CVE-2023-25759
OS Command Injection in TripleData Reporting Engine in Tripleplay Platform releases prior to Caveman 3.4.0 allows authenticated users to run unprivileged OS level commands via a crafted request payload.
Source: CVE-2023-25759
[월:] 2023년 04월
CVE-2023-25760
CVE-2023-25760
Incorrect Access Control in Tripleplay Platform releases prior to Caveman 3.4.0 allows authenticated user to modify other users passwords via a crafted request payload
Source: CVE-2023-25760
CVE-2023-27776
CVE-2023-27776
A stored cross-site scripting (XSS) vulnerability in /index.php?page=category_list of Online Jewelry Shop v1.0 allows attackers to execute arbitrary web scripts or HTML via a crafted payload injected into the Category Name parameter.
Source: CVE-2023-27776
CVE-2023-29921
CVE-2023-29921
PowerJob V4.3.1 is vulnerable to Incorrect Access Control via the create app interface.
Source: CVE-2023-29921
CVE-2023-30463
CVE-2023-30463
Altran picoTCP through 1.7.0 allows memory corruption (and subsequent denial of service) because of an integer overflow in pico_ipv6_alloc when processing large ICMPv6 packets. This affects installations with Ethernet support in which a packet size greater than 65495 may occur.
Source: CVE-2023-30463
CVE-2023-26599
CVE-2023-26599
XSS vulnerability in TripleSign in Tripleplay Platform releases prior to Caveman 3.4.0 allows attackers to inject client-side code to run as an authenticated user via a crafted link.
Source: CVE-2023-26599
CVE-2023-0317
CVE-2023-0317
Unprotected Alternate Channel vulnerability in debug console of GateManager allows system administrator to obtain sensitive information.
Source: CVE-2023-0317
CVE-2023-22645
CVE-2023-22645
An Improper Privilege Management vulnerability in SUSE kubewarden allows attackers to read arbitrary secrets if they get access to the ServiceAccount kubewarden-controller This issue affects: SUSE kubewarden kubewarden-controller versions prior to 1.6.0.
Source: CVE-2023-22645
CVE-2022-38125
CVE-2022-38125
Improper Restriction of Communication Channel to Intended Endpoints vulnerability in Secomea SiteManager (FTP Agent modules) allows Exploiting Trust in Client.
Source: CVE-2022-38125
CVE-2022-4308
CVE-2022-4308
Plaintext Storage of a Password vulnerability in Secomea GateManager (USB wizard) allows Authentication abuse on SiteManager, if the generated file is leaked.
Source: CVE-2022-4308