Common Vulnerabilities and Exposures

Description XXL-RPC is a high performance, distributed RPC framework. With it, a TCP server can be set up using the

Description Apache Commons BCEL has a number of APIs that would normally only allow changing specific class characteristics. However, due

Description Cisco is aware of active exploitation of a previously unknown vulnerability in the web UI feature of Cisco IOS

Description The Linux kernel before 6.5.4 has an es1 use-after-free in fs/ext4/extents_status.c, related to ext4_es_insert_extent. References https://lore.kernel.org/lkml/aa03f191-445c-0d2e-d6d7-0a3208d7df7a%40huawei.com/T/ https://www.spinics.net/lists/stable-commits/msg317086.html https://lkml.org/lkml/2023/8/13/477 https://github.com/torvalds/linux/commit/768d612f79822d30a1e7d132a4d4b05337ce42ec

Description Potential buffer overflow vulnerability in the Zephyr IEEE 802.15.4 nRF 15.4 driver. References https://github.com/zephyrproject-rtos/zephyr/security/advisories/GHSA-rf6q-rhhp-pqhf For More Information CVERecord

Description SnapCenter versions 3.x and 4.x prior to 4.9 are susceptible to a vulnerability which may allow an authenticated unprivileged

Description A malicious HTTP/2 client which rapidly creates requests and immediately resets them can cause excessive server resource consumption. While

Description Election Services Co. (ESC) Internet Election Service is vulnerable to SQL injection in multiple pages and parameters. These vulnerabilities

Description IBM Spectrum Protect Client and IBM Storage Protect for Virtual Environments 8.1.0.0 through 8.1.19.0 could allow a local user

Description Improper Neutralization of Special Elements used in an SQL Command (‘SQL Injection’) vulnerability in Turna Advertising Administration Panel allows

Description Dell SmartFabric Storage Software version 1.3 and lower contain an improper input validation vulnerability. A remote unauthenticated attacker may

Description A vulnerability in Cisco Emergency Responder could allow an unauthenticated, remote attacker to log in to an affected device

Description This vulnerability allows an authenticated attacker to upload malicious files by bypassing the restrictions of the upload functionality, compromising

Description Memory corruption in WLAN Firmware while doing a memory copy of pmk cache. References https://www.qualcomm.com/company/product-security/bulletins/october-2023-bulletin For More Information CVERecord

Description A remote unauthorized attacker may connect to the SIM1012, interact with the device and change configuration settings. The adversary

Description An issue was discovered in net/ceph/messenger_v2.c in the Linux kernel before 6.4.5. There is an integer signedness error, leading

Description A vulnerability in the Security Assertion Markup Language (SAML) APIs of Cisco Catalyst SD-WAN Manager Software could allow an

Description With a specially crafted WebP lossless file, libwebp may write data out of bounds to the heap. The ReadHuffmanCodes()

Description Frauscher Sensortechnik GmbH FDS101 for FAdC/FAdCi v1.4.24 and all previous versions are vulnerable to a remote code execution (RCE)

Description Incorrect verifier pruning in BPF in Linux Kernel >=5.4 leads to unsafe code paths being incorrectly marked as safe,

Description SQLpage is a SQL-only webapp builder. Someone using SQLpage versions prior to 0.11.1, whose SQLpage instance is exposed publicly,

Description ASUS router RT-AX88U has a vulnerability of using externally controllable format strings within its Advanced Open VPN function. An

Description JumpServer is an open source bastion host and a professional operation and maintenance security audit system. Starting in version

Description Improper Neutralization of Special Elements used in an SQL Command (‘SQL Injection’) vulnerability in Ncode Ncep allows SQL Injection.This