Skip to main content
CVE-2023-27285 HIGH PATCH This Week

IBM Aspera Connect 4.2.5 and IBM Aspera Cargo 4.2.5 is vulnerable to a buffer overflow, caused by improper bounds checking. Rated high severity (CVSS 7.8), this vulnerability is low attack complexity.

Buffer Overflow RCE IBM Aspera Cargo Aspera Connect
NVD
CVSS 3.1
7.8
EPSS
0.2%
CVE-2023-24510 HIGH This Week

On the affected platforms running EOS, a malformed DHCP packet might cause the DHCP relay agent to restart. Rated high severity (CVSS 7.5), this vulnerability is remotely exploitable, no authentication required, low attack complexity. No vendor patch available.

Information Disclosure Eos
NVD
CVSS 3.1
7.5
EPSS
0.6%
CVE-2023-31893 HIGH This Week

Telefnica Brasil Vivo Play (IPTV) Firmware: 2023.04.04.01.06.15 is vulnerable to Denial of Service (DoS) via DNS Recursion. Rated high severity (CVSS 7.5), this vulnerability is remotely exploitable, no authentication required, low attack complexity. No vendor patch available.

Denial Of Service Brasil Vivo Play Firmware
NVD
CVSS 3.1
7.5
EPSS
0.9%
CVE-2023-22862 HIGH PATCH This Week

IBM Aspera Connect 4.2.5 and IBM Aspera Cargo 4.2.5 transmits authentication credentials, but it uses an insecure method that is susceptible to unauthorized interception and/or retrieval. Rated high severity (CVSS 7.5), this vulnerability is remotely exploitable, no authentication required, low attack complexity.

Authentication Bypass IBM Aspera Cargo Aspera Connect
NVD
CVSS 3.1
7.5
EPSS
0.5%
CVE-2023-27989 MEDIUM PATCH This Month

A buffer overflow vulnerability in the CGI program of the Zyxel NR7101 firmware versions prior to V1.00(ABUV.8)C0 could allow a remote authenticated attacker to cause denial of service (DoS). Rated medium severity (CVSS 6.5), this vulnerability is remotely exploitable, low attack complexity. This Buffer Copy without Size Check vulnerability could allow attackers to overflow a buffer to corrupt adjacent memory.

Buffer Overflow Denial Of Service Zyxel Lte7480 M804 Firmware Lte7490 M904 Firmware +2
NVD
CVSS 3.1
6.5
EPSS
1.0%
CVE-2023-32766 MEDIUM PATCH This Month

Gitpod before 2022.11.3 allows XSS because redirection can occur for some protocols outside of the trusted set of three (vscode: vscode-insiders: jetbrains-gateway:). Rated medium severity (CVSS 6.1), this vulnerability is remotely exploitable, no authentication required, low attack complexity. This Cross-Site Scripting (XSS) vulnerability could allow attackers to inject malicious scripts into web pages viewed by other users.

XSS Gitpod
NVD GitHub
CVSS 3.1
6.1
EPSS
0.6%
CVE-2023-27861 MEDIUM This Month

IBM Maximo Application Suite - Manage Component 8.8.0 and 8.9.0 transmits sensitive information in cleartext that could be intercepted by an attacker using man in the middle techniques. Rated medium severity (CVSS 5.9), this vulnerability is remotely exploitable, no authentication required. No vendor patch available.

Information Disclosure IBM Maximo Application Suite
NVD
CVSS 3.1
5.9
EPSS
0.3%
CVE-2023-33524 MEDIUM This Month

Advent/SSC Inc. Rated medium severity (CVSS 5.3), this vulnerability is remotely exploitable, no authentication required, low attack complexity. No vendor patch available.

Path Traversal Tamale Rms
NVD GitHub
CVSS 3.1
5.3
EPSS
1.0%
CVE-2023-34410 MEDIUM PATCH This Month

An issue was discovered in Qt before 5.15.15, 6.x before 6.2.9, and 6.3.x through 6.5.x before 6.5.2. Rated medium severity (CVSS 5.3), this vulnerability is remotely exploitable, no authentication required, low attack complexity.

Information Disclosure Debian Linux Fedora Qt
NVD
CVSS 3.1
5.3
EPSS
0.7%
CVE-2023-32334 MEDIUM PATCH This Month

IBM Maximo Asset Management 7.6.1.2, 7.6.1.3 and IBM Maximo Application Suite 8.8.0 stores sensitive information in URL parameters. Rated medium severity (CVSS 5.3), this vulnerability is remotely exploitable, no authentication required, low attack complexity.

Information Disclosure IBM Maximo Application Suite Maximo Asset Management
NVD
CVSS 3.1
5.3
EPSS
0.6%
Prev Page 2 of 2

This site uses cookies essential for authentication and security. No tracking or analytics cookies are used. Privacy Policy