CVE-2023-2361
Cross-site Scripting (XSS) – Stored in GitHub repository pimcore/pimcore prior to 10.5.21.
Source: CVE-2023-2361
[월:] 2023년 04월
CVE-2023-28882
CVE-2023-28882
Trustwave ModSecurity 3.0.5 through 3.0.8 before 3.0.9 allows a denial of service (worker crash and unresponsiveness) because some inputs cause a segfault in the Transaction class for some configurations.
Source: CVE-2023-28882
CVE-2023-28528
CVE-2023-28528
IBM AIX 7.1, 7.2, 7.3, and VIOS 3.1 could allow a non-privileged local user to exploit a vulnerability in the invscout command to execute arbitrary commands. IBM X-Force ID: 251207.
Source: CVE-2023-28528
CVE-2023-31436
CVE-2023-31436
qfq_change_class in net/sched/sch_qfq.c in the Linux kernel before 6.2.13 allows an out-of-bounds write because lmax can exceed QFQ_MIN_LMAX.
Source: CVE-2023-31436
CVE-2020-4729
CVE-2020-4729
IBM Counter Fraud Management for Safer Payments 5.7.0.00 through 5.7.0.10, 6.0.0.00 through 6.0.0.07, 6.1.0.00 through 6.1.0.05, and 6.2.0.00 through 6.2.1.00 could allow an authenticated attacker under special circumstances to send multiple specially crafted API requests that could cause the application to crash. IBM X-Force ID: 188052.
Source: CVE-2020-4729
CVE-2023-27557
CVE-2023-27557
IBM Counter Fraud Management for Safer Payments 6.1.0.00 through 6.1.1.02, 6.2.0.00 through 6.2.2.02, 6.3.0.00 through 6.3.1.02, 6.4.0.00 through 6.4.2.01, and 6.5.0.00 uses weaker than expected cryptographic algorithms that could allow an attacker to decrypt highly sensitive information. IBM X-Force ID: 249192.
Source: CVE-2023-27557
CVE-2023-27556
CVE-2023-27556
IBM Counter Fraud Management for Safer Payments 6.1.0.00, 6.2.0.00, 6.3.0.00 through 6.3.1.03, 6.4.0.00 through 6.4.2.02 and 6.5.0.00 does not properly allocate resources without limits or throttling which could allow a remote attacker to cause a denial of service. IBM X-Force ID: 249190.
Source: CVE-2023-27556
CVE-2023-2356
CVE-2023-2356
Relative Path Traversal in GitHub repository mlflow/mlflow prior to 2.3.1.
Source: CVE-2023-2356
CVE-2023-29169
CVE-2023-29169
mySCADA myPRO versions 8.26.0 and prior has parameters which an authenticated user could exploit to inject arbitrary operating system commands.
Source: CVE-2023-29169
CVE-2023-29150
CVE-2023-29150
mySCADA myPRO versions 8.26.0 and prior has parameters which an authenticated user could exploit to inject arbitrary operating system commands.
Source: CVE-2023-29150