Common Vulnerabilities and Exposures

Description Adobe ColdFusion versions 2018u18 (and earlier), 2021u8 (and earlier) and 2023u2 (and earlier) are affected by a Deserialization of

Description User authentication with username and password credentials is ineffective in OpenText (Micro Focus) Visual COBOL, COBOL Server, Enterprise Developer,

Description IBM Aspera Faspex 5.0.5 could allow a malicious actor to bypass IP whitelist restrictions using a specially crafted HTTP

Description Potential security vulnerabilities have been identified in Hewlett Packard Enterprise OneView Software. These vulnerabilities could be remotely exploited to

Description A vulnerability in the single sign-on (SSO) implementation of Cisco BroadWorks Application Delivery Platform and Cisco BroadWorks Xtended Services

Description Memory corruption in WLAN Firmware while parsing receieved GTK Keys in GTK KDE. References https://www.qualcomm.com/company/product-security/bulletins/september-2023-bulletin For More Information CVERecord

Description A vulnerability was found in Tenda AC8 16.03.34.06_cn_TDC01. It has been declared as critical. Affected by this vulnerability is

Description Apache Airflow SMTP Provider before 1.3.0, Apache Airflow IMAP Provider before 3.3.0, and Apache Airflow before 2.7.0 are affected

Description Buffer Copy without Checking Size of Input (‘Classic Buffer Overflow’), Out-of-bounds Write, Download of Code Without Integrity Check vulnerability

Description Due to improper input validation, a remote attacker could execute arbitrary commands on the target system. References https://csirt.divd.nl/CVE-2023-25915 https://csirt.divd.nl/DIVD-2023-00025

Description N.V.K.INTER CO., LTD. (NVK) iBSG v3.5 was discovered to contain a hardcoded root password which allows attackers to login

Description Puma is a Ruby/Rack web server built for parallelism. Prior to versions 6.3.1 and 5.6.7, puma exhibited incorrect behavior

Description Dispatch is an open source security incident management tool. The server response includes the JWT Secret Key used for

Description IBM Security Guardium 10.6, 11.3, 11.4, and 11.5 could allow a remote authenticated attacker to execute arbitrary commands on

Description Broadcom RAID Controller is vulnerable to Privilege escalation to root due to creation of insecure folders by Web GUI.

Description A non-feature complete authentication mechanism exists in the production application allowing an attacker to bypass all authentication checks if

Description XXE injection in /rtc/post/ endpoint in OpenMNS Horizon 31.0.8 and versions earlier than 32.0.2 on multiple platforms is vulnerable

Description Uncontrolled search path for the Intel(R) AI Hackathon software before version 2.0.0 may allow an unauthenticated user to potentially

Description Parcel mismatch in AuthenticationConfig prior to SMR Aug-2023 Release 1 allows local attacker to privilege escalation. References https://security.samsungmobile.com/securityUpdate.smsb?year=2023&month=08 For

Description Improper neutralization of special elements in Zoom Desktop Client for Windows and Zoom VDI Client before 5.15.2 may allow

Description SAP PowerDesigner – version 16.7, has improper access control which might allow an unauthenticated attacker to run arbitrary queries

Description A vulnerability classified as critical was found in SourceCodester Free Hospital Management System for Small Practices 1.0. Affected by

Description LinuxASMCallGraph is software for drawing the call graph of the programming code. Linux ASMCallGraph before commit 20dba06bd1a3cf260612d4f21547c25002121cd5 allows attackers

Description A user is capable of assigning him/herself to arbitrary groups by reusing a POST request issued by an administrator.