Security
Headlines
HeadlinesLatestCVEs

Headline

CVE-2023-25201: Security Advisories - usd HeroLab

Cross Site Request Forgery (CSRF) vulnerability in MultiTech Conduit AP MTCAP2-L4E1 MTCAP2-L4E1-868-042A v.6.0.0 allows a remote attacker to execute arbitrary code via a crafted script upload.

CVE
#sql#xss#csrf#vulnerability#web#ios#mac#windows#microsoft#linux#cisco#dos#apache#git#oracle#intel#php#backdoor#rce#ssrf#pdf#vmware#buffer_overflow#auth#bitbucket

Um Unternehmen vor Hackern und Kriminellen zu schützen, müssen wir sicherstellen, dass unsere Fähigkeiten und Kenntnisse stets auf dem neuesten Stand sind. Deshalb ist die Sicherheitsforschung für unsere Arbeit ebenso wichtig wie der Aufbau einer Security Community zur Förderung des Wissensaustausches. Denn mehr Sicherheit kann nur erreicht werden, wenn viele sie zu ihrer Aufgabe machen.

Unsere CST Academy und das usd HeroLab sind wesentliche Bestandteile unserer Sicherheitsmission. Das Wissen, das wir in unserer praktischen Arbeit und durch unsere Forschung gewinnen, teilen wir in Schulungen und Publikationen. In diesem Zusammenhang veröffentlicht das usd HeroLab eine Reihe von Beiträgen zu aktuellen Schwachstellen und Sicherheitsproblemen – stets im Einklang mit den Leitsätzen unserer Responsible Disclosure Policy.

Immer im Namen unserer Mission: „more security“.

Hier finden Sie die Security Advisories der vergangenen Monate:

06/2023

!!nicht bearbeiten!!

Your content goes here. Edit or remove this text inline or in the module Content settings. You can also style every aspect of this content in the module Design settings and even apply custom CSS to this text in the module Advanced settings.

usd-2022-0014 | Foswiki

Product: Foswiki
Vulnerability Type: Path Traversal (CWE-23)

More details: usd-2022-0014

!!nicht bearbeiten!!

Your content goes here. Edit or remove this text inline or in the module Content settings. You can also style every aspect of this content in the module Design settings and even apply custom CSS to this text in the module Advanced settings.

usd-2022-0011 | Foswiki

Product: Foswiki
Vulnerability Type: Cross-Site Scripting (CWE-79)

More details: usd-2022-0011

05/2023

!!nicht bearbeiten!!

Your content goes here. Edit or remove this text inline or in the module Content settings. You can also style every aspect of this content in the module Design settings and even apply custom CSS to this text in the module Advanced settings.

usd-2022-0048 (CVE-2022-45144) | Tracim

Product: Tracim
Vulnerability Type: Cross-Site Scripting (CWE-79)

More details: usd-2022-0048

04/2023

!!nicht bearbeiten!!

Your content goes here. Edit or remove this text inline or in the module Content settings. You can also style every aspect of this content in the module Design settings and even apply custom CSS to this text in the module Advanced settings.

usd-2022-0034 (CVE-2022-37955) | Microsoft Windows

Product: Microsoft Windows
Vulnerability Type: Improper Link Resolution Before File Access (CWE-59) - Privilege Escalation

More details: usd-2022-0034

03/2023

!!nicht bearbeiten!!

Your content goes here. Edit or remove this text inline or in the module Content settings. You can also style every aspect of this content in the module Design settings and even apply custom CSS to this text in the module Advanced settings.

usd-2022-0049 | Friendica

Product: Friendica
Vulnerability Type: Cross-Site Request Forgery (CSRF) (CWE-352)

More details: usd-2022-0049

!!nicht bearbeiten!!

Your content goes here. Edit or remove this text inline or in the module Content settings. You can also style every aspect of this content in the module Design settings and even apply custom CSS to this text in the module Advanced settings.

usd-2022-0050 | Friendica

Product: Friendica
Vulnerability Type: Cross-Site Scripting (CWE-79)

More details: usd-2022-0050

!!nicht bearbeiten!!

Your content goes here. Edit or remove this text inline or in the module Content settings. You can also style every aspect of this content in the module Design settings and even apply custom CSS to this text in the module Advanced settings.

usd-2023-0001 | Friendica

Product: Friendica
Vulnerability Type: Cross-Site Scripting (CWE-79)

More details: usd-2023-0001

!!nicht bearbeiten!!

Your content goes here. Edit or remove this text inline or in the module Content settings. You can also style every aspect of this content in the module Design settings and even apply custom CSS to this text in the module Advanced settings.

usd-2022-0002 | NCP Secure Enterprise Client

Product: NCP Secure Enterprise Client
Vulnerability Type: Improper Access Control (CWE-284) - Arbitrary File Delete

More details: usd-2022-0002

!!nicht bearbeiten!!

Your content goes here. Edit or remove this text inline or in the module Content settings. You can also style every aspect of this content in the module Design settings and even apply custom CSS to this text in the module Advanced settings.

usd-2022-0003 | NCP Secure Enterprise Client

Product: NCP Secure Enterprise Client
Vulnerability Type: Improper Access Control (CWE-284) - Arbitrary File Read

More details: usd-2022-0003

!!nicht bearbeiten!!

Your content goes here. Edit or remove this text inline or in the module Content settings. You can also style every aspect of this content in the module Design settings and even apply custom CSS to this text in the module Advanced settings.

usd-2022-0004 | NCP Secure Enterprise Client

Product: NCP Secure Enterprise Client
Vulnerability Type: Incorrect Default Permissions (CWE-276) - Insecure File Permissions

More details: usd-2022-0004

!!nicht bearbeiten!!

Your content goes here. Edit or remove this text inline or in the module Content settings. You can also style every aspect of this content in the module Design settings and even apply custom CSS to this text in the module Advanced settings.

usd-2022-0005 | NCP Secure Enterprise Client

Product: NCP Secure Enterprise Client
Vulnerability Type: Improper Access Control (CWE-284) - Insecure Registry Export

More details: usd-2022-0005

!!nicht bearbeiten!!

Your content goes here. Edit or remove this text inline or in the module Content settings. You can also style every aspect of this content in the module Design settings and even apply custom CSS to this text in the module Advanced settings.

usd-2022-0006 | NCP Secure Enterprise Client

Product: NCP Secure Enterprise Client
Vulnerability Type: Improper Access Control (CWE-284) - Privilege Escalation

More details: usd-2022-0006

02/2023

!!nicht bearbeiten!!

Your content goes here. Edit or remove this text inline or in the module Content settings. You can also style every aspect of this content in the module Design settings and even apply custom CSS to this text in the module Advanced settings.

usd-2022-0032 | Seafile

Product: Seafile
Vulnerability Type: Improper Neutralization of Input During Web Page Generation (‘Cross-site Scripting’) (CWE-79)

More details: usd-2022-0032

!!nicht bearbeiten!!

