1740 matches found
CVE-2023-20850
In imgsyscmdq, there is a possible out of bounds write due to a missing valid range checking. This could lead to local escalation of privilege with System execution privileges needed. User interaction is needed for exploitation. Patch ID: ALPS07340433; Issue ID: ALPS07340381...
Out-of-bounds
In imgsyscmdq, there is a possible out of bounds read due to a missing valid range checking. This could lead to local escalation of privilege with System execution privileges needed. User interaction is needed for exploitation. Patch ID: ALPS07340433; Issue ID: ALPS07340433...
Out-of-bounds
In imgsyscmdq, there is a possible out of bounds read due to a missing valid range checking. This could lead to local information disclosure with System execution privileges needed. User interaction is needed for exploitation. Patch ID: ALPS07354058; Issue ID: ALPS07340121...
Design/Logic Flaw
In imgsyscmdq, there is a possible use after free due to a missing valid range checking. This could lead to local escalation of privilege with System execution privileges needed. User interaction is needed for exploitation. Patch ID: ALPS07340433; Issue ID: ALPS07340350...
Spoofing
borgbackup is an opensource, deduplicating archiver with compression and authenticated encryption. A flaw in the cryptographic authentication scheme in borgbackup allowed an attacker to fake archives and potentially indirectly cause backup data loss in the repository. The attack requires an...
CLSA-2023-1693418632 openssl: Fix of CVE-2023-3817
CVE-2023-3817: Add a prior check and process only correct DH keys...
CVE-2023-20266
A vulnerability in Cisco Emergency Responder, Cisco Unified Communications Manager Unified CM, Cisco Unified Communications Manager Session Management Edition Unified CM SME, and Cisco Unity Connection could allow an authenticated, remote attacker to elevate privileges to root on an affected...
CVE-2023-40756
User enumeration is found in PHPJabbers Callback Widget v1.0. This issue occurs during password recovery, where a difference in messages could allow an attacker to determine if the user is valid or not, enabling a brute force attack with valid users...
CVE-2023-40762
User enumeration is found in PHPJabbers Fundraising Script v1.0. This issue occurs during password recovery, where a difference in messages could allow an attacker to determine if the user is valid or not, enabling a brute force attack with valid users...
CVE-2023-40761
User enumeration is found in PHPJabbers Yacht Listing Script v2.0. This issue occurs during password recovery, where a difference in messages could allow an attacker to determine if the user is valid or not, enabling a brute force attack with valid users...
CVE-2023-40763
User enumeration is found in PHPJabbers Taxi Booking Script v2.0. This issue occurs during password recovery, where a difference in messages could allow an attacker to determine if the user is valid or not, enabling a brute force attack with valid users...
PT-2023-27623 · Phpjabbers · Phpjabbers Document Creator
Name of the Vulnerable Software and Affected Versions: PHPJabbers Document Creator version 1.0 Description: The issue is related to user enumeration, which occurs during the password recovery process. A difference in messages could allow an attacker to determine if a user is valid or not, enablin...
PT-2023-25313 · Zoho · Zoho Manageengine Servicedesk Plus +14
Name of the Vulnerable Software and Affected Versions: Zoho ManageEngine Active Directory 360 versions 4315 and below Zoho ManageEngine ADAudit Plus versions 7202 and below Zoho ManageEngine ADManager Plus versions 7200 and below Zoho ManageEngine Asset Explorer versions 6993 and below Zoho...
Malicious code in wpi-rules-valid-events (npm)
--- -= Per source details. Do not edit below this line.=- Source: ossf-package-analysis 1f8f8319f361dae60da61058ccd4776881160f6a820fbad5fe51373e6084e45b The OpenSSF Package Analysis project identified 'wpi-rules-valid-events' @ 6.6.6 npm as malicious. It is considered malicious because: - The...
WEM Console - A valid license server with appropriate licenses needs to be configured
When opening the WEM server this gives an error"A valid license server with appropriate licenses needs to be configured" The license server and port are correctly configured in WEM Infrastructure Service console The licenses have the correct SA DAte in Citrix Studio Servers are reachable over the...
Cross site scripting
Multiple vulnerabilities in the web-based management interface of Cisco Prime Infrastructure and Cisco Evolved Programmable Network Manager EPNM could allow an authenticated, remote attacker to conduct a stored cross-site scripting XSS attack against a user of the interface on an affected device...
Authentication flaw
Jenkins Tuleap Authentication Plugin 1.1.20 and earlier uses a non-constant time comparison function when validating an authentication token allowing attackers to use statistical methods to obtain a valid authentication token...
PT-2023-28731 · Satellite · Satellite
Name of the Vulnerable Software and Affected Versions: Satellite affected versions not specified Description: An arithmetic overflow flaw was found in Satellite when creating a new personal access token. This flaw allows an attacker to create personal access tokens that are valid indefinitely,...
SecurityCouncilMemberSyncAction : perform function can be continually DOSed which will prevent the valid update the members of the gnosis safe
Lines of code Vulnerability details Impact The securityCouncil update will be prevented by continuously calling the perform function. Since the function rely on the nonce value, this function can be continuously called and nonce value is updated. This would prevent the valid security council upda...
Hardcoded credentials
In PHOENIX CONTACTs WP 6xxx series web panels in versions prior to 4.0.10 an authenticated, remote attacker with admin privileges is able to read hardcoded cryptographic keys allowing the attacker to create valid session cookies. These session-cookies created by the attacker are not sufficient to...