Multiple issues were addressed with improved logic. Rated high severity (CVSS 7.8), this vulnerability is no authentication required, low attack complexity. No vendor patch available.
An out-of-bounds write was addressed with improved input validation. Rated high severity (CVSS 7.8), this vulnerability is no authentication required, low attack complexity. No vendor patch available.
This issue was addressed with improved checks. Rated high severity (CVSS 7.8), this vulnerability is no authentication required, low attack complexity. No vendor patch available.
An out-of-bounds read was addressed with improved input validation. Rated high severity (CVSS 7.8), this vulnerability is no authentication required, low attack complexity. No vendor patch available.
An out-of-bounds write was addressed with improved input validation. Rated high severity (CVSS 7.8), this vulnerability is no authentication required, low attack complexity. No vendor patch available.
An out-of-bounds read was addressed with improved bounds checking. Rated high severity (CVSS 7.8), this vulnerability is no authentication required, low attack complexity. No vendor patch available.
This issue was addressed with improved checks. Rated high severity (CVSS 7.8), this vulnerability is no authentication required, low attack complexity. No vendor patch available.
An out-of-bounds read was addressed with improved bounds checking. Rated high severity (CVSS 7.8), this vulnerability is no authentication required, low attack complexity. No vendor patch available.
An out-of-bounds write was addressed with improved input validation. Rated high severity (CVSS 7.8), this vulnerability is no authentication required, low attack complexity. No vendor patch available.
An out-of-bounds write was addressed with improved input validation. Rated high severity (CVSS 7.8), this vulnerability is no authentication required, low attack complexity. No vendor patch available.
An out-of-bounds read was addressed with improved input validation. Rated high severity (CVSS 7.8), this vulnerability is no authentication required, low attack complexity. No vendor patch available.
This issue was addressed with improved checks. Rated high severity (CVSS 7.5), this vulnerability is remotely exploitable, no authentication required, low attack complexity. No vendor patch available.
A use after free issue was addressed with improved memory management. Rated high severity (CVSS 7.5), this vulnerability is remotely exploitable, no authentication required, low attack complexity. No vendor patch available.
An issue has been discovered in GitLab CE/EE affecting all versions starting with 12.6. Rated high severity (CVSS 7.5), this vulnerability is remotely exploitable, no authentication required, low attack complexity. No vendor patch available.
CXF supports (via JwtRequestCodeFilter) passing OAuth 2 parameters via a JWT token as opposed to query parameters (see: The OAuth 2.0 Authorization Framework: JWT Secured Authorization Request. Rated high severity (CVSS 7.5), this vulnerability is remotely exploitable, no authentication required, low attack complexity. This Uncontrolled Resource Consumption vulnerability could allow attackers to cause denial of service by exhausting system resources.
A race condition was addressed with additional validation. Rated high severity (CVSS 7.0), this vulnerability is no authentication required. No vendor patch available.
A race condition was addressed with improved locking. Rated high severity (CVSS 7.0). No vendor patch available.
Lightmeter ControlCenter 1.1.0 through 1.5.x before 1.5.1 allows anyone who knows the URL of a publicly available Lightmeter instance to access application settings, possibly including an SMTP. Rated medium severity (CVSS 6.5), this vulnerability is remotely exploitable, no authentication required, low attack complexity. No vendor patch available.
This issue was addressed with improved iframe sandbox enforcement. Rated medium severity (CVSS 6.5), this vulnerability is remotely exploitable, no authentication required, low attack complexity. No vendor patch available.
A port redirection issue was addressed with additional port validation. Rated medium severity (CVSS 6.5), this vulnerability is remotely exploitable, no authentication required, low attack complexity. No vendor patch available.
An improper access control vulnerability was identified in GitHub Enterprise Server that allowed access tokens generated from a GitHub App's web authentication flow to read private repository. Rated medium severity (CVSS 6.5), this vulnerability is remotely exploitable, no authentication required, low attack complexity. No vendor patch available.
This issue was addressed with improved iframe sandbox enforcement. Rated medium severity (CVSS 6.5), this vulnerability is remotely exploitable, no authentication required, low attack complexity. No vendor patch available.
An issue has been discovered in GitLab CE/EE affecting all versions starting from 13.9. Rated medium severity (CVSS 6.5), this vulnerability is remotely exploitable, low attack complexity. No vendor patch available.
wire-webapp is an open-source front end for Wire, a secure collaboration platform. Rated medium severity (CVSS 6.5), this vulnerability is remotely exploitable, no authentication required, low attack complexity. This Exposure of Sensitive Information vulnerability could allow attackers to access sensitive data that should not be disclosed.
Dell Wyse ThinOS 8.6 MR9 contains remediation for an improper management server validation vulnerability that could be potentially exploited to redirect a client to an attacker-controlled management. Rated medium severity (CVSS 6.3), this vulnerability is no authentication required, low attack complexity. No vendor patch available.