Your content goes here. Edit or remove this text inline or in the module Content settings. You can also style every aspect of this content in the module Design settings and even apply custom CSS to this text in the module Advanced settings.

usd-2022-0033 | Seafile

Product: Seafile
Vulnerability Type: URL Redirection to Untrusted Site (CWE-601)

More details: usd-2022-0033

01/2023

!!nicht bearbeiten!!

Your content goes here. Edit or remove this text inline or in the module Content settings. You can also style every aspect of this content in the module Design settings and even apply custom CSS to this text in the module Advanced settings.

usd-2022-0030 | Jellyfin

Product: Jellyfin
Vulnerability Type: Improper Neutralization of Input During Web Page Generation (‘Cross-site Scripting’) (CWE-79)

More details: usd-2022-0030

!!nicht bearbeiten!!

Your content goes here. Edit or remove this text inline or in the module Content settings. You can also style every aspect of this content in the module Design settings and even apply custom CSS to this text in the module Advanced settings.

usd-2022-0031 | Jellyfin

Product: Jellyfin
Vulnerability Type: Improper Neutralization of Input During Web Page Generation (‘Cross-site Scripting’) (CWE-79)

More details: usd-2022-0031

12/2022

!!nicht bearbeiten!!

Your content goes here. Edit or remove this text inline or in the module Content settings. You can also style every aspect of this content in the module Design settings and even apply custom CSS to this text in the module Advanced settings.

usd-2022-0042 | GitLab Community Edition

Product: GitLab Community Edition
Vulnerability Type: Uncontrolled Search Path Element (CWE-427)

More details: usd-2022-0042

11/2022

!!nicht bearbeiten!!

Your content goes here. Edit or remove this text inline or in the module Content settings. You can also style every aspect of this content in the module Design settings and even apply custom CSS to this text in the module Advanced settings.

usd-2022-0008 | Acronis Cyber Protect

Product: Acronis Cyber Protect
Vulnerability Type: Authentication Bypass (CWE-305)

More details: usd-2022-0008

!!nicht bearbeiten!!

Your content goes here. Edit or remove this text inline or in the module Content settings. You can also style every aspect of this content in the module Design settings and even apply custom CSS to this text in the module Advanced settings.

usd-2022-0035 | Apache Tomcat

Product: Apache Tomcat
Vulnerability Type: Improper Encoding or Escaping of Output (CWE-116)

More details: usd-2022-0035

!!nicht bearbeiten!!

Your content goes here. Edit or remove this text inline or in the module Content settings. You can also style every aspect of this content in the module Design settings and even apply custom CSS to this text in the module Advanced settings.

usd-2022-0036 | Apache Tomcat

Product: Apache Tomcat
Vulnerability Type: Improper Restriction of XML External Entity Reference (CWE-611)

More details: usd-2022-0036

10/2022

!!nicht bearbeiten!!

Your content goes here. Edit or remove this text inline or in the module Content settings. You can also style every aspect of this content in the module Design settings and even apply custom CSS to this text in the module Advanced settings.

usd-2022-0009 | Filerun

Product: Filerun
Vulnerability Type: CWE-79: Improper Neutralization of Input During Web Page Generation

More details: usd-2022-0009

!!nicht bearbeiten!!

Your content goes here. Edit or remove this text inline or in the module Content settings. You can also style every aspect of this content in the module Design settings and even apply custom CSS to this text in the module Advanced settings.

usd-2022-0010 | Filerun

Product: Filerun
Vulnerability Type: CWE-284: Improper Access Control

More details: usd-2022-0010

07/2022

!!nicht bearbeiten!!

Your content goes here. Edit or remove this text inline or in the module Content settings. You can also style every aspect of this content in the module Design settings and even apply custom CSS to this text in the module Advanced settings.

usd-2021-0027 | CleverReach

Product: CleverReach
Vulnerability Type: CWE-288: Authentication Bypass Using an Alternate Path or Channel

More details: usd-2021-0027

!!nicht bearbeiten!!

Your content goes here. Edit or remove this text inline or in the module Content settings. You can also style every aspect of this content in the module Design settings and even apply custom CSS to this text in the module Advanced settings.

usd-2021-0031 (CVE-2022-22689) | CA Harvest Software Change Manager

Product: CA Harvest Software Change Manager
Vulnerability Type: CWE-1236: Improper Neutralization of Formula Elements in a CSV File

More details: usd-2021-0031

06/2022

!!nicht bearbeiten!!

Your content goes here. Edit or remove this text inline or in the module Content settings. You can also style every aspect of this content in the module Design settings and even apply custom CSS to this text in the module Advanced settings.

usd-2021-0010 | Vodafone Station

Product: Vodafone Station
Vulnerability Type: CWE-284: Improper Access Control

More details: usd-2021-0010

05/2022

!!nicht bearbeiten!!

Your content goes here. Edit or remove this text inline or in the module Content settings. You can also style every aspect of this content in the module Design settings and even apply custom CSS to this text in the module Advanced settings.

usd-2021-0025 (CVE-2021-41766) | Apache Karaf

Product: Apache Karaf
Vulnerability Type: CWE-502: Deserialization of Untrusted Data

More details: usd-2021-0025

04/2022

!!nicht bearbeiten!!

Your content goes here. Edit or remove this text inline or in the module Content settings. You can also style every aspect of this content in the module Design settings and even apply custom CSS to this text in the module Advanced settings.

usd-2021-0028 (CVE-2022-25241) | Filecloud

Product: Filecloud
Vulnerability Type: CWE-352: Cross-Site Request Forgery (CSRF)

More details: usd-2021-0028

!!nicht bearbeiten!!

Your content goes here. Edit or remove this text inline or in the module Content settings. You can also style every aspect of this content in the module Design settings and even apply custom CSS to this text in the module Advanced settings.

usd-2021-0029 (CVE-2022-25242) | Filecloud

Product: Filecloud
Vulnerability Type: CWE-352: Cross-Site Request Forgery (CSRF)

More details: usd-2021-0029

03/2022

!!nicht bearbeiten!!

Your content goes here. Edit or remove this text inline or in the module Content settings. You can also style every aspect of this content in the module Design settings and even apply custom CSS to this text in the module Advanced settings.

usd-2019-0050 (CVE-2019-17085) | Micro Focus HPE Operations Agent

Product: Micro Focus HPE Operations Agent
Vulnerability Type: CWE-611 Improper Restriction of XML External Entity Reference

More details: usd-2019-0050

02/2022

!!nicht bearbeiten!!

Your content goes here. Edit or remove this text inline or in the module Content settings. You can also style every aspect of this content in the module Design settings and even apply custom CSS to this text in the module Advanced settings.

usd-2021-0019 | Zulip

Product: Zulip Server
Vulnerability Type: CWE-918: Server-Side Request Forgery (SSRF)

More details: usd-2021-0019

!!nicht bearbeiten!!

