CVE-2023-26105
All versions of the package utilities are vulnerable to Prototype Pollution via the _mix function.
Source: CVE-2023-26105
[월:] 2023년 02월
CVE-2023-22995
CVE-2023-22995
In the Linux kernel before 5.17, an error path in dwc3_qcom_acpi_register_core in drivers/usb/dwc3/dwc3-qcom.c lacks certain platform_device_put and kfree calls.
Source: CVE-2023-22995
CVE-2021-22283
CVE-2021-22283
Improper Initialization vulnerability in ABB Relion protection relays – 611 series, ABB Relion protection relays – 615 series IEC 4.0 FP1, ABB Relion protection relays – 615 series CN 4.0 FP1, ABB Relion protection relays – 615 series IEC 5.0, ABB Relion protection relays – 615 series IEC 5.0 FP1, ABB Relion protection relays – 620 series IEC/CN 2.0, ABB Relion protection relays – 620 series IEC/CN 2.0 FP1, ABB Relion protection relays – REX640 PCL1, ABB Relion protection relays – REX640 PCL2, ABB Relion protection relays – REX640 PCL3, ABB Relion protection relays – RER615, ABB Remote Monitoring and Control – REC615, ABB Merging Unit- SMU615 allows Communication Channel Manipulation.This issue affects Relion protection relays – 611 series: from 1.0.0 before 2.0.3; Relion protection relays – 615 series IEC 4.0 FP1: from 4.1.0 before 4.1.9; Relion protection relays – 615 series CN 4.0 FP1: from 4.1.0 before 4.1.8; Relion protection relays – 615 series IEC 5.0: from 5.0.0 before 5.0.12; Relion protection relays – 615 series IEC 5.0 FP1: from 5.1.0 before 5.1.20; Relion protection relays – 620 series IEC/CN 2.0: from 2.0.0 before 2.0.11; Relion protection relays – 620 series IEC/CN 2.0 FP1: from 2.1.0 before 2.1.15; Relion protection relays – REX640 PCL1: from 1.0.0 before 1.0.8; Relion protection relays – REX640 PCL2: from 1.1.0 before 1.1.4; Relion protection relays – REX640 PCL3: from 1.2.0 before 1.2.1; Relion protection relays – RER615: from 2.0.0 before 2.0.3; Remote Monitoring and Control – REC615: from 1.0.0 before 2.0.3; Merging Unit- SMU615: from 1.0.0 before 1.0.2.
Source: CVE-2021-22283
CVE-2020-36652
CVE-2020-36652
Incorrect Default Permissions vulnerability in Hitachi Automation Director on Linux, Hitachi Infrastructure Analytics Advisor on Linux (Hitachi Infrastructure Analytics Advisor, Analytics probe server components), Hitachi Ops Center Automator on Linux, Hitachi Ops Center Analyzer on Linux (Hitachi Ops Center Analyzer, Analyzer probe server components), Hitachi Ops Center Viewpoint on Linux (Viewpoint RAID Agent component) allows local users to read and write specific files. This issue affects Hitachi Automation Director: from 8.2.0-00 through 10.6.1-00; Hitachi Infrastructure Analytics Advisor: from 2.0.0-00 through 4.0.0-00; Hitachi Ops Center Automator: before 10.9.1-00; Hitachi Ops Center Analyzer: before 10.9.1-00; Hitachi Ops Center Viewpoint: before 10.9.1-00.
Source: CVE-2020-36652
CVE-2022-4895
CVE-2022-4895
Improper Certificate Validation vulnerability in Hitachi Infrastructure Analytics Advisor on Linux (Analytics probe component), Hitachi Ops Center Analyzer on Linux (Analyzer probe component) allows Man in the Middle Attack.This issue affects Hitachi Infrastructure Analytics Advisor: from 2.0.0-00 through 4.4.0-00; Hitachi Ops Center Analyzer: from 10.0.0-00 before 10.9.1-00.
Source: CVE-2022-4895
CVE-2022-3884
CVE-2022-3884
Incorrect Default Permissions vulnerability in Hitachi Ops Center Analyzer on Windows (Hitachi Ops Center Analyzer RAID Agent component) allows local users to read and write specific files.This issue affects Hitachi Ops Center Analyzer: from 10.9.0-00 before 10.9.0-01.
Source: CVE-2022-3884
CVE-2023-1081
CVE-2023-1081
Cross-site Scripting (XSS) – Stored in GitHub repository microweber/microweber prior to 1.3.3.
Source: CVE-2023-1081
CVE-2015-10086
CVE-2015-10086
A vulnerability, which was classified as critical, was found in OpenCycleCompass server-php. Affected is an unknown function of the file api1/login.php. The manipulation of the argument user leads to sql injection. It is possible to launch the attack remotely. This product is using a rolling release to provide continious delivery. Therefore, no version details for affected nor updated releases are available. The name of the patch is fa0d9bcf81c711a88172ad0d37a842f029ac3782. It is recommended to apply a patch to fix this issue. The identifier of this vulnerability is VDB-221808.
Source: CVE-2015-10086
CVE-2023-1055
CVE-2023-1055
A flaw was found in RHDS 11 and RHDS 12. While browsing entries LDAP tries to decode the userPassword attribute instead of the userCertificate attribute which could lead into sensitive information leaked. An attacker with a local account where the cockpit-389-ds is running can list the processes and display the hashed passwords. The highest threat from this vulnerability is to data confidentiality.
Source: CVE-2023-1055
CVE-2023-26043
CVE-2023-26043
GeoNode is an open source platform that facilitates the creation, sharing, and collaborative use of geospatial data. GeoNode is vulnerable to an XML External Entity (XXE) injection in the style upload functionality of GeoServer leading to Arbitrary File Read. This issue has been patched in version 4.0.3.
Source: CVE-2023-26043