An issue was discovered in BMC Patrol before 22.1.00. The agent's configuration can be remotely queried. This configuration contains the Patrol account password, encrypted with a default AES key. This account can then be used to achieve remote code execution.
Max CVSS
7.5
EPSS Score
0.30%
Published
2023-05-31
Updated
2023-06-08
An issue was discovered in BMC Patrol through 23.1.00. The agent's configuration can be remotely modified (and, by default, authentication is not required). Some configuration fields related to SNMP (e.g., masterAgentName or masterAgentStartLine) result in code execution when the agent is restarted. NOTE: the vendor's perspective is "These are not vulnerabilities for us as we have provided the option to implement the authentication."
Max CVSS
9.8
EPSS Score
0.15%
Published
2023-05-31
Updated
2024-04-11
An issue was discovered in the Linux kernel before 6.3.3. There is an out-of-bounds read in crc16 in lib/crc16.c when called from fs/ext4/super.c because ext4_group_desc_csum does not properly check an offset. NOTE: this is disputed by third parties because the kernel is not intended to defend against attackers with the stated "When modifying the block device while it is mounted by the filesystem" access.
Max CVSS
5.5
EPSS Score
0.04%
Published
2023-05-31
Updated
2024-04-11
In JetBrains TeamCity before 2023.05 stored XSS in GitLab Connection page was possible
Max CVSS
5.4
EPSS Score
0.05%
Published
2023-05-31
Updated
2023-06-07
In JetBrains TeamCity before 2023.05 authentication checks were missing – 2FA was not checked for some sensitive account actions
Max CVSS
6.5
EPSS Score
0.05%
Published
2023-05-31
Updated
2023-06-07
In JetBrains TeamCity before 2023.05 a specific endpoint was vulnerable to brute force attacks
Max CVSS
7.5
EPSS Score
0.09%
Published
2023-05-31
Updated
2023-06-02
In JetBrains TeamCity before 2023.05 reflected XSS in the Subscriptions page was possible
Max CVSS
6.1
EPSS Score
0.05%
Published
2023-05-31
Updated
2023-06-02
In JetBrains TeamCity before 2023.05 stored XSS in the NuGet feed page was possible
Max CVSS
5.4
EPSS Score
0.05%
Published
2023-05-31
Updated
2023-06-02
In JetBrains TeamCity before 2023.05 open redirect during oAuth configuration was possible
Max CVSS
4.8
EPSS Score
0.05%
Published
2023-05-31
Updated
2023-06-02
In JetBrains TeamCity before 2023.05 parameters of the "password" type from build dependencies could be logged in some cases
Max CVSS
5.3
EPSS Score
0.05%
Published
2023-05-31
Updated
2023-06-02
In JetBrains TeamCity before 2023.05 possible XSS in the Plugin Vendor URL was possible
Max CVSS
6.1
EPSS Score
0.05%
Published
2023-05-31
Updated
2023-06-02
In JetBrains TeamCity before 2023.05 stored XSS in the Show Connection page was possible
Max CVSS
5.4
EPSS Score
0.05%
Published
2023-05-31
Updated
2023-06-02
In JetBrains TeamCity before 2023.05 stored XSS in the Commit Status Publisher window was possible
Max CVSS
5.4
EPSS Score
0.05%
Published
2023-05-31
Updated
2023-06-02
In JetBrains TeamCity before 2023.05 improper permission checks allowed users without appropriate permissions to edit Build Configuration settings via REST API
Max CVSS
4.3
EPSS Score
0.05%
Published
2023-05-31
Updated
2023-06-02
In JetBrains TeamCity before 2023.05 bypass of permission checks allowing to perform admin actions was possible
Max CVSS
9.8
EPSS Score
0.09%
Published
2023-05-31
Updated
2023-06-06
In Moov signedxml through 1.0.0, parsing the raw XML (as received) can result in different output than parsing the canonicalized XML. Thus, signature validation can be bypassed via a Signature Wrapping attack (aka XSW).
