| CVE |
Vendors |
Products |
Updated |
CVSS v3.1 |
| An image with a version lower than the fuse version may potentially be booted lead to improper authentication. |
|
Dell NetWorker 19.6.1.2, contains an OS command injection Vulnerability in the NetWorker client. A remote unauthenticated attacker could potentially exploit this vulnerability, leading to the execution of arbitrary OS commands on the application's underlying OS, with the privileges of the vulnerable application. This is a high severity vulnerability as the exploitation allows an attacker to take complete control of a system, so Dell recommends customers to upgrade at the earliest opportunity.
|
| In JetBrains TeamCity before 2023.05 improper permission checks allowed users without appropriate permissions to edit Build Configuration settings via REST API |
| In JetBrains TeamCity before 2023.05 stored XSS in the Show Connection page was possible |
| In JetBrains TeamCity before 2023.05 possible XSS in the Plugin Vendor URL was possible |
| In JetBrains TeamCity before 2023.05 parameters of the "password" type from build dependencies could be logged in some cases |
| In JetBrains TeamCity before 2023.05 open redirect during oAuth configuration was possible |
| In JetBrains TeamCity before 2023.05 stored XSS in the NuGet feed page was possible |
| In JetBrains TeamCity before 2023.05 reflected XSS in the Subscriptions page was possible |
| In JetBrains TeamCity before 2023.05 a specific endpoint was vulnerable to brute force attacks |
| In JetBrains TeamCity before 2023.05 authentication checks were missing – 2FA was not checked for some sensitive account actions |
| In JetBrains TeamCity before 2023.05 stored XSS in GitLab Connection page was possible |
| A denial of service vulnerability exists in Contec CONPROSYS HMI System versions 3.5.2 and prior. When there is a time-zone mismatch in certain configuration files, a remote, unauthenticated attacker may deny logins for an extended period of time. |
| mx-chain-go is an implementation of the MultiversX blockchain protocol written in the Go language. Metachain cannot process a cross-shard miniblock. Prior to version 1.4.16, an invalid transaction with the wrong username on metachain is not treated correctly on the metachain transaction processor. This is strictly a processing issue that could have happened on MultiversX chain. If an error like this had occurred, the metachain would have stopped notarizing blocks from the shard chains. The resuming of notarization is possible only after applying a patched binary version. A patch in version 1.4.16 introduces `processIfTxErrorCrossShard` for the metachain transaction processor. There are no known workarounds for this issue.
|
| Deno is a runtime for JavaScript and TypeScript. In deno 1.34.0 and deno_runtime 0.114.0, outbound HTTP requests made using the built-in `node:http` or `node:https` modules are incorrectly not checked against the network permission allow list (`--allow-net`). Dependencies relying on these built-in modules are subject to the vulnerability too. Users of Deno versions prior to 1.34.0 are unaffected. Deno Deploy users are unaffected. This problem has been patched in Deno v1.34.1 and deno_runtime 0.114.1 and all users are recommended to update to this version. No workaround is available for this issue.
|
| Formcreator is a GLPI plugin which allow creation of custom forms and the creation of one or more tickets when the form is filled. A probable stored cross-site scripting vulnerability is present in Formcreator 2.13.5 and prior via the use of the use of `##FULLFORM##` for rendering. This could result in arbitrary javascript code execution in an admin/tech context. A patch is unavailable as of time of publication. As a workaround, one may use a regular expression to remove `< > "` in all fields. |
| QSEE will randomly experience a fatal error during execution due to speculative instruction fetches from device memory. Device memory is not valid executable memory. |
| Information disclosure due to uninitialized variable. |
| WIPOTEC GmbH ComScale v4.3.29.21344 and v4.4.12.723 fails to validate user sessions, allowing unauthenticated attackers to read files from the underlying operating system and obtain directory listings. |
| An issue in WIPOTEC GmbH ComScale v4.3.29.21344 and v4.4.12.723 allows unauthenticated attackers to login as any user without a password. |