Your content goes here. Edit or remove this text inline or in the module Content settings. You can also style every aspect of this content in the module Design settings and even apply custom CSS to this text in the module Advanced settings.

usd-2021-0034 (CVE-2022-23961) | Thruk Monitoring

Product: Thruk Monitoring
Vulnerability Type: CWE-79: Improper Neutralization of Input During Web Page Generation (‘Cross-site Scripting’)

More details: usd-2021-0034

01/2022

!!nicht bearbeiten!!

Your content goes here. Edit or remove this text inline or in the module Content settings. You can also style every aspect of this content in the module Design settings and even apply custom CSS to this text in the module Advanced settings.

usd-2021-0023 | Grafana

Product: Grafana
Vulnerability Type: CWE-20: Improper Input Validation

More details: usd-2021-0023

!!nicht bearbeiten!!

Your content goes here. Edit or remove this text inline or in the module Content settings. You can also style every aspect of this content in the module Design settings and even apply custom CSS to this text in the module Advanced settings.

usd-2021-0024 | Grafana

Product: Grafana
Vulnerability Type: CWE-20: Improper Input Validation

More details: usd-2021-0024

12/2021

!!nicht bearbeiten!!

Your content goes here. Edit or remove this text inline or in the module Content settings. You can also style every aspect of this content in the module Design settings and even apply custom CSS to this text in the module Advanced settings.

usd-2021-0009 | VMware Workspace ONE Intelligent Hub

Product: VMware Workspace ONE Intelligent Hub
Vulnerability Type: Hidden Functionality (Backdoor)

More details: usd-2021-0009

11/2021

!!nicht bearbeiten!!

Your content goes here. Edit or remove this text inline or in the module Content settings. You can also style every aspect of this content in the module Design settings and even apply custom CSS to this text in the module Advanced settings.

usd-2021-0032 | SUSE CVE Database (suse.com)

Product: SUSE CVE database
Vulnerability Type: Cross-site Scripting (XSS)

More details: usd-2021-0032

!!nicht bearbeiten!!

Your content goes here. Edit or remove this text inline or in the module Content settings. You can also style every aspect of this content in the module Design settings and even apply custom CSS to this text in the module Advanced settings.

usd-2021-0006 (CVE-2021-28376) | ChronoEngine ChronoForms v7

Product: ChronoEngine Forms v7
Vulnerability Type: Path Traversal

More details: usd-2021-0006

!!nicht bearbeiten!!

Your content goes here. Edit or remove this text inline or in the module Content settings. You can also style every aspect of this content in the module Design settings and even apply custom CSS to this text in the module Advanced settings.

usd-2021-0007 (CVE-2021-28377) | ChronoEngine ChronoForums

Product: ChronoEngine Forums
Vulnerability Type: Path Traversal

More details: usd-2021-0007

!!nicht bearbeiten!!

Your content goes here. Edit or remove this text inline or in the module Content settings. You can also style every aspect of this content in the module Design settings and even apply custom CSS to this text in the module Advanced settings.

usd-2020-0106 (CVE-2021-25273) | Sophos UTM

Product: Sophos UTM
Vulnerability Type: Cross-site Scripting (XSS)

More details: usd-2020-0106

10/2021

!!nicht bearbeiten!!

Your content goes here. Edit or remove this text inline or in the module Content settings. You can also style every aspect of this content in the module Design settings and even apply custom CSS to this text in the module Advanced settings.

usd-2021-0020 | Microsoft Exchange Server ECP

Product: Microsoft Exchange Server
Vulnerability Type: Server-side Request Forgery (SSRF)

More details: usd-2021-0020

09/2021

!!nicht bearbeiten!!

Your content goes here. Edit or remove this text inline or in the module Content settings. You can also style every aspect of this content in the module Design settings and even apply custom CSS to this text in the module Advanced settings.

usd-2021-0002 | EgoSecure Agent

Product: EgoSecure Agent
Vulnerability Type: Symlink Vulnerability

More details: usd-2021-0002

usd-2020-0105 | Cornerstone Editor

Product: Themeco Cornerstone Editor
Vulnerability Type: Stored Cross-Site Scripting

More details: usd-2020-0105

08/2021

!!nicht bearbeiten!!

Your content goes here. Edit or remove this text inline or in the module Content settings. You can also style every aspect of this content in the module Design settings and even apply custom CSS to this text in the module Advanced settings.

usd-2021-0012 | TIBCO ActiveMatrix BusinessWorks

Product: TIBCO BusinessWorks
Vulnerability Type: Weak Password Requirements

More details: usd-2021-0012

07/2021

!!nicht bearbeiten!!

Your content goes here. Edit or remove this text inline or in the module Content settings. You can also style every aspect of this content in the module Design settings and even apply custom CSS to this text in the module Advanced settings.

usd-2021-0015 (CVE-2021-33617) | Password Manager Pro

Product: Password Manager Pro
Vulnerability Type: User Enumeration

More details: usd-2021-0015

usd-2021-0016 | Keycloak

Product: Keycloak
Vulnerability Type: Multi-Factor-Authentication Brute-Force

More details: usd-2021-0016

06/2021

!!nicht bearbeiten!!

Your content goes here. Edit or remove this text inline or in the module Content settings. You can also style every aspect of this content in the module Design settings and even apply custom CSS to this text in the module Advanced settings.

usd-2021-0021 | Microsoft Exchange Server OWA

Product: Microsoft Exchange Server OWA
Vulnerability Type: Server-Side Request Forgery (SSRF)

More details: usd-2021-0021

usd-2021-0011 (CVE-2021-32718) | RabbitMQ

Product: RabbitMQ
Vulnerability Type: Cross-Site Scripting

More details: usd-2021-0011

05/2021

Ihr Titel

Your content goes here. Edit or remove this text inline or in the module Content settings. You can also style every aspect of this content in the module Design settings and even apply custom CSS to this text in the module Advanced settings.

usd-2021-0008 (CVE-2021-21990) | VMWare Workspace ONE

Product: VMWare Workspace ONE
Vulnerability Type: Cross-site Scripting

More details: usd-2021-0008

usd-2021-0014 (CVE-2021-3485) | Bitdefender Endpoint Security Tools for Linux

Product: Bitdefender Endpoint Security Tools for Linux
Vulnerability Type: Improper Input Validation

More details: usd-2021-0014

04/2021

!!nicht bearbeiten!!

Your content goes here. Edit or remove this text inline or in the module Content settings. You can also style every aspect of this content in the module Design settings and even apply custom CSS to this text in the module Advanced settings.

usd-2021-0001 | Microsoft Windows

Product: Windows 10
Vulnerability Type: Symlink Vulnerability

More details: usd-2021-0001

03/2021

!!nicht bearbeiten!!

