Total
595 CVE
| CVE | Vendors | Products | Updated | CVSS v2 | CVSS v3 |
|---|---|---|---|---|---|
| CVE-2023-50328 | 1 Ibm | 1 Powersc | 2024-02-02 | N/A | 5.3 MEDIUM |
| IBM PowerSC 1.3, 2.0, and 2.1 may allow a remote attacker to view session identifiers passed via URL query strings. IBM X-Force ID: 275110. | |||||
| CVE-2023-24523 | 1 Sap | 1 Host Agent | 2024-02-01 | N/A | 8.8 HIGH |
| An attacker authenticated as a non-admin user with local access to a server port assigned to the SAP Host Agent (Start Service) - versions 7.21, 7.22, can submit a crafted ConfigureOutsideDiscovery request with an operating system command which will be executed with administrator privileges. The OS command can read or modify any user or system data and can make the system unavailable. | |||||
| CVE-2023-38994 | 1 Univention | 1 Univention Corporate Server | 2024-01-31 | N/A | 7.8 HIGH |
| The 'check_univention_joinstatus' prometheus monitoring script (and other scripts) in UCS 5.0-5 revealed the LDAP plaintext password of the machine account in the process list allowing attackers with local ssh access to gain higher privileges and perform followup attacks. By default, the configuration of UCS does not allow local ssh access for regular users. | |||||
| CVE-2022-20917 | 1 Cisco | 1 Jabber | 2024-01-25 | N/A | 4.3 MEDIUM |
| A vulnerability in the Extensible Messaging and Presence Protocol (XMPP) message processing feature of Cisco Jabber could allow an authenticated, remote attacker to manipulate the content of XMPP messages that are used by the affected application. This vulnerability is due to the improper handling of nested XMPP messages within requests that are sent to the Cisco Jabber client software. An attacker could exploit this vulnerability by connecting to an XMPP messaging server and sending crafted XMPP messages to an affected Jabber client. A successful exploit could allow the attacker to manipulate the content of XMPP messages, possibly allowing the attacker to cause the Jabber client application to perform unsafe actions. | |||||
| CVE-2024-22049 | 1 John Nunemaker | 1 Httparty | 2024-01-23 | N/A | 5.3 MEDIUM |
| httparty before 0.21.0 is vulnerable to an assumed-immutable web parameter vulnerability. A remote and unauthenticated attacker can provide a crafted filename parameter during multipart/form-data uploads which could result in attacker controlled filenames being written. | |||||
| CVE-2022-34364 | 1 Dell | 1 Bsafe Ssl-j | 2024-01-22 | N/A | 4.4 MEDIUM |
| Dell BSAFE SSL-J, versions before 6.5 and version 7.0 contain a debug message revealing unnecessary information vulnerability. This may lead to disclosing sensitive information to a locally privileged user. . | |||||
| CVE-2023-45145 | 3 Debian, Fedoraproject, Redis | 3 Debian Linux, Fedora, Redis | 2024-01-21 | N/A | 3.6 LOW |
| Redis is an in-memory database that persists on disk. On startup, Redis begins listening on a Unix socket before adjusting its permissions to the user-provided configuration. If a permissive umask(2) is used, this creates a race condition that enables, during a short period of time, another process to establish an otherwise unauthorized connection. This problem has existed since Redis 2.6.0-RC1. This issue has been addressed in Redis versions 7.2.2, 7.0.14 and 6.2.14. Users are advised to upgrade. For users unable to upgrade, it is possible to work around the problem by disabling Unix sockets, starting Redis with a restrictive umask, or storing the Unix socket file in a protected directory. | |||||
| CVE-2024-21597 | 1 Juniper | 1 Junos | 2024-01-19 | N/A | 7.5 HIGH |
| An Exposure of Resource to Wrong Sphere vulnerability in the Packet Forwarding Engine (PFE) of Juniper Networks Junos OS on MX Series allows an unauthenticated, network-based attacker to bypass the intended access restrictions. In an Abstracted Fabric (AF) scenario if routing-instances (RI) are configured, specific valid traffic destined to the device can bypass the configured lo0 firewall filters as it's received in the wrong RI context. This issue affects Juniper Networks Junos OS on MX Series: * All versions earlier than 20.4R3-S9; * 21.2 versions earlier than 21.2R3-S3; * 21.4 versions earlier than 21.4R3-S5; * 22.1 versions earlier than 22.1R3; * 22.2 versions earlier than 22.2R3; * 22.3 versions earlier than 22.3R2. | |||||
| CVE-2023-6955 | 1 Gitlab | 1 Gitlab | 2024-01-18 | N/A | 5.3 MEDIUM |
| An improper access control vulnerability exists in GitLab Remote Development affecting all versions prior to 16.5.6, 16.6 prior to 16.6.4 and 16.7 prior to 16.7.2. This condition allows an attacker to create a workspace in one group that is associated with an agent from another group. | |||||
