Apache Tomcat Request Smuggling Vulnerability (Nov 2023) - Windows

Apache Tomcat is prone to a request smuggling vulnerability. SPDX-FileCopyrightText: 2023 Greenbone AG Some text descriptions might be excerpted from a referenced sources, and are Copyright C by the respective right holders. SPDX-License-Identifier: GPL-2.0-only CPE = "cpe:/a:apache:tomcat"; if...

carterasonline.com Improper Access Control vulnerability OBB-3795171

Following the coordinated and responsible vulnerability disclosure guidelines of the ISO 29147 standard, Open Bug Bounty has: a. verified the vulnerability and confirmed its existence; b. notified the website operator about its existence. Technical details of the vulnerability are currently hidde...

asugoconsulting.com Improper Access Control vulnerability OBB-3793396

Following the coordinated and responsible vulnerability disclosure guidelines of the ISO 29147 standard, Open Bug Bounty has: a. verified the vulnerability and confirmed its existence; b. notified the website operator about its existence. Technical details of the vulnerability are currently hidde...

yannlemouel.com Cross Site Scripting vulnerability OBB-3785689

Following the coordinated and responsible vulnerability disclosure guidelines of the ISO 29147 standard, Open Bug Bounty has: a. verified the vulnerability and confirmed its existence; b. notified the website operator about its existence. Technical details of the vulnerability are currently hidde...

Security Updates for Microsoft Exchange Server (November 2023)

The Microsoft Exchange Server installed on the remote host is missing a security update. It is, therefore, affected by multiple vulnerabilities as referenced in the Nov, 2023 security bulletin. - Microsoft Exchange Server Spoofing Vulnerability CVE-2023-36035, CVE-2023-36039, CVE-2023-36050 -...

AMD Server Vulnerabilities – Nov 2023

Bulletin ID: AMD-SB-3002 Potential Impact: Varies by CVE, see descriptions below Severity: Varies by CVE, see descriptions below Summary Potential vulnerabilities in the AMD Secure Processor ASP, AMD System Management Unit SMU, AMD Secure Encrypted Virtualization SEV, AMD Secure Encrypted...

CVE-2023-42537

An improper input validation in getheadcrc in libsaped prior to SMR Nov-2023 Release 1 allows local attackers to cause out-of-bounds read and write...

CVE-2023-42536

An improper input validation in sapeddec in libsaped prior to SMR Nov-2023 Release 1 allows local attackers to cause out-of-bounds read and write...

CVE-2023-42534

Improper input validation vulnerability in ChooserActivity prior to SMR Nov-2023 Release 1 allows local attackers to read arbitrary files with system privilege...

CVE-2023-42533

Improper Input Validation with USB Gadget Interface prior to SMR Nov-2023 Release 1 allows a physical attacker to execute arbitrary code in Kernel...

CVE-2023-42532

Improper Certificate Validation in FotaAgent prior to SMR Nov-2023 Release1 allows remote attacker to intercept the network traffic including Firmware information...

CVE-2023-42529

Out-of-bound write vulnerability in libsec-ril prior to SMR Nov-2023 Release 1 allows local attackers to execute arbitrary code...

CVE-2023-42528

Improper Input Validation vulnerability in ProcessNvBuffering of libsec-ril prior to SMR Nov-2023 Release 1 allows local attacker to execute arbitrary code...

CVE-2023-42527

Improper input validation vulnerability in ProcessWriteFile of libsec-ril prior to SMR Nov-2023 Release 1 allows local attackers to expose sensitive information...

CVE-2023-30739

Arbitrary File Descriptor Write vulnerability in libsec-ril prior to SMR Nov-2023 Release 1 allows local attacker to execute arbitrary code...

Cross site scripting

Out-of-bounds Write in readblock of vold prior to SMR Nov-2023 Release 1 allows local attacker to execute arbitrary code...

Input validation

An improper input validation in getheadcrc in libsaped prior to SMR Nov-2023 Release 1 allows local attackers to cause out-of-bounds read and write...

Improper access control

Improper access control vulnerability in SmsController prior to SMR Nov-2023 Release1 allows local attackers to bypass restrictions on starting activities from the background...

Input validation

Improper Input Validation vulnerability in ProcessNvBuffering of libsec-ril prior to SMR Nov-2023 Release 1 allows local attacker to execute arbitrary code...

Input validation

Improper Input Validation with USB Gadget Interface prior to SMR Nov-2023 Release 1 allows a physical attacker to execute arbitrary code in Kernel...