Security
Headlines
HeadlinesLatestCVEs

Source

CVE

CVE-2023-34358: ASUS RT-AX88U - Out-of-bounds Read - 1

ASUS RT-AX88U's httpd is subject to an unauthenticated DoS condition. A remote attacker can send a specially crafted request to a device which contains a specific user agent, causing the httpd binary to crash during a string comparison performed within web.c, resulting in a DoS condition.

CVE
Open in Source
#vulnerability#web#asus#auth
CVE-2023-34359: ASUS RT-AX88U - Out-of-bounds Read - 2

ASUS RT-AX88U's httpd is subject to an unauthenticated DoS condition. A remote attacker can send a specially crafted request to the device which causes the httpd binary to crash within the "do_json_decode()" function of ej.c, resulting in a DoS condition.

CVE-2023-22595: Security Bulletin: IBM B2B Advanced Communication is vulnerable to cross-site scripting (CVE-2023-22595)

IBM B2B Advanced Communications 1.0.0.0 and IBM Multi-Enterprise Integration Gateway 1.0.0.1 are vulnerable to cross-site scripting. This vulnerability allows users to embed arbitrary JavaScript code in the Web UI thus altering the intended functionality potentially leading to credentials disclosure within a trusted session. IBM X-Force ID: 244076.

CVE-2020-4868: IBM TRIRAGA information disclosure CVE-2020-4868 Vulnerability Report

IBM TRIRIGA 3.0, 4.0, and 4.4 could allow a remote attacker to obtain sensitive information when a detailed technical error message is returned in the browser. This information could be used in further attacks against the system. IBM X-Force ID: 190744.

CVE-2023-24971: IBM B2B Advanced Communications denial of service CVE-2023-24971 Vulnerability Report

IBM B2B Advanced Communications 1.0.0.0 and IBM Multi-Enterprise Integration Gateway 1.0.0.1 could allow a user to cause a denial of service due to the deserializing of untrusted serialized Java objects. IBM X-Force ID: 246976.

CVE-2023-4007: fix: added missing conversion to HTML entities · thorsten/phpMyFAQ@40eb968

Cross-site Scripting (XSS) - Stored in GitHub repository thorsten/phpmyfaq prior to 3.1.16.

CVE-2023-4006: huntr – Security Bounties for any GitHub repository

Improper Neutralization of Formula Elements in a CSV File in GitHub repository thorsten/phpmyfaq prior to 3.1.16.

CVE-2023-35019: Security Bulletin: IBM Security Verify Governance

IBM Security Verify Governance, Identity Manager 10.0 could allow a remote authenticated attacker to execute arbitrary commands on the system by sending a specially crafted request. IBM X-Force ID: 257873.

CVE-2022-43831: Security Bulletin: A vulnerability in IBM Storage Scale Container Native that could allow a local user to obtain escalated privileges on a host (CVE-2022-43831)

IBM Storage Scale Container Native Storage Access 5.1.2.1 through 5.1.6.1 could allow a local user to obtain escalated privileges on a host without proper security context settings configured. IBM X-Force ID: 238941.

CVE-2023-4005: Invalidate existing sessions during PW reset (#1435) · FOSSBilling/FOSSBilling@20c23b0

Insufficient Session Expiration in GitHub repository fossbilling/fossbilling prior to 0.5.5.