CVE-2023-3300
HashiCorp Nomad and Nomad Enterprise 0.11.0 up to 1.5.6 and 1.4.1 HTTP search API can reveal names of available CSI plugins to unauthenticated users or users without the plugin:read policy. Fixed in 1.6.0, 1.5.7, and 1.4.1.
Source: CVE-2023-3300
CVE-2023-3299
HashiCorp Nomad Enterprise 1.2.11 up to 1.5.6, and 1.4.10 ACL policies using a block without a label generates unexpected results. Fixed in 1.6.0, 1.5.7, and 1.4.11.
Source: CVE-2023-3299
CVE-2023-3072
HashiCorp Nomad and Nomad Enterprise 0.7.0 up to 1.5.6 and 1.4.10 ACL policies using a block without a label generates unexpected results. Fixed in 1.6.0, 1.5.7, and 1.4.11.
Source: CVE-2023-3072
CVE-2023-36853
?In Keysight Geolocation Server v2.4.2 and prior, a low privileged attacker could create a local ZIP file containing a malicious script in any location. The attacker could abuse this to load a DLL with SYSTEM privileges.
Source: CVE-2023-36853
CVE-2023-37362
Weintek Weincloud v0.13.6
could allow an attacker to abuse the registration functionality to login with testing credentials to the official website.
Source: CVE-2023-37362
CVE-2023-35134
Weintek Weincloud v0.13.6
could allow an attacker to reset a password with the corresponding account’s JWT token only.
Source: CVE-2023-35134
CVE-2023-34429
Weintek Weincloud v0.13.6
could allow an attacker to cause a denial-of-service condition for Weincloud by sending a forged JWT token.
Source: CVE-2023-34429
CVE-2023-34394
In Keysight Geolocation Server v2.4.2 and prior, an attacker could upload a specially crafted malicious file or delete any file or directory with SYSTEM privileges due to an improper path validation, which could result in local privilege escalation or a denial-of-service condition.
Source: CVE-2023-34394
CVE-2023-32657
Weintek Weincloud v0.13.6
could allow an attacker to efficiently develop a brute force attack on credentials with authentication hints from error message responses.
Source: CVE-2023-32657
CVE-2023-3782
DoS of the OkHttp client when using a BrotliInterceptor and surfing to a malicious web server, or when an attacker can perform MitM to inject a Brotli zip-bomb into an HTTP response
Source: CVE-2023-3782