| CVE |
Vendors |
Products |
Updated |
CVSS v3.1 |
| DoS in KAS in GitLab CE/EE affecting all versions from 16.10.0 prior to 16.10.6 and 16.11.0 prior to 16.11.3 allows an attacker to crash KAS via crafted gRPC requests. |
| An issue was discovered in GitLab CE/EE affecting all versions starting from 16.1 prior to 16.11.5, starting from 17.0 prior to 17.0.3, and starting from 17.1 prior to 17.1.1, which allows non-project member to promote key results to objectives. |
| IBM InfoSphere Information Server 11.7 could allow a local user to update projects that they do not have the authorization to access. IBM X-Force ID: 258254. |
| Missing Authentication for Critical Function vulnerability in Honeywell OneWireless allows Authentication Bypass. This issue affects OneWireless version 322.1 |
|
Use of Insufficiently Random Values in Honeywell OneWireless. This vulnerability may allow attacker to manipulate claims in client's JWT token. This issue affects OneWireless version 322.1 |
| Memory corruption while creating a LPAC client as LPAC engine was allowed to access GPU registers. |
| An attacker having physical access to WDM can plug USB device to gain access and execute unwanted commands. A malicious user could enter a system command along with a backup configuration, which could result in the execution of unwanted commands. This issue affects OneWireless all versions up to 322.1 and fixed in version 322.2. |
| Transient DOS while processing an improperly formatted Fine Time Measurement (FTM) management frame. |
| A remote attacker can trigger a denial of service in the socket.remoteAddress variable, by sending a crafted HTTP request. Usage of the undefined variable raises a TypeError exception.
|
| Dell OpenManage Server Administrator, versions 11.0.1.0 and prior, contains a Local Privilege Escalation vulnerability via XSL Hijacking. A local low-privileged malicious user could potentially exploit this vulnerability and escalate their privilege to the admin user and gain full control of the machine. Exploitation may lead to a complete system compromise. |
| CKAN is an open-source data management system for powering data hubs and data portals. Prior to versions 2.9.9 and 2.10.1, the `ckan` user (equivalent to www-data) owned code and configuration files in the docker container and the `ckan` user had the permissions to use sudo. These issues allowed for code execution or privilege escalation if an arbitrary file write bug was available. Versions 2.9.9, 2.9.9-dev, 2.10.1, and 2.10.1-dev contain a patch.
|
| A vulnerability exists in a FOXMAN-UN and UNEM logging component, it only affects systems that use remote authentication to the network elements.
If exploited an attacker could obtain confidential information.
List of CPEs:
* cpe:2.3:a:hitachienergy:foxman_un:R9C:*:*:*:*:*:*:*
* cpe:2.3:a:hitachienergy:foxman_un:R10C:*:*:*:*:*:*:*
* cpe:2.3:a:hitachienergy:foxman_un:R11A:*:*:*:*:*:*:*
* cpe:2.3:a:hitachienergy:foxman_un:R11B:*:*:*:*:*:*:*
* cpe:2.3:a:hitachienergy:foxman_un:R14A:*:*:*:*:*:*:*
* cpe:2.3:a:hitachienergy:foxman_un:R14B:*:*:*:*:*:*:*
* cpe:2.3:a:hitachienergy:foxman_un:R15A:*:*:*:*:*:*:*
* cpe:2.3:a:hitachienergy:foxman_un:R15B:*:*:*:*:*:*:*
* cpe:2.3:a:hitachienergy:foxman_un:R16A:*:*:*:*:*:*:*
*
* cpe:2.3:a:hitachienergy:unem:R9C:*:*:*:*:*:*:*
* cpe:2.3:a:hitachienergy: unem :R10C:*:*:*:*:*:*:*
* cpe:2.3:a:hitachienergy: unem :R11A:*:*:*:*:*:*:*
* cpe:2.3:a:hitachienergy: unem :R11B:*:*:*:*:*:*:*
* cpe:2.3:a:hitachienergy: unem :R14A:*:*:*:*:*:*:*
* cpe:2.3:a:hitachienergy: unem :R14B:*:*:*:*:*:*:*
* cpe:2.3:a:hitachienergy: unem :R15A:*:*:*:*:*:*:*
* cpe:2.3:a:hitachienergy: unem :R15B:*:*:*:*:*:*:*
* cpe:2.3:a:hitachienergy: unem :R16A:*:*:*:*:*:*:*
|
| Xibo is a content management system (CMS). An SQL injection vulnerability was discovered starting in version 3.2.0 and prior to version 3.3.5 in the `nameFilter` function used throughout the CMS. This allows an authenticated user to exfiltrate data from the Xibo database by injecting specially crafted values for logical operators. Users should upgrade to version 3.3.5 which fixes this issue. There are no known workarounds aside from upgrading. |
| Xibo is a content management system (CMS). An SQL injection vulnerability was discovered starting in version 3.2.0 and prior to version 3.3.2 in the `/display/map` API route inside the CMS. This allows an authenticated user to exfiltrate data from the Xibo database by injecting specially crafted values in to the `bounds` parameter. Users should upgrade to version 3.3.5, which fixes this issue. There are no known workarounds aside from upgrading. |
| A known cache speculation vulnerability, known as Branch History Injection (BHI) or Spectre-BHB, becomes actual again for the new hw AmpereOne. Spectre-BHB is similar to Spectre v2, except that malicious code uses the shared branch history (stored in the CPU Branch History Buffer, or BHB) to influence mispredicted branches within the victim's hardware context. Once that occurs, speculation caused by the mispredicted branches can cause cache allocation. This issue leads to obtaining information that should not be accessible. |
| TOTOLINK X5000R V9.1.0u.6118_B20201102 and V9.1.0u.6369_B20230113 contains a command insertion vulnerability in setDiagnosisCfg.This vulnerability allows an attacker to execute arbitrary commands through the "ip" parameter. |
| Incorrect Access Control in the module "My inventory" (myinventory) <= 1.6.6 from Webbax for PrestaShop, allows a guest to download personal information without restriction by performing a path traversal attack. |
| Cross-site scripting vulnerability exists in CONPROSYS HMI System (CHS) versions prior to 3.5.3. If a user who can access the affected product with an administrative privilege configures specially crafted settings, an arbitrary script may be executed on the web browser of the other user who is accessing the affected product with an administrative privilege. |
| Incorrect permission assignment for critical resource exists in CONPROSYS HMI System (CHS) versions prior to 3.5.3. ACL (Access Control List) is not appropriately set to the local folder where the affected product is installed, therefore a wide range of privileges is permitted to a user of the PC where the affected product is installed. As a result, the user may be able to destroy the system and/or execute a malicious program. |
| All versions of the package github.com/xyproto/algernon/engine; all versions of the package github.com/xyproto/algernon/themes are vulnerable to Cross-site Scripting (XSS) via the themes.NoPage(filename, theme) function due to improper user input sanitization. Exploiting this vulnerability is possible when a file/resource is not found.
|