Your content goes here. Edit or remove this text inline or in the module Content settings. You can also style every aspect of this content in the module Design settings and even apply custom CSS to this text in the module Advanced settings.

usd-2021-0005 (CVE-2021-30356) | Check Point Identity Agent

Product: Check Point Identity Agent, Affected Version: < R81.018.0000
Vulnerability Type: Symlink Vulnerability

More details: usd-2021-0005

02/2021

!!nicht bearbeiten!!

Your content goes here. Edit or remove this text inline or in the module Content settings. You can also style every aspect of this content in the module Design settings and even apply custom CSS to this text in the module Advanced settings.

usd-2019-0069 | Zen Cart

Product: Zen Cart, Affected Version: 1.5.6d
Vulnerability Type: XSS

More details: usd-2019-0069

usd-2019-0072 (CVE-2020-6577) | IT-Recht Kanzlei Plugin for Zen Cart

Product: IT-Recht Kanzlei Plugin for Zen Cart, Affected Version: v1.5.6c (Zen Cart deutsch version)
Vulnerability Type: SQL Injection

More details: usd-2019-0072

01/2021

Ihr Titel

Your content goes here. Edit or remove this text inline or in the module Content settings. You can also style every aspect of this content in the module Design settings and even apply custom CSS to this text in the module Advanced settings.

usd-2020-0028 (CVE-2021-28042) | Mailoptimizer

Product: Mailoptimizer, Affected Version: 4.3
Vulnerability Type: Path Traversal

More details: usd-2020-0028

10/2020

!!nicht bearbeiten!!

Your content goes here. Edit or remove this text inline or in the module Content settings. You can also style every aspect of this content in the module Design settings and even apply custom CSS to this text in the module Advanced settings.

usd-2020-0026 (CVE-2020-27976) | OScommerce Phoenix CE

Product: OScommerce Phoenix CE, Affected Version: 1.0.5.4
Vulnerability Type: Authenticated RCE

More details: usd-2020-0026 (CVE-2020-27976)

usd-2020-0027 (CVE-2020-27975) | OScommerce Phoenix CE

Product: OScommerce Phoenix CE, Affected Version: < 1.0.5.4
Vulnerability Type: Cross Site Request Forgery (CSRF

More details: usd-2020-0027 (CVE-2020-27975)

usd-2020-0029 (CVE-2020-27974) | NeoPost Mail Accounting Software Pro

Product: NeoPost Mail Accounting Software Pro, Affected Version: 5.0.6
Vulnerability Type: Reflected XSS

More details: usd-2020-0029 (CVE-2020-27974)

usd-2020-0030 (CVE-2020-1455 ) | SQL Server Management Studio

Product: SQL Server Management Studio (SSMS), Affected Version: 18.4
Vulnerability Type: Symbolic Link Vulnerability

More details: usd-2020-0030 (CVE-2020-1455)

09/2020

!!nicht bearbeiten!!

Your content goes here. Edit or remove this text inline or in the module Content settings. You can also style every aspect of this content in the module Design settings and even apply custom CSS to this text in the module Advanced settings.

usd-2020-0048 (CVE-2020-24708) | Gophish

Product: Gophish, Affected Version: v0.10.1
Vulnerability Type: Stored Cross-Site Scripting

More details: usd-2020-0048 (CVE-2020-24708)

usd-2020-0049 (CVE-2020-24709) | Gophish

Product: Gophish, Affected Version: v0.10.1
Vulnerability Type: Stored Cross-Site Scripting

More details: usd-2020-0049 (CVE-2020-24709)

usd-2020-0050 (CVE-2020-24712) | Gophish

Product: Gophish, Affected Version: v0.10.1
Vulnerability Type: non-persistent self Cross-Site Scripting

More details: usd-2020-0050 (CVE-2020-24712)

usd-2020-0051 (CVE-2020-24711) | Gophish

Product: Gophish, Affected Version: v0.10.1
Vulnerability Type: Improper Restriction of Rendered UI Layers or Frames

More details: usd-2020-0051 (CVE-2020-24711)

usd-2020-0052 (CVE-2020-24707) | Gophish

Product: Gophish, Affected Version: v0.10.1
Vulnerability Type: CSV Injection

More details: usd-2020-0052 (CVE-2020-24707)

usd-2020-0053 (CVE-2020-24713) | Gophish

Product: Gophish, Affected Version: v0.10.1
Vulnerability Type: Insufficient Session Expiration

More details: usd-2020-0053 (CVE-2020-24713)

usd-2020-0054 (CVE-2020-24710) | Gophish

Product: Gophish, Affected Version: v0.10.1
Vulnerability Type: Stored Cross-Site Scripting

More details: usd-2020-0054 (CVE-2020-24710)

usd-2020-0059 (CVE-2020-15862) | Net-SNMP

Product: Net-SNMP, Affected Version: 5.7.3
Vulnerability Type: Elevation of Privileges

More details: usd-2020-0059 (CVE-2020-15862)

usd-2020-0060 (CVE-2020-15861) | Net-SNMP

Product: Net-SNMP, Affected Version: 5.7.3
Vulnerability Type: Elevation of Privileges

More details: usd-2020-0060 (CVE-2020-15861)

07/2020

!!nicht bearbeiten!!

Your content goes here. Edit or remove this text inline or in the module Content settings. You can also style every aspect of this content in the module Design settings and even apply custom CSS to this text in the module Advanced settings.

usd-2020-0023 (CVE-2020-14170) | Bitbucket Server

Product: Bitbucket Server, Affected Version: 5.4.0 <= version < 7.3.1
Vulnerability Type: Server Side Request Forgery

More details: usd-2020-0023 (CVE-2020-14170)

usd-2020-0024 (CVE-2020-14171) | Bitbucket Server

Product: Bitbucket Server, Affected Version: 4.9.0 <= version < 7.2.4
Vulnerability Type: Unencrypted Service

More details: usd-2020-0024 (CVE-2020-14171)

usd-2020-0041 (CVE-2020-11476) | Concrete5 CMS

Product: Concrete5 CMS, Affected Version: 8.5.2
Vulnerability Type: Unrestricted Upload of File with Dangerous Type

More details: usd-2020-0041 (CVE-2020-11476)

06/2020

!!nicht bearbeiten!!

