CVE-2023-4638

Removed by vendor...

CVE-2022-43739

IBM Security Verify Access OpenID Connect Provider container is affected by CVE-2022-43739, which could disclose information to a local user via log files, potentially aiding further attacks. Affected product: IBM Security Verify Access OIDC Provider container (all versions). Root cause: informat...

CVE-2023-32803

CVE-2023-32803 is referenced in multiple Amazon Linux advisories (ALAS/AL2) related to the ca-certificates package. The root cause is that an initial fix for CVE-2022-23491 did not properly remove root certificates from TrustCor, leaving the store vulnerable. Affected environments include Amazon ...

CVE-2104-3465

The connected Mageia advisory MGASA-2014-0248 documents CVE-2104-3465 as a NULL pointer dereference in GnuTLS (gnutls_x509_dn_oid_name()) when parsing X.509 certificates with certain OIDs, potentially returning NULL and enabling a buffer overflow on the client during TLS/SSL handshakes, with a se...

CVE-2016-1000247

CVE-2016-1000247 affects mpg123/libmpg123: a flaw in the id3 tag processing code can cause a buffer over-read leading to a denial of service. Debian and Mageia advisories fix it by updating mpg123 packages (e.g., Debian 1.14.4-1+deb7u1). Ubuntu and OSV/NASL entries also reference the vulnerabilit...

CVE-2015-20170

CVE-2015-20170 concerns the mailcap.findmatch() function in Python where the second argument is not sanitized, enabling shell command injection. The CloudLinux update CLSA-2022:1658347112 states that CVE-2015-20170 has been fixed in Python (via a provided update). The connected document does not ...

CVE-2022-420004

CVE-2022-42004 is listed in IBM’s bulletin as part of the Jackson-Databind vulnerabilities affecting Eclipse Jetty/Jackson libraries; the entry describes a Denial of Service via Jackson Databind BeanDeserializer._deserializeFromArray, triggered by deeply nested arrays that exhaust resources. The ...

CVE-2023-358900

The connected IBM bulletin confirms CVE-2023-358900 affects IBM WebSphere Application Server traditional when shipped with IBM Intelligent Operations Center (IOC). Affected IOC versions: 1.5.0, 1.6.0, 1.6.0.1, 1.6.0.2, 1.6.0.3, and IOC for Emergency Management (Linux) 1.6.0. Remediation is to ins...

CVE-2022-237732

IBM Security Bulletin for CVE-2022-237732 (treated as CVE-2022-23773 in the IBM document) indicates an unspecified Golang Go vulnerability that may affect Watson CP4D Data Stores. Affected: all versions before IBM Cloud Pak for Data 4.7.0. Impact is not fully specified beyond the CVSS base score ...

CVE-2023-30593

Grav CMS

CVE-2023-30595

CVE-2023-30595 (Grav CMS) involves a server-side template injection in GravExtension.filterFilter() for Grav

CVE-2023-30596

Summary: CVE-2023-30596 is a Grav CMS vulnerability (SSTI) in Grav

CVE-2022-32758

CVE-2022-32758 is listed in IBM’s Security Directory Suite bulletin as a vulnerability where a remote attacker could hijack the clicking action of a victim by guiding them to a malicious site. The affected product context is IBM Security Directory Server within IBM Security Directory Suite, with ...

CVE-2023-21119

CVE-2023-21119 is listed in the Pixel May 2023 security bulletin as a DoS vulnerability in the Hardware Composer service . Affected product family: Google Pixel devices; subtype: hardware/compositor component. Severity is noted as Moderate . The remediation guidance is to apply patch level 2023-0...

CVE-2014-1865

The CVE-2014-1865 entry is supported by a Veracode advisory (VERACODE:4217) describing an information-disclosure vulnerability in fat_free_crm where password-related attributes — password_hash , password_salt , and password_confirmation — are not filtered from logs, exposing sensitive data to mal...

CVE-2014-1866

The connected VERACODE entry documents a vulnerability in fat_free_crm: Information leakage via error pages. The root cause is that consider_all_requests_local is set to true by default in production, causing 404 and 500 error pages to expose server setup information. The document does not provid...

CVE-2017-9672

Technical details for CVE-2017-9672 are not publicly available in the provided documents. Monitor for updates from the issuing organization; no affected products, versions, or exploitation details are specified here.

CVE-2018-12119

CVE-2018-12119 is a reserved candidate in Initial Description; connected data indicates a Cross-site Scripting (XSS) issue in knowledge_repo due to lack of sanitization of user-supplied parameters (e.g., comments) when rendering templates. The vulnerability is tied to knowledge_repo’s web renderi...

CVE-2018-18902

Grafana (singlestat panel) is vulnerable to cross-site scripting (XSS) because the prefix and postfix fields are not properly sanitized, allowing an attacker to inject and execute arbitrary JavaScript in a victim’s browser. The connected Veracode entry confirms the XSS issue but provides no explo...

CVE-2018-7646

The connected Veracode entry identifies a denial of service in svgexport caused by a missing timeout when loading an external image. Impact is DoS; no exploit details are provided in the supplied documents. No CVE-specific remediation is stated here; monitor for updates.