An issue was discovered in the Linux kernel before 5.11.3 when a webcam device exists. Rated medium severity (CVSS 6.2), this vulnerability is no authentication required, low attack complexity. This Memory Leak vulnerability could allow attackers to exhaust available memory leading to denial of service.
Jamf Pro before 10.28.0 allows XSS related to inventory history, aka PI-009376. Rated medium severity (CVSS 6.1), this vulnerability is remotely exploitable, no authentication required, low attack complexity. No vendor patch available.
This issue was addressed by improved management of object lifetimes. Rated medium severity (CVSS 6.1), this vulnerability is remotely exploitable, no authentication required, low attack complexity. No vendor patch available.
Pomerium from version 0.10.0-0.13.3 has an Open Redirect in the user sign-in/out process. Rated medium severity (CVSS 6.1), this vulnerability is remotely exploitable, no authentication required, low attack complexity. No vendor patch available.
Pomerium before 0.13.4 has an Open Redirect (issue 1 of 2). Rated medium severity (CVSS 6.1), this vulnerability is remotely exploitable, no authentication required, low attack complexity. No vendor patch available.
A man-in-the-middle vulnerability in Cohesity DataPlatform support channel in version 6.3 up to 6.3.1g, 6.4 up to 6.4.1c and 6.5.1 through 6.5.1b. Rated medium severity (CVSS 5.9), this vulnerability is remotely exploitable, no authentication required. No vendor patch available.
In wpa_supplicant and hostapd 2.9, forging attacks may occur because AlgorithmIdentifier parameters are mishandled in tls/pkcs1.c and tls/x509v3.c. Rated medium severity (CVSS 5.3), this vulnerability is remotely exploitable, no authentication required, low attack complexity.
Dell System Update (DSU) 1.9 and earlier versions contain a denial of service vulnerability. Rated medium severity (CVSS 5.5), this vulnerability is low attack complexity. No vendor patch available.
A path handling issue was addressed with improved validation. Rated medium severity (CVSS 5.5), this vulnerability is no authentication required, low attack complexity. No vendor patch available.
The issue was addressed with improved permissions logic. Rated medium severity (CVSS 5.5), this vulnerability is low attack complexity. No vendor patch available.
An out-of-bounds read issue existed that led to the disclosure of kernel memory. Rated medium severity (CVSS 5.5), this vulnerability is no authentication required, low attack complexity. No vendor patch available.
A logic issue was addressed with improved state management. Rated medium severity (CVSS 5.5), this vulnerability is low attack complexity. No vendor patch available.
A privacy issue existed in the handling of Contact cards. Rated medium severity (CVSS 5.5), this vulnerability is no authentication required, low attack complexity. No vendor patch available.
An out-of-bounds read issue existed in the curl. Rated medium severity (CVSS 5.5), this vulnerability is no authentication required, low attack complexity. No vendor patch available.
A logic issue was addressed with improved state management. Rated medium severity (CVSS 5.5), this vulnerability is no authentication required, low attack complexity. No vendor patch available.
A logic issue was addressed with improved validation. Rated medium severity (CVSS 5.5), this vulnerability is low attack complexity. No vendor patch available.
This issue was addressed with improved checks. Rated medium severity (CVSS 5.5), this vulnerability is no authentication required, low attack complexity. No vendor patch available.
A memory corruption issue was addressed with improved state management. Rated medium severity (CVSS 5.5), this vulnerability is no authentication required, low attack complexity. No vendor patch available.
An issue has been discovered in GitLab CE/EE affecting all versions starting from 13.4. Rated medium severity (CVSS 5.4), this vulnerability is remotely exploitable, low attack complexity. No vendor patch available.
A memory initialization issue was addressed with improved memory handling. Rated medium severity (CVSS 4.4), this vulnerability is low attack complexity. No vendor patch available.
Wyse Management Suite versions up to 3.2 contains a vulnerability wherein a malicious authenticated user can cause a denial of service in the job status retrieval page, also affecting other users. Rated medium severity (CVSS 4.3), this vulnerability is remotely exploitable, low attack complexity. No vendor patch available.
An issue has been discovered in GitLab CE/EE affecting all previous versions. Rated medium severity (CVSS 4.3), this vulnerability is remotely exploitable, no authentication required, low attack complexity. No vendor patch available.
An issue has been discovered in GitLab CE/EE affecting all versions from 13.8 and above allowing an authenticated user to delete incident metric images of public projects. Rated medium severity (CVSS 4.3), this vulnerability is remotely exploitable, low attack complexity. No vendor patch available.
An issue has been discovered in GitLab CE/EE affecting all versions starting from 10.6 where an infinite loop exist when an authenticated user with specific rights access a MR having source and. Rated medium severity (CVSS 4.3), this vulnerability is remotely exploitable, low attack complexity. No vendor patch available.
The issue was addressed with improved permissions logic. Rated low severity (CVSS 3.3), this vulnerability is no authentication required, low attack complexity. No vendor patch available.