| CVE |
Vendors |
Products |
Updated |
CVSS v3.1 |
| An issue was discovered in Cicool builder 3.4.4 allowing attackers to reset the administrator's password via the /administrator/auth/reset_password endpoint. |
| Snowflake JDBC driver versions >= 3.2.6 and <= 3.19.1 have an Incorrect Security Setting that can result in data being uploaded to an encrypted stage without the additional layer of protection provided by client side encryption. |
| A vulnerability has been identified in SINEC INS (All versions < V1.0 SP2 Update 3). The affected application does not properly restrict the size of generated log files. This could allow an unauthenticated remote attacker to trigger a large amount of logged events to exhaust the system's resources and create a denial of service condition. |
| A vulnerability has been identified in SINEC INS (All versions < V1.0 SP2 Update 3). The affected application does not properly validate authorization of a user to query the "/api/sftp/users" endpoint. This could allow an authenticated remote attacker to gain knowledge about the list of configured users of the SFTP service and also modify that configuration. |
| liboqs is a C-language cryptographic library that provides implementations of post-quantum cryptography algorithms. A correctness error has been identified in the reference implementation of the HQC key encapsulation mechanism. Due to an indexing error, part of the secret key is incorrectly treated as non-secret data. This results in an incorrect shared secret value being returned when the decapsulation function is called with a malformed ciphertext. This vulnerability is fixed in 0.12.0. |
| Race condition vulnerability in the virtualization base module. Successful exploitation of this vulnerability may affect the confidentiality and integrity of the virtualization graphics module. |
| Authentication management vulnerability in the ArkWeb module.
Impact: Successful exploitation of this vulnerability may affect service confidentiality. |
| Status verification vulnerability in the lock screen module.
Impact: Successful exploitation of this vulnerability will affect availability and confidentiality. |
| Binding authentication bypass vulnerability in the devicemanager module.
Impact: Successful exploitation of this vulnerability may affect service confidentiality. |
| Out-of-bounds write vulnerability in the skia module.
Impact: Successful exploitation of this vulnerability may affect service confidentiality. |
| Permission control vulnerability in the distributed clipboard module.
Impact: Successful exploitation of this vulnerability may affect service confidentiality. |
| Out-of-bounds read vulnerability in the devicemanager module.
Impact: Successful exploitation of this vulnerability may affect availability. |
| Iterator failure issue in the multi-mode input module.
Impact: Successful exploitation of this vulnerability may cause iterator failures and affect availability. |
| Deserialization vulnerability of untrusted data in the ability module.
Impact: Successful exploitation of this vulnerability may affect availability. |
| Server-Side Request Forgery (SSRF) vulnerability in Pik Online Yazılım Çözümleri A.Ş. Pik Online allows Server Side Request Forgery.This issue affects Pik Online: before 3.1.5. |
| Authorization Bypass Through User-Controlled Key vulnerability in Pik Online Yazılım Çözümleri A.Ş. Pik Online allows Exploitation of Trusted Identifiers.This issue affects Pik Online: before 3.1.5. |
| A vulnerability has been found in Intelbras InControl up to 2.21.58 and classified as problematic. This vulnerability affects unknown code of the file /v1/usuario/ of the component Registered User Handler. The manipulation leads to cleartext transmission of sensitive information. The attack can be initiated remotely. The complexity of an attack is rather high. The exploitation appears to be difficult. The exploit has been disclosed to the public and may be used. Upgrading to version 2.21.59 is able to address this issue. It is recommended to upgrade the affected component. |
| snowflake-connector-nodejs is a NodeJS driver for Snowflake. Snowflake discovered and remediated a vulnerability in the Snowflake NodeJS Driver. File permissions checks of the temporary credential cache could be bypassed by an attacker with write access to the local cache directory. This vulnerability affects versions 1.12.0 through 2.0.1 on Linux. Snowflake fixed the issue in version 2.0.2. |
| Unexpected injection event vulnerability in the multimodalinput module.
Impact: Successful exploitation of this vulnerability may affect availability. |
| Race condition vulnerability in the kernel file system module.
Impact: Successful exploitation of this vulnerability may affect availability. |
