| CVE |
Vendors |
Products |
Updated |
CVSS v3.1 |
| Privilege escalation vulnerability in the NMS module
Impact: Successful exploitation of this vulnerability will affect availability. |
| Business Logic Errors in GitHub repository microweber/microweber prior to 2.0. |
|
The Bluetooth module of some Huawei Smart Screen products has an identity authentication bypass vulnerability. Successful exploitation of this vulnerability may allow attackers to access restricted functions.
Successful exploitation of this vulnerability may allow attackers to access restricted functions.
|
| H2O included a reference to an S3 bucket that no longer existed allowing an attacker to take over the S3 bucket URL. |
| Business Logic Errors in GitHub repository froxlor/froxlor prior to 2.0.22,2.1.0.
|
| libcurl would reuse a previously created connection even when a TLS or SSHrelated option had been changed that should have prohibited reuse.libcurl keeps previously used connections in a connection pool for subsequenttransfers to reuse if one of them matches the setup. However, several TLS andSSH settings were left out from the configuration match checks, making themmatch too easily. |
| Business Logic Errors in GitHub repository erudika/para prior to 1.45.11. |
| Old sessions are not blocked by the login enable function. in GitHub repository snipe/snipe-it prior to 5.3.10. |
| Host Header injection in password Reset in GitHub repository livehelperchat/livehelperchat prior to 3.97. |
| Business Logic Errors in GitHub repository dolibarr/dolibarr prior to 16.0. |
| Use multiple time the one-time coupon in Packagist microweber/microweber prior to 1.2.11. |
| Business Logic Errors in Packagist microweber/microweber prior to 1.2.11. |
| Business Logic Errors in GitHub repository publify/publify prior to 9.2.7. |
| Business Logic Errors in GitHub repository crater-invoice/crater prior to 6.0.5. |
| calibre-web is vulnerable to Business Logic Errors |
| Business Logic Errors in GitHub repository pimcore/pimcore prior to 10.2.6. |
| yetiforcecrm is vulnerable to Business Logic Errors |
| yetiforcecrm is vulnerable to Business Logic Errors |
| Magento Commerce versions 2.4.2 (and earlier), 2.4.2-p1 (and earlier) and 2.3.7 (and earlier) are affected by a business logic error in the placeOrder graphql mutation. An authenticated attacker can leverage this vulnerability to altar the price of an item. |
| libcurl-using applications can ask for a specific client certificate to be used in a transfer. This is done with the `CURLOPT_SSLCERT` option (`--cert` with the command line tool).When libcurl is built to use the macOS native TLS library Secure Transport, an application can ask for the client certificate by name or with a file name - using the same option. If the name exists as a file, it will be used instead of by name.If the appliction runs with a current working directory that is writable by other users (like `/tmp`), a malicious user can create a file name with the same name as the app wants to use by name, and thereby trick the application to use the file based cert instead of the one referred to by name making libcurl send the wrong client certificate in the TLS connection handshake. |