Your content goes here. Edit or remove this text inline or in the module Content settings. You can also style every aspect of this content in the module Design settings and even apply custom CSS to this text in the module Advanced settings.

usd-2020-0038 (CVE-2020-11474) | NCP Secure Enterprise Windows Client

Product: NCP Secure Enterprise Windows Client, Affected Version: 10.14
Vulnerability Type: Privileged File Write

More details: usd-2020-0038 (CVE-2020-11474)

usd-2020-0031 (CVE-2020-10984) | Gambio GX

Product: Gambio GX, Affected Version: 4.0.0.0
Vulnerability Type: Cross-Site-Request-Forgery (CSRF)

More details: usd-2020-0031 (CVE-2020-10984)

usd-2020-0033 (CVE-2020-10982) | Gambio GX

Product: Gambio GX, Affected Version: 4.0.0.0
Vulnerability Type: Blind SQL Injection

More details: usd-2020-0033 (CVE-2020-10982)

usd-2020-0034 (CVE-2020-10983) | Gambio GX

Product: Gambio GX, Affected Version: 4.0.0.0
Vulnerability Type: Blind SQL Injection

More details: usd-2020-0034 (CVE-2020-10983)

usd-2020-0035 (CVE-2020-10985) | Gambio GX

Product: Gambio GX, Affected Version: 4.0.0.0
Vulnerability Type: Stored Cross-Site Scripting (XSS)

More details: usd-2020-0035 (CVE-2020-10985)

usd-2020-0016 (CVE-2020-5836) | Symantec Endpoint Protection

Product: Symantec Endpoint Protection, Affected Version: 14.2.2.1
Vulnerability Type: Hardlink Vulnerability

More details: usd-2020-0016 (CVE-2020-5836)

04/2020

!!nicht bearbeiten!!

Your content goes here. Edit or remove this text inline or in the module Content settings. You can also style every aspect of this content in the module Design settings and even apply custom CSS to this text in the module Advanced settings.

usd-2019-0057 (CVE-2019-19213) | Userlike Chat

Product: Userlike Chat, Vulnerability Type: Cross-Site Scripting

More details: usd-2019-0057 (CVE-2019-19213)

usd-2019-0058 (CVE-2019-19214) | Userlike Chat

Product: Userlike Chat, Vulnerability Type: Insufficient Filtering

More details: usd-2019-0058 (CVE-2019-19214)

usd-2019-0059 (CVE-2019-19217) | Control-M/Agent

Product: Control-M/Agent, Affected Version: 7.0.00.000
Vulnerability Type: OS Command Injection

More details: usd-2019-0059 (CVE-2019-19217)

usd-2019-0060 ( CVE-2019-19216) | Control-M/Agent

Product: Control-M/Agent, Affected Version: 7.0.00.000
Vulnerability Type: Insecure File Copy

More details: usd-2019-0060 (CVE-2019-19216)

usd-2019-0061 (CVE-2019-19215) | Control-M/Agent

Product: Control-M/Agent, Affected Version: 7.0.00.000
Vulnerability Type: Remote Buffer Overflow

More details: usd-2019-0061 (CVE-2019-19215)

usd-2019-0064 (CVE-2019-19220) | Control-M/Agent

Product: Control-M/Agent, Affected Version: 7.0.00.000
Vulnerability Type: OS Command Injection

More details: usd-2019-0064 (CVE-2019-19220)

usd-2019-0065 (CVE-2019-19219) | Control-M/Agent

Product: Control-M/Agent, Affected Version: 7.0.00.000
Vulnerability Type: Arbitrary File Download

More details: usd-2019-0065 (CVE-2019-19219)

usd-2019-0066 (CVE-2019-19218) | Control-M/Agent

Product: Control-M/Agent, Affected Version: 7.0.00.000
Vulnerability Type: Insecure Password Storage

More details: usd-2019-0066 (CVE-2019-19218)

usd-2019-0068 | Chocolatey Python 3 package

Product: Python 3 package for chocolatey, Affected Version: 3.8.1
Vulnerability Type: Weak File Permissions

More details: usd-2019 -0068

usd-2019-0070 (CVE-2020-6579) | MailBeez Plugin for ZenCart

Product: MailBeez Plugin for ZenCart, Affected Version: v3.9.21
Vulnerability Type: XSS

More details: usd-2019-0070 (CVE-2020-6579)

usd-2020-0006 (CVE-2020-10515) | STARFACE UCC Client

Product: STARFACE UCC Client, Affected Version: v6.7.0.180
Vulnerability Type: Binary Planting

More details: usd- 2020-0006 (CVE-2020-10515)

02/2020

!!nicht bearbeiten!!

Your content goes here. Edit or remove this text inline or in the module Content settings. You can also style every aspect of this content in the module Design settings and even apply custom CSS to this text in the module Advanced settings.

usd-2020-0001 (CVE-2020-6582) | Nagios NRPE

Product: Nagios NRPE, Affected Version: v.3.2.1
Vulnerability Type: Memory Corruption (Heap Overflow)

More details: usd-2020-0001 (CVE-2020-6582)

usd-2020-0002 (CVE-2020-6581) | Nagios NRPE

Product: Nagios NRPE, Affected Version: v.3.2.1
Vulnerability Type: Insufficient Filtering of Configuration file

More details: usd-2020-0002 (CVE-2020-6581)

usd-2020-0003 | Nagios NRPE

Product: Nagios NRPE, Affected Version: v.3.2.1
Vulnerability Type: Wrong Packet Size Computation

More details: usd-2020-0003

usd-2020-0004 | Nagios NRPE

Product: Nagios NRPE, Affected Version: v.3.2.1
Vulnerability Type: Logic Error

More details: usd-2020-0004

01/2020

!!nicht bearbeiten!!

Your content goes here. Edit or remove this text inline or in the module Content settings. You can also style every aspect of this content in the module Design settings and even apply custom CSS to this text in the module Advanced settings.

usd-2019-0049 (CVE-2019-19208) | Codiad Web IDE

Product: Codiad Web IDE, Affected Version: v.2.8.4
Vulnerability Type: PHP Code injection

More details: usd-2019-0049 (CVE-2019-19208)

usd-2019-0051 (CVE-2019-19209) | Dolibarr ERP/CRM

Product: Dolibarr ERP/CRM, Affected Version: 3.0 – 10.0.3
Vulnerability Type: Reflected XSS, SQL injection

More details: usd-2019-0051 (CVE-2019-19209)

usd-2019-0052 (CVE-2019-19210)| Dolibarr ERP/CRM

Product: Dolibarr ERP/CRM, Affected Version: 3.0 – 10.0.3
Vulnerability Type: Stored XSS

More details: usd-2019-0052 (CVE-2019-19210)

usd-2019-0053 (CVE-2019-19211)| Dolibarr ERP/CRM

Product: Dolibarr ERP/CRM, Affected Version: 3.0 – 10.0.4
Vulnerability Type: Reflected XSS

More details: usd-2019-0053 (CVE-2019-19211)

usd-2019-0054 (CVE-2019-19212)| Dolibarr ERP/CRM

Product: Dolibarr ERP/CRM, Affected Version: 3.0 – 10.0.3
Vulnerability Type: SQL injection

More details: usd-2019-0054 (CVE-2019-19212)

usd-2019-0067 | Dolibarr ERP/CRM

Product: Dolibarr ERP/CRM, Affected Version: 3.0 – 10.0.4
Vulnerability Type: SQL injection

More details: usd-2019-0067

10/2019

!!nicht bearbeiten!!