Max CVSS
9.1
EPSS Score
0.12%
Published
2023-05-30
Updated
2023-06-07
imapsync through 2.229 uses predictable paths under /tmp and /var/tmp in its default mode of operation. Both of these are typically world-writable, and thus (for example) an attacker can modify imapsync's cache and overwrite files belonging to the user who runs it.
Max CVSS
6.5
EPSS Score
0.05%
Published
2023-05-30
Updated
2023-06-07
A vulnerability was found in ImageMagick. This security flaw causes a shell command injection vulnerability via video:vsync or video:pixel-format options in VIDEO encoding/decoding.
Max CVSS
7.8
EPSS Score
0.04%
Published
2023-05-30
Updated
2023-08-31
A vulnerability was found in ImageMagick. This security flaw cause a remote code execution vulnerability in OpenBlob with --enable-pipes configured.
Max CVSS
9.8
EPSS Score
0.39%
Published
2023-05-30
Updated
2023-08-31
A vulnerability was found in ImageMagick. This security flaw ouccers as an undefined behaviors of casting double to size_t in svg, mvg and other coders (recurring bugs of CVE-2022-32546).
Max CVSS
5.5
EPSS Score
0.05%
Published
2023-05-30
Updated
2024-02-22
Collabora Online is a collaborative online office suite. A stored cross-site scripting (XSS) vulnerability was found in Collabora Online prior to versions 22.05.13, 21.11.9.1, and 6.4.27. An attacker could create a document with an XSS payload as a document name. Later, if an administrator opened the admin console and navigated to the history page, the document name was injected as unescaped HTML and executed as a script inside the context of the admin console. The administrator JSON web token (JWT) used for the websocket connection could be leaked through this flaw. Users should upgrade to Collabora Online 22.05.13 or higher; Collabora Online 21.11.9.1 or higher; Collabora Online 6.4.27 or higher to receive a patch.
Max CVSS
8.7
EPSS Score
0.05%
Published
2023-05-31
Updated
2023-06-08
The Introduction Client in Briar through 1.5.3 does not implement out-of-band verification for the public keys of introducees. An introducer can launch man-in-the-middle attacks against later private communication between two introduced parties.
Max CVSS
7.4
EPSS Score
0.08%
Published
2023-05-24
Updated
2023-06-01
Bramble Handshake Protocol (BHP) in Briar before 1.5.3 is not forward secure: eavesdroppers can decrypt network traffic between two accounts if they later compromise both accounts. NOTE: the eavesdropping is typically impractical because BHP runs over an encrypted session that uses the Tor hidden service protocol.
Max CVSS
5.9
EPSS Score
0.08%
Published
2023-05-24
Updated
2023-06-01
Briar before 1.4.22 allows attackers to spoof other users' messages in a blog, forum, or private group, but each spoofed message would need to be an exact duplicate of a legitimate message displayed alongside the spoofed one.
Max CVSS
6.5
EPSS Score
0.05%
Published
2023-05-24
Updated
2023-06-01
Bramble Synchronisation Protocol (BSP) in Briar before 1.4.22 allows attackers to cause a denial of service (repeated application crashes) via a series of long messages to a contact.
Max CVSS
7.5
EPSS Score
0.05%
Published
2023-05-24
Updated
2023-06-01
2420 vulnerabilities found
1 2 3 4 5 6 ...... 7 8 9 10 11 12 13 14 15 16 17 18 19 20 21 22 23 24 25 26 27 28 29 30 31 32 33 34 35 36 37 38 39 40 41 42 43 44 45 46 47 48 49 50 51 52 53 54 55 56 57 58 59 60 61 62 63 64 65 66 67 68 69 70 71 72 73 74 75 76 77 78 79 80 81 82 83 84 85 86 87 88 89 90 91 92 93 94 95 96 97
This web site uses cookies for managing your session, storing preferences, website analytics and additional purposes described in our privacy policy.
By using this web site you are agreeing to CVEdetails.com terms of use!