Skip to main content
CVE-2023-29409 MEDIUM PATCH This Month

Extremely large RSA keys in certificate chains can cause a client/server to expend significant CPU time verifying signatures. Rated medium severity (CVSS 5.3), this vulnerability is remotely exploitable, no authentication required, low attack complexity. This Uncontrolled Resource Consumption vulnerability could allow attackers to cause denial of service by exhausting system resources.

Denial Of Service Go
NVD
CVSS 3.1
5.3
EPSS
1.3%
CVE-2023-38330 MEDIUM This Month

OXID eShop Enterprise Edition 6.5.0 - 6.5.2 before 6.5.3 allows uploading files with modified headers in the administration area. Rated medium severity (CVSS 5.3), this vulnerability is remotely exploitable, no authentication required, low attack complexity. No vendor patch available.

File Upload Eshop
NVD
CVSS 3.1
5.3
EPSS
0.4%
CVE-2023-31927 MEDIUM This Month

An information disclosure in the web interface of Brocade Fabric OS versions before Brocade Fabric OS v9.2.0 and v9.1.1c, could allow a remote unauthenticated attacker to get technical details about. Rated medium severity (CVSS 5.3), this vulnerability is remotely exploitable, no authentication required, low attack complexity. No vendor patch available.

Information Disclosure Brocade Fabric Operating System
NVD
CVSS 3.1
5.3
EPSS
0.5%
CVE-2023-36494 MEDIUM This Month

Audit logs on F5OS-A may contain undisclosed sensitive information. Rated medium severity (CVSS 4.4), this vulnerability is low attack complexity. No vendor patch available.

Information Disclosure F5Os A
NVD
CVSS 3.1
4.4
EPSS
0.2%
CVE-2023-38419 MEDIUM This Month

An authenticated attacker with guest privileges or higher can cause the iControl SOAP process to terminate by sending undisclosed requests. Rated medium severity (CVSS 4.3), this vulnerability is remotely exploitable, low attack complexity. No vendor patch available.

Information Disclosure Big Ip Access Policy Manager Big Ip Advanced Firewall Manager Big Ip Advanced Web Application Firewall Big Ip Analytics +16
NVD
CVSS 3.1
4.3
EPSS
0.5%
CVE-2023-26430 MEDIUM This Month

Attackers with access to user accounts can inject arbitrary control characters to SIEVE mail-filter rules. Rated medium severity (CVSS 4.3), this vulnerability is remotely exploitable, low attack complexity. No vendor patch available.

Command Injection Open Xchange Appsuite Backend
NVD
CVSS 3.1
4.3
EPSS
0.6%
CVE-2023-3426 MEDIUM PATCH This Month

The organization selector in Liferay Portal 7.4.3.81 through 7.4.3.85, and Liferay DXP 7.4 update 81 through 85 does not check user permission, which allows remote authenticated users to obtain a. Rated medium severity (CVSS 4.3), this vulnerability is remotely exploitable, low attack complexity. No vendor patch available.

Information Disclosure Digital Experience Platform Liferay Portal
NVD
CVSS 3.1
4.3
EPSS
0.6%
CVE-2023-2022 MEDIUM This Month

An issue has been discovered in GitLab CE/EE affecting all versions starting before 16.0.8, all versions starting from 16.1 before 16.1.3, all versions starting from 16.2 before 16.2.2, which leads. Rated medium severity (CVSS 4.3), this vulnerability is remotely exploitable, low attack complexity. No vendor patch available.

Information Disclosure Gitlab
NVD
CVSS 3.1
4.3
EPSS
0.4%
CVE-2023-1210 MEDIUM This Month

An issue has been discovered in GitLab affecting all versions starting from 12.9 before 16.0.8, all versions starting from 16.1 before 16.1.3, all versions starting from 16.2 before 16.2.2. Rated medium severity (CVSS 4.3), this vulnerability is remotely exploitable, low attack complexity. No vendor patch available.

Information Disclosure Gitlab
NVD
CVSS 3.1
4.3
EPSS
0.5%
CVE-2023-4016 LOW Monitor

Under some circumstances, this weakness allows a user who has access to run the “ps” utility on a machine, the ability to write almost unlimited amounts of unfiltered data into the process heap. Rated low severity (CVSS 3.3), this vulnerability is low attack complexity. No vendor patch available.

Buffer Overflow Heap Overflow Procps Fedora
NVD
CVSS 3.1
3.3
EPSS
0.2%
CVE-2023-26442 LOW Monitor

In case Cacheservice was configured to use a sproxyd object-storage backend, it would follow HTTP redirects issued by that backend. Rated low severity (CVSS 3.2), this vulnerability is no authentication required. No vendor patch available.

SSRF Open Xchange Appsuite Office
NVD
CVSS 3.1
3.2
EPSS
0.3%
CVE-2023-26438 LOW Monitor

External service lookups for a number of protocols were vulnerable to a time-of-check/time-of-use (TOCTOU) weakness, involving the JDK DNS cache. Rated low severity (CVSS 3.1), this vulnerability is remotely exploitable. No vendor patch available.

SSRF Open Xchange Appsuite Backend
NVD
CVSS 3.1
3.1
EPSS
0.5%
Prev Page 2 of 2

This site uses cookies essential for authentication and security. No tracking or analytics cookies are used. Privacy Policy