CVE-2023-5028

A vulnerability, which was classified as problematic, has been found in China Unicom TEWA-800G 4.16L.04CT2015Yueme. Affected by this issue is some unknown functionality. The manipulation leads to information exposure through debug log file. It is possible to launch the attack on the physical...

Information disclosure

A vulnerability, which was classified as problematic, has been found in China Unicom TEWA-800G 4.16L.04CT2015Yueme. Affected by this issue is some unknown functionality. The manipulation leads to information exposure through debug log file. It is possible to launch the attack on the physical...

CVE-2023-5028 China Unicom TEWA-800G debug log file

A vulnerability, which was classified as problematic, has been found in China Unicom TEWA-800G 4.16L.04CT2015Yueme. Affected by this issue is some unknown functionality. The manipulation leads to information exposure through debug log file. It is possible to launch the attack on the physical...

CVE-2023-5028 China Unicom TEWA-800G debug log file

A vulnerability, which was classified as problematic, has been found in China Unicom TEWA-800G 4.16L.04CT2015Yueme. Affected by this issue is some unknown functionality. The manipulation leads to information exposure through debug log file. It is possible to launch the attack on the physical...

CVE-2023-4986

A vulnerability classified as problematic was found in Supcon InPlant SCADA up to 20230901. Affected by this vulnerability is an unknown functionality of the file Project.xml. The manipulation leads to password hash with insufficient computational effort. Local access is required to approach this...

Design/Logic Flaw

A vulnerability classified as problematic was found in Supcon InPlant SCADA up to 20230901. Affected by this vulnerability is an unknown functionality of the file Project.xml. The manipulation leads to password hash with insufficient computational effort. Local access is required to approach this...

CVE-2023-4986 Supcon InPlant SCADA Project.xml unknown vulnerability

A vulnerability classified as problematic was found in Supcon InPlant SCADA up to 20230901. Affected by this vulnerability is an unknown functionality of the file Project.xml. The manipulation leads to password hash with insufficient computational effort. Local access is required to approach this...

GHSA-CGWF-W82Q-5JRR Apache Commons Compress denial of service vulnerability

Improper Input Validation, Uncontrolled Resource Consumption vulnerability in Apache Commons Compress in TAR parsing.This issue affects Apache Commons Compress: from 1.22 before 1.24.0. Users are recommended to upgrade to version 1.24.0, which fixes the issue. A third party can create a malformed...

CVE-2023-42503 Apache Commons Compress: Denial of service via CPU consumption for malformed TAR file

Improper Input Validation, Uncontrolled Resource Consumption vulnerability in Apache Commons Compress in TAR parsing.This issue affects Apache Commons Compress: from 1.22 before 1.24.0. Users are recommended to upgrade to version 1.24.0, which fixes the issue. A third party can create a malformed...

CVE-2023-41892

Craft CMS is a platform for creating digital experiences. This is a high-impact, low-complexity attack vector. Users running Craft installations before 4.4.15 are encouraged to update to at least that version to mitigate the issue. This issue has been fixed in Craft CMS 4.4.15...

CVE-2023-41892 Craft CMS Remote Code Execution vulnerability

Craft CMS is a platform for creating digital experiences. This is a high-impact, low-complexity attack vector. Users running Craft installations before 4.4.15 are encouraged to update to at least that version to mitigate the issue. This issue has been fixed in Craft CMS 4.4.15...

GHSA-4W8R-3XRW-V25G Craft CMS Remote Code Execution vulnerability

Impact This is a high-impact, low-complexity attack vector. Users running Craft installations before 4.4.15 are encouraged to update to at least that version to mitigate the issue. Mitigations This has been fixed in Craft 4.4.15. You should ensure you’re running at least that version. Refresh you...

ROS-20230911-10

Vulnerability of EmailValidator and URLValidator components of Django web application software platform is related to the use of regular expression with inefficient computational complexity when processing domain name labels in emails and URLs. domain name labels in emails and URLs. Exploitation ...

PT-2023-5067 · Microsoft · Azure Kubernetes Service

Name of the Vulnerable Software and Affected Versions: Microsoft Azure Kubernetes Service affected versions not specified Description: The issue is related to insufficient access controls in the Microsoft Azure Kubernetes Service, which can be exploited by a remote attacker to elevate their...

Oracle Linux 5 : mcstrans (ELSA-2007-0542)

The remote Oracle Linux 5 host has a package installed that is affected by a vulnerability as referenced in the ELSA-2007-0542 advisory. 0.2.6-1 - Don't allow categories 1023 Resolves: 288941 0.2.3-1 - Additional fix to handle ssh root/sysadmr/s0:c1,c2 Resolves: 224637 0.2.1-1 - Rewrite to handle...

Race condition

WireMock is a tool for mocking HTTP services. The proxy mode of WireMock, can be protected by the network restrictions configuration, as documented in Preventing proxying to and recording from specific target addresses. These restrictions can be configured using the domain names, and in such a ca...

CVE-2023-41329 Domain restrictions bypass via DNS Rebinding in WireMock and WireMock Studio

WireMock is a tool for mocking HTTP services. The proxy mode of WireMock, can be protected by the network restrictions configuration, as documented in Preventing proxying to and recording from specific target addresses. These restrictions can be configured using the domain names, and in such a ca...

CVE-2023-4743 Dreamer CMS file access

A vulnerability was found in Dreamer CMS up to 4.1.3. It has been classified as problematic. Affected is an unknown function of the file /upload/ueditorConfig?action=config. The manipulation leads to files or directories accessible. It is possible to launch the attack remotely. The complexity of ...

CVE-2023-4711

A vulnerability, which was classified as critical, has been found in D-Link DAR-8000-10 up to 20230819. Affected by this issue is some unknown functionality of the file /log/decodmail.php. The manipulation of the argument file leads to os command injection. The attack may be launched remotely. Th...

Command injection

A vulnerability, which was classified as critical, has been found in D-Link DAR-8000-10 up to 20230819. Affected by this issue is some unknown functionality of the file /log/decodmail.php. The manipulation of the argument file leads to os command injection. The attack may be launched remotely. Th...