Your content goes here. Edit or remove this text inline or in the module Content settings. You can also style every aspect of this content in the module Design settings and even apply custom CSS to this text in the module Advanced settings.

usd-2019-0016 (CVE-2019-15005) | Bitbucket

Product: Bitbucket, Affected Version: < v6.6
Vulnerability Type: Broken Access Control

More details: usd-2019-0016 (CVE-2019-15005)

usd-2019-0045 (CVE-2019-6179) | XClarity

Product: XClarity, Affected Version: 2.2.0
Vulnerability Type: XML External Entity Processing

More details: usd-2019-0045

usd-2019-0046 (CVE-2019-12331) | PhpSpreadsheet

Product: PhpSpreadsheet, Affected Version: <1.8.0
Vulnerability Type: XML External Entity (XXE)

More details: usd-2019-0046

07/2019

!!nicht bearbeiten!!

Your content goes here. Edit or remove this text inline or in the module Content settings. You can also style every aspect of this content in the module Design settings and even apply custom CSS to this text in the module Advanced settings.

usd-2019-0001 | Adobe Experience Manager (AEM)

Product: Adobe Experience Manager (AEM), Affected Version: 6.3.2.2
Vulnerability Type: Code Injection

More details: usd-2019-0001

usd-2019-0002 | feeling4design Super Forms

Product: feeling4design Super Forms, Affected Version: Drag & Drop Form Builder/1.0.0 – 4.4.8
Vulnerability Type: Path Traversal

More details: usd-2019-0002

usd-2019-0003 | feeling4design Super Forms

Product: feeling4design Super Forms, Affected Version: Drag & Drop Form Builder/1.6.1 – 4.4.8
Vulnerability Type: Missing Server Side File Type Validation

More details: usd-2019-0003

usd-2019-0014 (CVE-2019-2709) | Oracle Transportation Management (OTM)

Product: Oracle Transportation Management (OTM), Affected Version: 6.4.3
Vulnerability Type: Reflected XSS

More details: usd-2019-0014

usd-2019-0015 | Bitbucket

Product: Bitbucket, Affected Version: 5.10.1
Vulnerability Type: Broken Access Control

More details: usd-2019-0015

usd-2019-0017 | Bitbucket

Product: Bitbucket, Affected Version: 5.10.1
Vulnerability Type: Sensitive Data Exposure/Credentials Disclosure

More details: usd-2019-0017

usd-2019-0018 | Bitbucket

Product: Bitbucket, Affected Version: 5.10.1
Vulnerability Type: User Enumeration

More details: usd-2019-0018

usd-2019-0019 | Bitbucket

Product: Bitbucket, Affected Version: 5.10.1
Vulnerability Type: File Enumeration

More details: usd-2019-0019

usd-2019-0020 | Bitbucket

Product: Bitbucket, Affected Version: 5.10.1
Vulnerability Type: Sensitive Data in URL

More details: usd-2019-0020

01/2019

Ihr Titel

Your content goes here. Edit or remove this text inline or in the module Content settings. You can also style every aspect of this content in the module Design settings and even apply custom CSS to this text in the module Advanced settings.

usd-2018-0032 | Riverbed SteelCentral AppResponse

Product: Riverbed SteelCentral AppResponse, Affected Version: 9.6
Vulnerability Type: Reflected Cross-Site-Scripting Vulnerability

More details: usd-2018-0032

usd-2018-0034 | Dropbear

Product: Dropbear, Affected Version: current master branch (commit cb945f9f670e95305c7c5cc5ff344d1f2707b602)
Vulnerability Type: Username Enumeration

More details: usd-2018-0034

usd-2018-0035 | Cisco Unified Communications Manager

Product: Cisco Unified Communications Manager, Affected Version: 11.5.1.15900-18 (likely in all versions)
Vulnerability Type: Exposure of Sensitive Configuration Data

More details: usd-2018-0035

usd-2018-0036 | Cisco Unified Communications Manager

Product: Cisco Unified Communications Manager, Affected Version: 11.5.1.15900-18 (likely in all versions)
Vulnerability Type: Exposure of Sensitive Configuration Data

More details: usd-2018-0036

usd-2018-0037 | Cisco Unified Communications Manager

Product: Cisco Unified Communications Manager, Affected Version: 11.5.1.15900-18 (likely in all versions)
Vulnerability Type: Exposure of Sensitive Configuration Data

More details: usd-2018-0037

usd-2018-0038 | Cisco Unified Communications Manager

Product: Cisco Unified Communications Manager, Affected Version: 11.5.1.15900-18 (likely in all versions)
Vulnerability Type: Exposure of Sensitive Configuration Data

More details: usd-2018-0038

12/2018

Ihr Titel

Your content goes here. Edit or remove this text inline or in the module Content settings. You can also style every aspect of this content in the module Design settings and even apply custom CSS to this text in the module Advanced settings.

usd-2018-0024 | Shpock App

Product: Shpock App, Affected Version: Shpock App for Andriod & Iphone
Vulnerability Type: Username Enumeration

More details: usd-2018-0024

usd-2018-0025 (CVE-2018-7750) | SEP sesam

Product: SEP sesam, Affected Version: 4.4.3.61
Vulnerability Type: Authentication Bypass

More details: usd-2018-0025 (CVE-2018-7750)

usd-2018-0026 (CVE-2018-18245) | Nagios Core

Product: Nagios Core, Affected Version: 4.4.2
Vulnerability Type: Stored XSS

More details: usd-2018-0026 (CVE-2018-18245)

usd-2018-0027 (CVE-2018-18246) | Icinga Web 2

Product: Icinga Web 2, Affected Version: 2.6.1
Vulnerability Type: CSRF

More details: usd-2018-0027 (CVE-2018-18246)

usd-2018-0028 (CVE-2018-18248) | Icinga Web 2

Product: Icinga Web 2, Affected Version: 2.6.1
Vulnerability Type: Reflected XSS

More details: usd-2018-0028 (CVE-2018-18248)

usd-2018-0029 (CVE-2018-18247) | Icinga Web 2

Product: Icinga Web 2, Affected Version: 2.6.1
Vulnerability Type: Stored XSS

More details: usd-2018-0029 (CVE-2018-18247)

usd-2018-0030 (CVE-2018-18249, CVE-2018-18250) | Icinga Web 2

Product: Icinga Web 2, Affected Version: 2.6.1
Vulnerability Type: Denial of Service, Sensitive Data disclosure

More details: usd-2018-0030 (CVE-2018-18249, CVE-2018-18250)

usd-2018-0031 (CVE-2018-13376) | Fortigate 900D

Product: Fortigate 900D, Affected Version: FW: V. 5.6.2 Build 1486 (GA)
Vulnerability Type: Sensitive Data disclosure

More details: usd-2018-0031 (CVE-2018-13376)

11/2018

!!nicht bearbeiten!!

