second virtual instance by searching...

CVE-2023-33946

The Object module in Liferay Portal 7.4.3.4 through 7.4.3.48, and Liferay DXP 7.4 before update 49 does properly isolate objects in difference virtual instances, which allows remote authenticated users in one virtual instance to view objects in a different virtual instance via OAuth 2 scope...

CVE-2023-27923

Cross-site scripting vulnerability in Tag edit function of VK Blocks 1.53.0.1 and earlier and VK Blocks Pro 1.53.0.1 and earlier allows a remote authenticated attacker to inject an arbitrary script...

CVE-2023-27512

CVE-2023-27512 affects Contec SolarView Compact SV-CPT-MC310 (pre-8.10) and SV-CPT-MC310F (pre-8.10). The root cause is use of hard-coded credentials, enabling a remote authenticated attacker to log in with administrative privileges and perform unintended operations. The vulnerability is addresse...

UBUNTU-CVE-2023-22348

Improper Authorization in RestAPI in Checkmk GmbH's Checkmk versions 2.1.0p28 and 2.2.0b8 allows remote authenticated users to read arbitrary hostconfigs...

CVE-2023-30503

Vulnerabilities exist in the Aruba EdgeConnect Enterprise command line interface that allow remote authenticated users to run arbitrary commands on the underlying host. Successful exploitation of these vulnerabilities result in the ability to execute arbitrary commands as root on the...

Design/Logic Flaw

Vulnerabilities exist in the Aruba EdgeConnect Enterprise command line interface that allow remote authenticated users to run arbitrary commands on the underlying host. Successful exploitation of these vulnerabilities result in the ability to execute arbitrary commands as root on the...

PT-2023-11473 · Loadbalancer.Org · Loadbalancer.Org Enterprise Va Max

Name of the Vulnerable Software and Affected Versions: Loadbalancer.org Enterprise VA MAX versions 8.3.8 and earlier Description: The issue allows a remote authenticated attacker to execute arbitrary code due to an OS Command Injection vulnerability. Recommendations: For versions 8.3.8 and earlie...

CVE-2023-31162

An Improper Input Validation vulnerability in the Schweitzer Engineering Laboratories Real-Time Automation Controller SEL RTAC Web Interface could allow a remote authenticated attacker to arbitrarily alter the content of a configuration file. See SEL Service Bulletin dated 2022-11-15 for more...

ALSA-2023:2166 Moderate: freeradius security and bug fix update

FreeRADIUS is a high-performance and highly configurable free Remote Authentication Dial In User Service RADIUS server, designed to allow centralized authentication and authorization for a network. Security Fixes: freeradius: Information leakage in EAP-PWD CVE-2022-41859 freeradius: Crash on...

Jedox 2020.2.5 - Disclosure of Database Credentials via Improper Access Controls Vulnerability

Exploit Title: Jedox 2020.2.5 - Disclosure of Database Credentials via Improper Access Controls Exploit Author: Team Syslifters / Christoph MAHRL, Aron MOLNAR, Patrick PIRKER and Michael WEDL Vendor Homepage: https://jedox.com Version: Jedox 2020.2 20.2.5 and older CVE : CVE-2022-47874 Introducti...

CVE-2022-47877

A Stored cross-site scripting vulnerability in Jedox 2020.2.5 allows remote, authenticated users to inject arbitrary web script or HTML in the Logs page via the log module 'log'...

PT-2023-22832 · Rsa · Archer Platform

Name of the Vulnerable Software and Affected Versions: Archer Platform versions 6.8 through 6.12 P6 before HF1 6.12.0.6.1 Description: The issue allows a remote authenticated malicious user to potentially exploit a stored XSS vulnerability, storing malicious HTML or JavaScript code in a trusted...