| CVE-2024-0443 | 3 Fedoraproject, Linux, Redhat | 3 Fedora, Linux Kernel, Enterprise Linux | 2024-01-18 | N/A | 5.5 MEDIUM |
| A flaw was found in the blkgs destruction path in block/blk-cgroup.c in the Linux kernel, leading to a cgroup blkio memory leakage problem. When a cgroup is being destroyed, cgroup_rstat_flush() is only called at css_release_work_fn(), which is called when the blkcg reference count reaches 0. This circular dependency will prevent blkcg and some blkgs from being freed after they are made offline. This issue may allow an attacker with a local access to cause system instability, such as an out of memory error. | |||||
| CVE-2012-5639 | 3 Apache, Debian, Libreoffice | 3 Openoffice, Debian Linux, Libreoffice | 2024-01-04 | 4.3 MEDIUM | 6.5 MEDIUM |
| LibreOffice and OpenOffice automatically open embedded content | |||||
| CVE-2023-48291 | 1 Apache | 1 Airflow | 2023-12-28 | N/A | 4.3 MEDIUM |
| Apache Airflow, in versions prior to 2.8.0, contains a security vulnerability that allows an authenticated user with limited access to some DAGs, to craft a request that could give the user write access to various DAG resources for DAGs that the user had no access to, thus, enabling the user to clear DAGs they shouldn't. This is a missing fix for CVE-2023-42792 in Apache Airflow 2.7.2 Users of Apache Airflow are strongly advised to upgrade to version 2.8.0 or newer to mitigate the risk associated with this vulnerability. | |||||
| CVE-2021-43216 | 1 Microsoft | 10 Windows 10, Windows 11, Windows 7 and 7 more | 2023-12-28 | 6.8 MEDIUM | 6.5 MEDIUM |
| Microsoft Local Security Authority (LSA) Server Information Disclosure Vulnerability | |||||
| CVE-2023-42792 | 1 Apache | 1 Airflow | 2023-12-21 | N/A | 6.5 MEDIUM |
| Apache Airflow, in versions prior to 2.7.2, contains a security vulnerability that allows an authenticated user with limited access to some DAGs, to craft a request that could give the user write access to various DAG resources for DAGs that the user had no access to, thus, enabling the user to clear DAGs they shouldn't. Users of Apache Airflow are strongly advised to upgrade to version 2.7.2 or newer to mitigate the risk associated with this vulnerability. | |||||
| CVE-2022-21964 | 1 Microsoft | 1 Windows 10 | 2023-12-21 | 4.9 MEDIUM | 5.5 MEDIUM |
| Remote Desktop Licensing Diagnoser Information Disclosure Vulnerability | |||||
| CVE-2023-49344 | 1 Ubuntubudgie | 1 Budgie Extras | 2023-12-20 | N/A | 7.8 HIGH |
| Temporary data passed between application components by Budgie Extras Window Shuffler applet could potentially be viewed or manipulated. The data is stored in a location that is accessible to any user who has local access to the system. Attackers may pre-create and control this file to present false information to users or deny access to the application and panel. | |||||
| CVE-2023-49343 | 1 Ubuntubudgie | 1 Budgie Extras | 2023-12-20 | N/A | 7.8 HIGH |
| Temporary data passed between application components by Budgie Extras Dropby applet could potentially be viewed or manipulated. The data is stored in a location that is accessible to any user who has local access to the system. Attackers may pre-create and control this file to present false information to users or deny access to the application and panel. | |||||
| CVE-2023-49342 | 1 Ubuntubudgie | 1 Budgie Extras | 2023-12-20 | N/A | 7.8 HIGH |
| Temporary data passed between application components by Budgie Extras Clockworks applet could potentially be viewed or manipulated. The data is stored in a location that is accessible to any user who has local access to the system. Attackers may pre-create and control this file to present false information to users or deny access to the application and panel. | |||||
| CVE-2023-49345 | 1 Ubuntubudgie | 1 Budgie Extras | 2023-12-20 | N/A | 7.8 HIGH |
| Temporary data passed between application components by Budgie Extras Takeabreak applet could potentially be viewed or manipulated. The data is stored in a location that is accessible to any user who has local access to the system. Attackers may pre-create and control this file to present false information to users or deny access to the application and panel. | |||||
| CVE-2023-49346 | 1 Ubuntubudgie | 1 Budgie Extras | 2023-12-20 | N/A | 7.8 HIGH |
| Temporary data passed between application components by Budgie Extras WeatherShow applet could potentially be viewed or manipulated. The data is stored in a location that is accessible to any user who has local access to the system. Attackers may pre-create and control this file to present false information to users or deny access to the application and panel. | |||||