| CVE |
Vendors |
Products |
Updated |
CVSS v3.1 |
| Transient DOS in Multi-Mode Call Processor while processing UE policy container. |
| Memory corruption in Core Services while executing the command for removing a single event listener. |
| Transient DOS while decoding message of size that exceeds the available system memory. |
| Weak Configuration due to improper input validation in Modem while processing LTE security mode command message received from network. |
| Memory Corruption in Core during syscall for Sectools Fuse comparison feature. |
| ServiceStack GetErrorResponse Improper Input Validation NTLM Relay Vulnerability. This vulnerability allows remote attackers to relay NTLM credentials on affected installations of ServiceStack. Interaction with this library is required to exploit this vulnerability but attack vectors may vary depending on the implementation.
The specific flaw exists within the implementation of the GetErrorResponse method. The issue results from the lack of proper validation of user-supplied data, which can result in a type confusion condition. An attacker can leverage this vulnerability to relay NTLM credentials in the context of the current user. Was ZDI-CAN-25834. |
| IBM Security Verify Access Appliance and Container 10.0.0 through 10.0.8 could allow a remote attacker to obtain sensitive information when a detailed technical error message is returned. This information could be used in further attacks against the system. |
| A vulnerability in the web-based management interface of Cisco AsyncOS Software for Cisco Secure Email Gateway and Cisco Secure Web Appliance could allow an authenticated, remote attacker to perform command injection attacks against an affected device. The attacker must authenticate with valid administrator credentials.
This vulnerability is due to insufficient validation of XML configuration files by an affected device. An attacker could exploit this vulnerability by uploading a crafted XML configuration file. A successful exploit could allow the attacker to inject commands to the underlying operating system with root privileges. |
| An issue in hMailServer v.5.8.6 allows a local attacker to obtain sensitive information via the hmailserver/installation/hMailServerInnoExtension.iss and hMailServer.ini components. |
| Unified Automation UaGateway OPC UA Server Improper Input Validation Denial-of-Service Vulnerability. This vulnerability allows remote attackers to create a denial-of-service condition on affected installations of Unified Automation UaGateway. User interaction is required to exploit this vulnerability in that the target must choose to accept a client certificate.
The specific flaw exists within the processing of client certificates. The issue results from the lack of proper validation of certificate data. An attacker can leverage this vulnerability to create a denial-of-service condition on the system. Was ZDI-CAN-20494. |
| VMware ESXi (7.0 prior to ESXi70U1c-17325551), VMware Workstation (16.x prior to 16.0 and 15.x prior to 15.5.7), VMware Fusion (12.x prior to 12.0 and 11.x prior to 11.5.7) and VMware Cloud Foundation contain a denial of service vulnerability due to improper input validation in GuestInfo. A malicious actor with normal user privilege access to a virtual machine can crash the virtual machine's vmx process leading to a denial of service condition. |
| A vulnerability in the logging component of Cisco Unified Communications Manager IM & Presence Service (Unified CM IM&P) could allow an authenticated, remote attacker to view sensitive information in clear text on an affected system.
This vulnerability is due to the storage of unencrypted credentials in certain logs. An attacker could exploit this vulnerability by accessing the logs on an affected system and obtaining credentials that they may not normally have access to. A successful exploit could allow the attacker to access sensitive information from the device. |
| An issue has been discovered in GitLab EE affecting all versions from 17.1 before 17.8.7, 17.9 before 17.9.6, and 17.10 before 17.10.4. This allows attackers to perform targeted searches with sensitive keywords to get the count of issues containing the searched term." |
| Hugging Face Transformers versions up to 4.49.0 are affected by an improper input validation vulnerability in the `image_utils.py` file. The vulnerability arises from insecure URL validation using the `startswith()` method, which can be bypassed through URL username injection. This allows attackers to craft URLs that appear to be from YouTube but resolve to malicious domains, potentially leading to phishing attacks, malware distribution, or data exfiltration. The issue is fixed in version 4.52.1. |
| A vulnerability in Cisco Nexus Dashboard could allow an unauthenticated, remote attacker to enumerate LDAP user accounts.
This vulnerability is due to the improper handling of LDAP authentication requests. An attacker could exploit this vulnerability by sending authentication requests to an affected system. A successful exploit could allow an attacker to determine which usernames are valid LDAP user accounts. |
| An issue was discovered in GitLab EE/CE affecting all versions starting from 11.5 before 17.7.7, all versions starting from 17.8 before 17.8.5, all versions starting from 17.9 before 17.9.2. Certain user inputs in repository mirroring settings could potentially expose sensitive authentication information. |
| An issue in Aver PTC310UV2 v.0.1.0000.59 allows a remote attacker to obtain sensitive information via a crafted request |
| A vulnerability in a certain REST API endpoint of Cisco Data Center Network Manager (DCNM) Software could allow an authenticated, remote attacker to perform a path traversal attack on an affected device.
The vulnerability is due to insufficient path restriction enforcement. An attacker could exploit this vulnerability by sending crafted HTTP requests to an affected device. A successful exploit could allow the attacker to overwrite or list arbitrary files on the affected device.Cisco has released software updates that address this vulnerability. There are no workarounds that address this vulnerability. |
| A vulnerability in the IP packet processing of Cisco Access Point (AP) Software could allow an unauthenticated, remote attacker to cause a denial of service (DoS) condition on an affected device.
This vulnerability is due to insufficient input validation of certain IPv4 packets. An attacker could exploit this vulnerability by sending a crafted IPv4 packet either to or through an affected device. A successful exploit could allow the attacker to cause an affected device to reload unexpectedly, resulting in a DoS condition. To successfully exploit this vulnerability, the attacker does not need to be associated with the affected AP. This vulnerability cannot be exploited by sending IPv6 packets. |
| A vulnerability in Cisco Integrated Management Controller could allow an unauthenticated, remote attacker to enumerate valid usernames within the vulnerable application.
The vulnerability is due to differences in authentication responses sent back from the application as part of an authentication attempt. An attacker could exploit this vulnerability by sending authentication requests to the affected application. A successful exploit could allow the attacker to confirm the names of administrative user accounts for use in further attacks.There are no workarounds that address this vulnerability. |
