CVE-2023-20864 : VMWARE ARIA OPERATIONS FOR LOGS UP TO 8.8.X/8.10.2 DESERIALIZATION
Description VMware Aria Operations for Logs contains a deserialization vulnerability. An unauthenticated, malicious actor with network access to VMware Aria
Description VMware Aria Operations for Logs contains a deserialization vulnerability. An unauthenticated, malicious actor with network access to VMware Aria
Description The Flexi Classic and Flexi Soft Gateways SICK UE410-EN3 FLEXI ETHERNET GATEW., SICK UE410-EN1 FLEXI ETHERNET GATEW., SICK UE410-EN3S04
Description A CWE-129: Improper validation of an array index vulnerability exists where a specially crafted Ethernet request could result in
Description vm2 is a sandbox that can run untrusted code with whitelisted Node’s built-in modules. There exists a vulnerability in
Description Authentication Bypass by Alternate Name vulnerability in DTS Electronics Redline Router firmware allows Authentication Bypass.This issue affects Redline Router:
Description memory corruption in modem due to improper check while calculating size of serialized CoAP message. References https://www.qualcomm.com/company/product-security/bulletins/april-2023-bulletin For More
Description An issue found in D-Link DSL-3782 v.1.03 allows remote authenticated users to execute arbitrary code as root via the
Description Due to missing authentication and input sanitization of code the EventLogServiceCollector of SAP Diagnostics Agent – version 720, allows
Description IBM TRIRIGA 4.0 is vulnerable to an XML external entity injection (XXE) attack when processing XML data. A remote
Description Dell Power Manager, versions 3.10 and prior, contains an Improper Access Control vulnerability. A low-privileged attacker could potentially exploit
Description Yellobrik PEC-1864 implements authentication checks via javascript in the frontend interface. When the device can be accessed over the
Description A vulnerability in the web-based management interface of Cisco Secure Network Analytics could allow an authenticated, remote attacker to
Description The listed versions of Nexx Smart Home devices could allow any user to register an already registered alarm or
Description Improper Neutralization of Special Elements used in an SQL Command (‘SQL Injection’) vulnerability in Akbim Computer Panon allows SQL
Description Generex UPS CS141 below 2.06 version, could allow a remote attacker to upload a firmware file containing a webshell
Description PrestaShop/paypal is an open source module for the PrestaShop web commerce ecosystem which provides paypal payment support. A SQL
Description Panasonic AiSEG2 versions 2.00J through 2.93A allows adjacent attackers bypass authentication due to mishandling of X-Forwarded-For headers. References https://www2.panasonic.biz/jp/densetsu/aiseg/firmup_info.html
Description This vulnerability allows remote attackers to bypass authentication on affected installations of Ivanti Avalanche 6.3.2.3490. Although authentication is required
Description This vulnerability allows remote attackers to execute arbitrary code on affected installations of Netatalk. Authentication is not required to
Description discordrb is an implementation of the Discord API using Ruby. In discordrb before commit `91e13043ffa` the `encoder.rb` file unsafely
Description Use of Default Password vulnerability in ABB RCCMD on Windows, Linux, MacOS allows Try Common or Default Usernames and
Description baserCMS is a Content Management system. Prior to version 4.7.5, any file may be uploaded on the management system
Description Improper Neutralization of Special Elements used in an SQL Command (‘SQL Injection’) vulnerability in As Koc Energy Web Report
Description In affected versions, a path traversal exists when processing a message in Rockwell Automation’s ThinManager ThinServer. An unauthenticated remote