CVE-2024-53406

Espressif Esp idf v5.3.0 is vulnerable to Insecure Permissions resulting in Authentication bypass. In the reconnection phase, the device reuses the session key from a previous connection session, creating an opportunity for attackers to execute security bypass attacks...

CVE-2024-51428

An issue in Espressif Esp idf v5.3.0 allows attackers to cause a Denial of Service DoS via a crafted data channel packet...

CVE-2024-51428

CVE-2024-51428 affects Espressif ESP-IDF, specifically version 5.3.0 , where a vulnerability in the data channel handling can allow an unauthenticated attacker to cause a Denial of Service (DoS) by sending a crafted data channel packet. The available documents consistently describe DoS impact but...

CVE-2024-51428

An issue in Espressif Esp idf v5.3.0 allows attackers to cause a Denial of Service DoS via a crafted data channel packet...

CVE-2022-45722

ezEIP v5.3.00649 was discovered to contain a cross-site scripting XSS vulnerability...

CVE-2022-48021

A vulnerability in Zammad v5.3.0 allows attackers to execute arbitrary code or escalate privileges via a crafted message sent to the server...

CVE-2022-48022

An issue in the component /api/v1/mentions of Zammad v5.3.0 allows authenticated attackers with agent permissions to view information about tickets they are not authorized to see...

CVE-2022-48023

Insufficient privilege verification in Zammad v5.3.0 allows an authenticated attacker to perform changes on the tags of their customer tickets using the Zammad API. This is now corrected in v5.3.1 so that only agents with write permissions may change ticket tags...

CVE-2022-48023

Insufficient privilege verification in Zammad v5.3.0 allows an authenticated attacker to perform changes on the tags of their customer tickets using the Zammad API. This is now corrected in v5.3.1 so that only agents with write permissions may change ticket tags...

CVE-2022-48021

A vulnerability in Zammad v5.3.0 allows attackers to execute arbitrary code or escalate privileges via a crafted message sent to the server...

Design/Logic Flaw

A vulnerability in Zammad v5.3.0 allows attackers to execute arbitrary code or escalate privileges via a crafted message sent to the server...

Design/Logic Flaw

An issue in the component /api/v1/mentions of Zammad v5.3.0 allows authenticated attackers with agent permissions to view information about tickets they are not authorized to see...

CVE-2022-48023

Zammad CVE-2022-48023: A privilege-verification flaw in Zammad v5.3.0 permits an authenticated user to modify ticket tags via the API. The issue is corrected in v5.3.1, restricting tag changes to agents with write permissions. The available documents do not provide exploitation details. If using ...

CVE-2022-48023

Insufficient privilege verification in Zammad v5.3.0 allows an authenticated attacker to perform changes on the tags of their customer tickets using the Zammad API. This is now corrected in v5.3.1 so that only agents with write permissions may change ticket tags...

CVE-2022-41550

GNU oSIP v5.3.0 was discovered to contain an integer overflow via the component osipbodyparseheader...

CVE-2022-41550

GNU oSIP v5.3.0 was discovered to contain an integer overflow via the component osipbodyparseheader...

Content Egg < 5.3.0 - Reflected Cross-Site Scripting

The plugin does not sanitise and escape the page parameter before outputting back in an attribute in the Autoblogging admin dashboard, leading to a Reflected Cross-Site Scripting PoC...

Pac4j token validation bypass if OpenID Connect provider supports none algorithm

If an OpenID Connect provider supports the “none” algorithm i.e., tokens with no signature, pac4j v5.3.0 and prior does not refuse it without an explicit configuration on its side or for the “idtoken” response type which is not secure and violates the OpenID Core Specification. The "none" algorit...

CVE-2021-44878

If an OpenID Connect provider supports the "none" algorithm i.e., tokens with no signature, pac4j v5.3.0 and prior does not refuse it without an explicit configuration on its side or for the "idtoken" response type which is not secure and violates the OpenID Core Specification. The "none" algorit...

CVE-2021-44878

If an OpenID Connect provider supports the "none" algorithm i.e., tokens with no signature, pac4j v5.3.0 and prior does not refuse it without an explicit configuration on its side or for the "idtoken" response type which is not secure and violates the OpenID Core Specification. The "none" algorit...