Your content goes here. Edit or remove this text inline or in the module Content settings. You can also style every aspect of this content in the module Design settings and even apply custom CSS to this text in the module Advanced settings.

usd-2018-0023 (CVE-2018-1000805) | Paramiko

Product: Paramiko , Affected Version: 2.4.1, 2.3.2, 2.2.3, 2.1.5, 2.0.8, 1.18.5, 1.17.6
Vulnerability Type: Authentication Bypass

More details: usd-2018-0023 (CVE-2018-1000805)

usd-2018-0021 (CVE-2018-15498) | SafeQ Pro SmartCard v2

Product: SafeQ Pro SmartCard v2, Affected Version: V2
Vulnerability Type: Replay Attack

More details: usd-2018-0021 (CVE-2018-15498)

usd-2018-0020 (CVE-2018-18473) | Patlite

Product: Patlite, Affected Version: NBM-D88N, Patlite NHL-3FB1, Patlite NHL-3FV1N
Vulnerability Type: Backdoor

More details: usd-2018-0020 (CVE-2018-18473)

07/2018

!!nicht bearbeiten!!

Your content goes here. Edit or remove this text inline or in the module Content settings. You can also style every aspect of this content in the module Design settings and even apply custom CSS to this text in the module Advanced settings.

usd-2018-0013 | Lexware professional 2017

Product: Lexware professional 2017 , Affected Version: 17.02
Vulnerability Type: Improper Access Control

More details: usd-2018-0013

usd-2018-0014 | Lexware professional 2017

Product: Lexware professional 2017, Affected Version: 17.02
Vulnerability Type: Improper Access Control

More details: usd-2018-0014

usd-2018-0015 | Lexware professional 2017

Product: Lexware professional 2017, Affected Version: 17.02
Vulnerability Type: Improper Access Control

More details: usd-2018-0015

usd-2018-0016 | Lexware professional 2017

Product: Lexware professional 2017, Affected Version: 17.02
Vulnerability Type: Denial of Service

More details: usd-2018-0016

usd-2018-0017 | Lexware professional 2017

Product: Lexware professional 2017, Affected Version: 17.02
Vulnerability Type: Broken Authentication

Download: usd-2018-0017

06/2018

!!nicht bearbeiten!!

Your content goes here. Edit or remove this text inline or in the module Content settings. You can also style every aspect of this content in the module Design settings and even apply custom CSS to this text in the module Advanced settings.

usd-2018-0006 | FirstSpirit SiteArchitect

Product: FirstSpirit SiteArchitect, Affected Version: 5.2
Vulnerability Type: Path Traversal

More details: usd-2018-0006

usd-2018-0012 | FirstSpirit SiteArchitect

Product: FirstSpirit SiteArchitect, Affected Version: 5.2
Vulnerability Type: Improper Access Control

More details: usd-2018-0012

usd-2018-0019 (CVE-2018-6462) | Pdf-Xchange Viewer

Product: Pdf-Xchange Viewer, Affected Version: 2.5.322.7 and earlier, Vulnerability Type: Heap Overflow

More details: usd-2018-0019 (CVE-2018-6462)

05/2018

!!nicht bearbeiten!!

Your content goes here. Edit or remove this text inline or in the module Content settings. You can also style every aspect of this content in the module Design settings and even apply custom CSS to this text in the module Advanced settings.

usd-2018-0001 | Starface

Product: Starface, Affected Version: 6.4.3.34
Vulnerability Type: Reflected XSS

More details: usd-2018-0001

usd-2018-0002 | Starface

Product: Starface, Affected Version: 6.4.3.34
Vulnerability Type: Language Expression Injection

More details: usd-2018-0002

usd-2018-0003 | Starface

Product: Starface, Affected Version: 6.4.3.34
Vulnerability Type: SQL Injection

More details: usd-2018-0003

usd-2018-0004 | Starface

Product: Starface, Affected Version: 6.4.3.34
Vulnerability Type: Cross-site request forgery

More details: usd-2018-0004

usd-2018-0018 | Projektron BCS

Product: Projektron BCS, Affected Version: All versions before 7.38.45, Vulnerability Type: Reflected XSS

More details: usd-2018-0018

Related news

CVE-2020-27449: Release Notes - ManageEngine Password Manager Pro

Cross Site Scripting (XSS) vulnerability in Query Report feature in Zoho ManageEngine Password Manager Pro version 11001, allows remote attackers to execute arbitrary code and steal cookies via crafted JavaScript payload.

CVE-2022-45103: DSA-2022-340: Dell Unisphere for PowerMax, Dell Unisphere for PowerMax vApp, Dell Solutions Enabler vApp, Dell Unisphere 360, Dell VASA Provider vApp, and Dell PowerMax EMB Mgmt Security Update for Mu

Dell Unisphere for PowerMax vApp, VASA Provider vApp, and Solution Enabler vApp version 9.2.3.x contain an information disclosure vulnerability. A low privileged remote attacker could potentially exploit this vulnerability, leading to read arbitrary files on the underlying file system.

Red Hat Security Advisory 2022-8851-01

Red Hat Security Advisory 2022-8851-01 - An update for rabbitmq-server is now available for Red Hat OpenStack Platform 16.2.4 (Train) for Red Hat Enterprise Linux (RHEL) 8.4. Issues addressed include cross site scripting and improper neutralization vulnerabilities.

Red Hat Security Advisory 2022-8867-01

Red Hat Security Advisory 2022-8867-01 - An update for rabbitmq-server is now available for Red Hat OpenStack Platform 16.1.9 (Train) for Red Hat Enterprise Linux (RHEL) 8.2. Issues addressed include cross site scripting and improper neutralization vulnerabilities.

RHSA-2022:8867: Red Hat Security Advisory: Red Hat OpenStack Platform 16.1.9 (rabbitmq-server) security update

An update for rabbitmq-server is now available for Red Hat OpenStack Platform 16.1.9 (Train) for Red Hat Enterprise Linux (RHEL) 8.2. Red Hat Product Security has rated this update as having a security impact of Low. A Common Vulnerability Scoring System (CVSS) base score, which gives a detailed severity rating, is available for each vulnerability from the CVE link(s) in the References section.This content is licensed under the Creative Commons Attribution 4.0 International License (https://creativecommons.org/licenses/by/4.0/). If you distribute this content, or a modified version of it, you must provide attribution to Red Hat Inc. and provide a link to the original. Related CVEs: * CVE-2021-32718: rabbitmq-server: improper neutralization of script-related HTML tags in a web page (basic XSS) in management UI

RHSA-2022:8851: Red Hat Security Advisory: Red Hat OpenStack Platform 16.2.4 (rabbitmq-server) security update

An update for rabbitmq-server is now available for Red Hat OpenStack Platform 16.2.4 (Train) for Red Hat Enterprise Linux (RHEL) 8.4. Red Hat Product Security has rated this update as having a security impact of Low. A Common Vulnerability Scoring System (CVSS) base score, which gives a detailed severity rating, is available for each vulnerability from the CVE link(s) in the References section.This content is licensed under the Creative Commons Attribution 4.0 International License (https://creativecommons.org/licenses/by/4.0/). If you distribute this content, or a modified version of it, you must provide attribution to Red Hat Inc. and provide a link to the original. Related CVEs: * CVE-2021-32718: rabbitmq-server: improper neutralization of script-related HTML tags in a web page (basic XSS) in management UI * CVE-2021-32719: rabbitmq-server: improper neutralization of script-related HTML tags in a web page (basic XSS) in federation management plugin

CVE-2022-36957: Published | Zero Day Initiative

SolarWinds Platform was susceptible to the Deserialization of Untrusted Data. This vulnerability allows a remote adversary with Orion admin-level account access to SolarWinds Web Console to execute arbitrary commands.

