| CVE |
Vendors |
Products |
Updated |
CVSS v3.1 |
| Multiple Open Redirect in GitHub repository nitely/spirit prior to 0.12.3. |
| Open Redirect in GitHub repository medialize/uri.js prior to 1.19.10. |
| Reachable Assertion in tiffcp in libtiff 4.3.0 allows attackers to cause a denial-of-service via a crafted tiff file. For users that compile libtiff from sources, the fix is available with commit 5e180045. |
| A XML Extended entity vulnerability in McAfee Enterprise ePolicy Orchestrator (ePO) prior to 5.10 Update 13 allows a remote administrator attacker to upload a malicious XML file through the extension import functionality. The impact is limited to some access to confidential information and some ability to alter data. |
| There is a flaw in convert2rhel. convert2rhel passes the Red Hat account password to subscription-manager via the command line, which could allow unauthorized users locally on the machine to view the password via the process command line via e.g. htop or ps. The specific impact varies upon the privileges of the Red Hat account in question, but it could affect the integrity, availability, and/or data confidentiality of other systems that are administered by that account. This occurs regardless of how the password is supplied to convert2rhel. |
| Improper access control vulnerability in McAfee WebAdvisor Chrome and Edge browser extensions up to 8.1.0.1895 allows a remote attacker to gain access to McAfee WebAdvisor settings and other details about the user’s system. This could lead to unexpected behaviors including; settings being changed, fingerprinting of the system leading to targeted scams, and not triggering the malicious software if McAfee software is detected. |
| Weak Password Recovery Mechanism for Forgotten Password in GitHub repository microweber/microweber prior to 1.3. |
| The backend infrastructure shared by multiple mobile device monitoring services does not adequately authenticate or authorize API requests, creating an IDOR (Insecure Direct Object Reference) vulnerability. |
| Improper Access Control (IDOR) in GitHub repository dolibarr/dolibarr prior to 16.0. |
| Open Redirect in GitHub repository archivy/archivy prior to 1.7.0. |
| Open Redirect on Rudloff/alltube in Packagist rudloff/alltube prior to 3.0.1. |
| Authorization Bypass Through User-Controlled Key in NPM url-parse prior to 1.5.9. |
| Authorization Bypass Through User-Controlled Key in NPM url-parse prior to 1.5.8. |
| When the vulnerability is triggered the BIND process will exit. BIND 9.18.0 |
| Open redirect vulnerability via endpoint authorize_and_redirect/?redirect= in GitHub repository posthog/posthog prior to 1.34.1. |
| Versions affected: BIND 9.18.0 When a vulnerable version of named receives a series of specific queries, the named process will eventually terminate due to a failed assertion check. |
| Authorization Bypass Through User-Controlled Key in GitHub repository ionicabizau/parse-path prior to 5.0.0. |
| Authorization Bypass Through User-Controlled Key in NPM urijs prior to 1.19.8. |
| Open Redirect in Packagist microweber/microweber prior to 1.2.11. |
| Open Redirect in Packagist microweber/microweber prior to 1.2.11. |
