Use-After-Free in MongoDB FLE Query Analysis When Processing Positional Projections on Encrypted Fields

A use-after-free vulnerability exists in MongoDB's Field-Level Encryption FLE query analysis component, affecting client-side uses of mongocryptd and cryptshared. Triggering this vulnerability requires control over the structure of a client's FLE-related query. This issue impacts MongoDB Server’s...

CVE-2023-1837

Missing Authentication for critical function vulnerability in HYPR Server allows Authentication Bypass when using Legacy APIs.This issue affects HYPR Server: before 8.0 with enabled Legacy APIs...

SUSE CVE-2010-2779

Cross-site scripting XSS vulnerability in WebAccess in Novell GroupWise 8.x before 8.0 SP2 allows remote attackers to inject arbitrary web script or HTML via a crafted message, related to "replies."...

ESKOM Univera Computer System Panorama Operating System Command Injection Vulnerability

ESKOM Univera Computer System Panorama is an application from ESKOM, Inc. An operating system command injection vulnerability exists in ESKOM Univera Computer System Panorama versions prior to 8.0, which arises from incorrect neutralization of special elements used in operating system commands,...

HYPR Server 访问控制错误漏洞

HYPR Server is a server from HYPR, Inc. A security vulnerability exists in versions of HYPR Server prior to 8.0 that stems from not properly performing authentication...

PT-2018-10013 · Johnson Controls · Johnson Controls Metasys System +1

Name of the Vulnerable Software and Affected Versions: Johnson Controls Metasys System versions 8.0 and prior BCPro BCM versions prior to 3.0.2 Description: This issue results from improper error handling in HTTP-based communications with the server, which could allow an attacker to obtain...