CVE-2022-38108: Published | Zero Day Initiative

SolarWinds Platform was susceptible to the Deserialization of Untrusted Data. This vulnerability allows a remote adversary with Orion admin-level account access to SolarWinds Web Console to execute arbitrary commands.

CVE-2022-37955

Windows Group Policy Elevation of Privilege Vulnerability.

Red Hat Security Advisory 2022-5532-01

Red Hat Security Advisory 2022-5532-01 - This release of Red Hat Fuse 7.11.0 serves as a replacement for Red Hat Fuse 7.10 and includes bug fixes and enhancements, which are documented in the Release Notes document linked in the References. Issues addressed include HTTP request smuggling, bypass, code execution, denial of service, deserialization, information leakage, memory leak, privilege escalation, and traversal vulnerabilities.

RHSA-2022:5532: Red Hat Security Advisory: Red Hat Fuse 7.11.0 release and security update

A minor version update (from 7.10 to 7.11) is now available for Red Hat Fuse. The purpose of this text-only errata is to inform you about the security issues fixed in this release. Red Hat Product Security has rated this update as having a security impact of Important. A Common Vulnerability Scoring System (CVSS) base score, which gives a detailed severity rating, is available for each vulnerability from the CVE link(s) in the References section.This content is licensed under the Creative Commons Attribution 4.0 International License (https://creativecommons.org/licenses/by/4.0/). If you distribute this content, or a modified version of it, you must provide attribution to Red Hat Inc. and provide a link to the original. Related CVEs: * CVE-2020-7020: elasticsearch: not properly preserving security permissions when executing complex queries may lead to information disclosure * CVE-2020-9484: tomcat: deserialization flaw in session persistence storage leading to RCE * CVE-2020-15250: ju...

CVE-2022-32535: Multiple Vulnerabilities PRA-ES8P2S Ethernet-Switch

The Bosch Ethernet switch PRA-ES8P2S with software version 1.01.05 runs its web server with root privilege. In combination with CVE-2022-23534 this could give an attacker root access to the switch.

CVE-2022-32535: Multiple Vulnerabilities PRA-ES8P2S Ethernet-Switch

The Bosch Ethernet switch PRA-ES8P2S with software version 1.01.05 runs its web server with root privilege. In combination with CVE-2022-23534 this could give an attacker root access to the switch.

CVE-2022-29085: DSA-2022-021: Dell Unity, Dell UnityVSA, and Dell Unity XT Security Update for Multiple Vulnerabilities

Dell Unity, Dell UnityVSA, and Dell Unity XT versions prior to 5.2.0.0.5.173 contain a plain-text password storage vulnerability when certain off-array tools are run on the system. The credentials of a user with high privileges are stored in plain text. A local malicious user with high privileges may use the exposed password to gain access with the privileges of the compromised user.

CVE-2022-24302: Changelog — Paramiko documentation

In Paramiko before 2.10.1, a race condition (between creation and chmod) in the write_private_key_file function could allow unauthorized information disclosure.

CVE-2022-24302: Changelog — Paramiko documentation

In Paramiko before 2.10.1, a race condition (between creation and chmod) in the write_private_key_file function could allow unauthorized information disclosure.

CVE-2021-3485

An Improper Input Validation vulnerability in the Product Update feature of Bitdefender Endpoint Security Tools for Linux allows a man-in-the-middle attacker to abuse the DownloadFile function of the Product Update to achieve remote code execution. This issue affects: Bitdefender Endpoint Security Tools for Linux versions prior to 6.2.21.155.

CVE-2021-21990: VMSA-2021-0008

VMware Workspace one UEM console (2102 prior to 21.2.0.8, 2101 prior to 21.1.0.14, 2011 prior to 20.11.0.27, 2010 prior to 20.10.0.16,2008 prior to 20.8.0.28, 2007 prior to 20.7.0.14,2006 prior to 20.6.0.19, 2005 prior to 20.5.0.46, 2004 prior to 20.4.0.21, 2003 prior to 20.3.0.23, 2001 prior to 20.1.0.32, 1912 prior to 19.12.0.24) contain a cross-site scripting vulnerability. VMware Workspace ONE UEM console does not validate incoming requests during device enrollment after leading to rendering of unsanitized input on the user device in response.

CVE-2020-15861: [Ticket#2020070701000015] Security issues in net-snmp · Issue #145 · net-snmp/net-snmp

Net-SNMP through 5.7.3 allows Escalation of Privileges because of UNIX symbolic link (symlink) following.

CVE-2020-15862: #965166 - snmpd privilege escalation

Net-SNMP through 5.7.3 has Improper Privilege Management because SNMP WRITE access to the EXTEND MIB provides the ability to run arbitrary commands as root.

CVE-2019-2628: Oracle Critical Patch Update Advisory - April 2019

Vulnerability in the MySQL Server component of Oracle MySQL (subcomponent: InnoDB). Supported versions that are affected are 5.7.25 and prior and 8.0.15 and prior. Easily exploitable vulnerability allows high privileged attacker with network access via multiple protocols to compromise MySQL Server. Successful attacks of this vulnerability can result in unauthorized ability to cause a hang or frequently repeatable crash (complete DOS) of MySQL Server. CVSS 3.0 Base Score 4.9 (Availability impacts). CVSS Vector: (CVSS:3.0/AV:N/AC:L/PR:H/UI:N/S:U/C:N/I:N/A:H).

CVE-2019-9167: Security Disclosures - Nagios

Cross-site scripting (XSS) vulnerability in Nagios XI before 5.5.11 allows attackers to inject arbitrary web script or HTML via the xiwindow parameter.

CVE: Latest News

CVE-2023-50976: Transactions API Authorization by oleiman · Pull Request #14969 · redpanda-data/redpanda
CVE-2023-6905
CVE-2023-6903
CVE-2023-6904
CVE-2023-3907