PT-2023-8562 · Apache · Apache Ofbiz

Name of the Vulnerable Software and Affected Versions: Apache OFBiz versions prior to 18.12.09 Description: The issue is related to missing authentication in the Solr plugin of Apache OFBiz, allowing a remote attacker to modify protected information. It is estimated that around 1,891 devices are...

SUSE CVE-2023-46490

SQL Injection vulnerability in Cacti v1.2.25 allows a remote attacker to obtain sensitive information via the formactions function in the managers.php function...

PT-2023-29784 · Senayan · Slims Senayan Library Management System +1

Name of the Vulnerable Software and Affected Versions: Senayan Library Management Systems Slims version 9 Senayan Library Management Systems Bulian version 9.6.1 Description: The issue allows a remote attacker to obtain sensitive information and execute arbitrary code via a crafted script to the...

Cacti SQL Injection Vulnerability

Cacti is a set of open source network traffic monitoring and analysis tools from the Cacti team. The tool obtains data via snmpget, analyzes it using RRDtool drawing graphs, and provides data and user management features. A SQL injection vulnerability exists in Cacti v1.2.25, which stems from...

CVE-2023-38847

An issue in CHRISTINA JAPAN Line v.13.6.1 allows a remote attacker to obtain sensitive information via crafted GET request...

PT-2023-26627 · Unknown · Christina Japan Line

Name of the Vulnerable Software and Affected Versions: CHRISTINA JAPAN Line version 13.6.1 Description: An issue in CHRISTINA JAPAN Line allows a remote attacker to obtain sensitive information via a crafted GET request. Recommendations: For version 13.6.1, consider restricting access to sensitiv...

Line Security Breach

Line is an instant messaging platform from Line, Inc. Line suffers from a security vulnerability that originates in the applet rmc R Beauty CLINIC Line version v.13.6.1 which allows remote attackers to obtain sensitive information via a crafted GET request...

The vulnerability of the CORBA software platform component of Oracle Java SE allows a perpetrator to gain read, modify, add, or delete access to data.

The vulnerability of the CORBA software platform of Oracle Java SE is related to insufficient validation of input data. Exploiting this vulnerability can allow an attacker to gain read, modify, add, or delete access to data remotely...

UBUNTU-CVE-2023-22067

Vulnerability in the Oracle Java SE, Oracle GraalVM Enterprise Edition product of Oracle Java SE component: CORBA. Supported versions that are affected are Oracle Java SE: 8u381, 8u381-perf; Oracle GraalVM Enterprise Edition: 20.3.11 and 21.3.7. Easily exploitable vulnerability allows...

CVE-2022-43891

IBM Security Verify Privilege On-Premises 11.5 could allow a remote attacker to obtain sensitive information when a detailed technical error message is returned in the browser. This information could be used in further attacks against the system. IBM X-Force ID: 240454...

Vulnerability of Windows operating system deployment services, allowing attackers to disclose sensitive information

The vulnerability of Windows operating system deployment services is related to the lack of protection for service data. Exploiting this vulnerability can allow a malicious actor to disclose the protected information remotely...

The vulnerability of embedded Qualcomm data modems allows a perpetrator to gain access to read, modify, add, or delete data.

The vulnerability of embedded Qualcomm data modems is related to deficiencies in authentication procedures. Exploiting this vulnerability could allow a malicious actor to gain access to read, modify, add, or delete data remotely...

CVE-2023-43700

Missing Authorization in RDT400 in SICK APU allows an unprivileged remote attacker to modify data via HTTP requests that no not require authentication...

The vulnerability of the application software interface of the Cisco DNA Center allows a hacker to read and modify data in its internal repository.

The vulnerability of the Cisco DNA Center’s application programming interface is related to errors in access management. Exploiting this vulnerability allows a malicious actor to remotely read and modify data in the internal repository by sending specially crafted API requests...

Remote code execution

yt-dlp is a youtube-dl fork with additional features and fixes. yt-dlp allows the user to provide shell command lines to be executed at various stages in its download steps through the --exec flag. This flag allows output template expansion in its argument, so that metadata values may be used in...

CVE-2023-42322

Insecure Permissions vulnerability in icmsdev iCMS v.7.0.16 allows a remote attacker to obtain sensitive information...

The vulnerability of Eclipse Jetty servlet containers, related to the lack of protection for service data, allows attackers to obtain confidential information.

The vulnerability of the concat server servlet in Eclipse Jetty is related to the lack of protection for service data. Exploiting this vulnerability can allow a malicious actor to obtain confidential information remotely...

PT-2023-5890 · Open5Gs · Open5Gs

Name of the Vulnerable Software and Affected Versions: Open5GS affected versions not specified Description: The issue is related to the lack of authentication in the Open5GS implementation of the GTP protocol for mobile networks. This allows a remote attacker to send an HTTP request to an Open5GS...

The vulnerability of the Hotspot component of Oracle’s software platform and the Oracle GraalVM Enterprise Edition virtual machine allows a perpetrator to gain access to modify, add, or delete data.

The vulnerability of the Hotspot component of Oracle’s software platform and the Oracle GraalVM Enterprise Edition virtual machine is related to a numerical overflow condition. Exploiting this vulnerability can allow an attacker to gain access to modify, add, or delete data remotely...

The vulnerability of the JAXP component of the Oracle Java SE software platform and the Oracle GraalVM Enterprise Edition virtual machine allows attackers to disclose protected information.

The vulnerability of the JAXP component of the Oracle Java SE software platform and the Oracle GraalVM Enterprise Edition virtual machine is related to errors in cross-border deletion of critical data. Exploiting this vulnerability can allow a malicious actor to disclose protected information...