1671
|
5.5 |
MEDIUM
Local
|
redhat fedoraproject
|
shim enterprise_linux fedora
|
An out-of-bounds read flaw was found in Shim when it tried to validate the SBAT information. This issue may expose sensitive data during the system's boot phase.
|
CWE-125
Out-of-bounds Read
|
CVE-2023-40550
|
2024-09-17 04:16 |
2024-01-30 |
Show
|
GitHub
Exploit DB
Packet Storm
|
|
1672
|
5.5 |
MEDIUM
Local
|
redhat fedoraproject
|
shim enterprise_linux fedora
|
An out-of-bounds read flaw was found in Shim due to the lack of proper boundary verification during the load of a PE binary. This flaw allows an attacker to load a crafted PE binary, triggering the i…
|
CWE-125
Out-of-bounds Read
|
CVE-2023-40549
|
2024-09-17 04:16 |
2024-01-30 |
Show
|
GitHub
Exploit DB
Packet Storm
|
|
1673
|
5.5 |
MEDIUM
Local
|
redhat fedoraproject
|
shim enterprise_linux fedora
|
A flaw was found in Shim when an error happened while creating a new ESL variable. If Shim fails to create the new variable, it tries to print an error message to the user; however, the number of par…
|
CWE-476
NULL Pointer Dereference
|
CVE-2023-40546
|
2024-09-17 04:16 |
2024-01-30 |
Show
|
GitHub
Exploit DB
Packet Storm
|
|
1674
|
8.3 |
HIGH
Adjacent
|
redhat
|
shim enterprise_linux
|
A remote code execution vulnerability was found in Shim. The Shim boot support trusts attacker-controlled values when parsing an HTTP response. This flaw allows an attacker to craft a specific malici…
|
CWE-787
Out-of-bounds Write
|
CVE-2023-40547
|
2024-09-17 04:16 |
2024-01-26 |
Show
|
GitHub
Exploit DB
Packet Storm
|
|
1675
|
5.5 |
MEDIUM
Local
|
solarwinds
|
solarwinds_platform
|
Sensitive information was stored in plain text in a file that is accessible by a user with a local account in Hybrid Cloud Observability (HCO)/ SolarWinds Platform 2022.4. No other versions are affec…
|
CWE-312
Cleartext Storage of Sensitive Information
|
CVE-2022-47512
|
2024-09-17 04:16 |
2022-12-20 |
Show
|
GitHub
Exploit DB
Packet Storm
|
|
1676
|
5.4 |
MEDIUM
Network
|
solarwinds
|
orion_platform
|
Users with Node Management rights were able to view and edit all nodes due to Insufficient control on URL parameter causing insecure direct object reference (IDOR) vulnerability in SolarWinds Platfor…
|
CWE-639
Authorization Bypass Through User-Controlled Key
|
CVE-2022-36966
|
2024-09-17 04:16 |
2022-10-21 |
Show
|
GitHub
Exploit DB
Packet Storm
|
|
1677
|
8.8 |
HIGH
Network
|
rdstation
|
rd_station
|
Multiple Cross-Site Request Forgery (CSRF) vulnerabilities in RD Station plugin <= 5.2.0 at WordPress.
|
CWE-352
Origin Validation Error
|
CVE-2022-38139
|
2024-09-17 04:16 |
2022-09-13 |
Show
|
GitHub
Exploit DB
Packet Storm
|
|
1678
|
5.3 |
MEDIUM
Network
yikesinc
|
custom_product_tabs_for_woocommerce
|
Broken Access Control vulnerability in YIKES Inc. Custom Product Tabs for WooCommerce plugin <= 1.7.7 at WordPress leading to &yikes-the-content-toggle option update.
|
CWE-287
Improper Authentication
|
CVE-2022-28666
|
2024-09-17 04:16 |
2022-07-22 |
Show
|
GitHub
Exploit DB
Packet Storm
|
|
|
1679
|
7.5 |
HIGH
Network
codesys
|
runtime_toolkit plcwinnt plchandler opc_server edge_gateway hmi_sl sp_realtime_nt web_server gateway development_system
|
In the CODESYS Development System multiple components in multiple versions transmit the passwords for the communication between clients and servers unprotected.
|
CWE-523
Unprotected Transport of Credentials
|
CVE-2022-31805
|
2024-09-17 04:16 |
2022-06-24 |
Show
|
GitHub
Exploit DB
Packet Storm
|
|
|
1680
|
7.5 |
HIGH
Network
suse
|
manager_server
|
A Missing Authentication for Critical Function vulnerability in spacewalk-java of SUSE Manager Server 4.1, SUSE Manager Server 4.2 allows remote attackers to easily exhaust available disk resources l…
|
CWE-306
Missing Authentication for Critical Function
|
CVE-2022-21952
|
2024-09-17 04:16 |
2022-06-22 |
Show
|
GitHub
Exploit DB
Packet Storm
|
|
|