Enterprise Vulnerabilities
From DHS/US-CERT's National Vulnerability Database
CVE-2023-23849PUBLISHED: 2023-02-06
Versions of Coverity Connect prior to 2022.12.0 are vulnerable to an unauthenticated Cross-Site Scripting vulnerability. Any web service hosted on the same sub domain can set a cookie for the whole subdomain which can be used to bypass other mitigations in place for malicious purposes. CVSS:3.1/AV:N...
CVE-2022-28923PUBLISHED: 2023-02-06Caddy v2.4.6 was discovered to contain an open redirection vulnerability which allows attackers to redirect users to phishing websites via crafted URLs.
CVE-2022-3229PUBLISHED: 2023-02-06
Because the web management interface for Unified Intents' Unified Remote solution does not itself require authentication, a remote, unauthenticated attacker can change or disable authentication requirements for the Unified Remote protocol, and leverage this now-unauthenticated access to run code of ...
CVE-2022-44617PUBLISHED: 2023-02-06A flaw was found in libXpm. When processing a file with width of 0 and a very large height, some parser functions will be called repeatedly and can lead to an infinite loop, resulting in a Denial of Service in the application linked to the library.
CVE-2022-46496PUBLISHED: 2023-02-06BTicino Door Entry HOMETOUCH for iOS 1.4.2 was discovered to be missing an SSL certificate.
User Rank: Strategist
5/8/2019 | 1:07:57 AM