268 matches found
CVE-2023-5767
A vulnerability exists in the webserver that affects the RTU500 series product versions listed below. A malicious actor could perform cross-site scripting on the webserver due to an RDT language file being improperly sanitized...
ASB-A-301094654
In TBD of TBD, there is a possible malicious update to platform components due to improperly used crypto. This could lead to local escalation of privilege with no additional execution privileges needed. User interaction is not needed for exploitation...
CVE-2023-43177
CrushFTP prior to 10.5.1 is vulnerable to Improperly Controlled Modification of Dynamically-Determined Object Attributes...
CVE-2023-43177
CrushFTP prior to 10.5.1 is vulnerable to Improperly Controlled Modification of Dynamically-Determined Object Attributes...
Design/Logic Flaw
CrushFTP prior to 10.5.1 is vulnerable to Improperly Controlled Modification of Dynamically-Determined Object Attributes...
CVE-2023-43177
CrushFTP prior to 10.5.1 is vulnerable to Improperly Controlled Modification of Dynamically-Determined Object Attributes...
CVE-2023-43177
CrushFTP prior to 10.5.1 is vulnerable to Improperly Controlled Modification of Dynamically-Determined Object Attributes...
Zoom Client Code Issue Vulnerability
Zoom Client is a video conferencing client application from Zoom USA that supports multiple platforms. A code issue vulnerability exists in Zoom Client that stems from an improperly checked condition. It could allow an authenticated user to perform a denial of service via network access...
Google Chrome Security Vulnerability
Google Chrome is a web browser from Google, Inc. A security vulnerability exists in Google Chrome that stems from an improperly executed vulnerability in the Downloads module...
CVE-2023-21358
In UWB Google, there is a possible way for a malicious app to masquerade as system app com.android.uwb.resources due to improperly used crypto. This could lead to local escalation of privilege with no additional execution privileges needed. User interaction is not needed for exploitation...
Juniper Junos OS Vulnerability (JSA73145)
The version of Junos OS installed on the remote host is affected by a vulnerability as referenced in the JSA73145 advisory. - An Improperly Implemented Security Check for Standard vulnerability in storm control of Juniper Networks Junos OS QFX5k devices allows packets to be punted to ARP queue...
CVE-2023-44181
The vulnerability CVE-2023-44181 affects Juniper Networks Junos OS on QFX5k devices, caused by an improperly implemented security check in storm control. When storm control is enabled and ICMPv6 traffic is present, packets can be punted to the ARP queue, creating an L2 loop that can lead to DoS c...
CVE-2023-44181 Junos OS: QFX5k: l2 loop in the overlay impacts the stability in a EVPN/VXLAN environment
An Improperly Implemented Security Check for Standard vulnerability in storm control of Juniper Networks Junos OS QFX5k devices allows packets to be punted to ARP queue causing a l2 loop resulting in a DDOS violations and DDOS syslog. This issue is triggered when Storm control is enabled and ICMP...
Juniper Networks Junos OS Code Issue Vulnerability
Juniper Networks Junos OS is a Juniper Networks network operating system for the company's hardware devices. The OS provides a secure programming interface and the Junos SDK. Juniper Networks Junos OS contains a code issue vulnerability that arises from an improperly checked exception or anomaly...
RHEL 9 : Red Hat Ceph Storage 6.1 (RHSA-2023:5693)
The remote Redhat Enterprise Linux 9 host has packages installed that are affected by multiple vulnerabilities as referenced in the RHSA-2023:5693 advisory. Red Hat Ceph Storage is a scalable, open, software-defined storage platform that combines the most stable version of the Ceph storage system...
Code injection
In Microchip MPLAB Net 3.6.1, TCP ISNs are improperly random...
CVE-2020-27633
In FNET 4.6.3, TCP ISNs are improperly random...
CVE-2020-27631
In Oryx CycloneTCP 1.9.6, TCP ISNs are improperly random...
GitHub: [PATs] Ability to leak comments from issues without ANY "Issues" repo permissions by utilizing "Pull Request" permissions
An incorrect authorization vulnerability in GitHub Enterprise Server allowed issue comments to be read without proper permissions through improperly scoped tokens...
SAMSUNG Mobile devices security vulnerability
SAMSUNG Mobile devices are a range of Samsung mobile devices, including cell phones, tablets, etc., from the South Korean company Samsung SAMSUNG. A security vulnerability exists in SAMSUNG Mobile devices SMR Sep-2023 Release 1 prior to version 1, which stems from an improperly exported android...