CVE
Vendors
Products
Updated
CVSS v2
CVSS v3
500f, 500f_firmware, 7-mode_transition_tool, 8300, 8300_firmware, 8700, 8700_firmware, A220, A220_firmware, A250
2023-01-05
N/A
8.1 HIGH
An improper authentication vulnerability exists in curl 7.33.0 to and including 7.82.0 which might allow reuse OAUTH2-authenticated connections without properly making sure that the connection was authenticated with the same credentials as set for this transfer. This affects SASL-enabled protocols: SMPTP(S), IMAP(S), POP3(S) and LDAP(S) (openldap only).
A non-admin user with user management permission can escalate his privilege to admin user via password reset functionality. The vulnerability affects Incapptic Connect version < 1.40.1.
An authenticated high privileged user can perform a stored XSS attack due to incorrect output encoding in Incapptic connect and affects all current versions.
A buffer overflow vulnerability found in the UniFi Door Access Reader Lite’s (UA Lite) firmware (Version 3.8.28.24 and earlier) allows a malicious actor who has gained access to a network to control all connected UA devices. This vulnerability is fixed in Version 3.8.31.13 and later.
Out-of-bounds Read in GitHub repository vim/vim prior to 9.0.
Xps_7390_firmware, Xps_7390, Emc_integrated_data_protection_appliance_firmware, Emc_idpa_dp4400, Emc_idpa_dp5800, Emc_idpa_dp8300, Emc_idpa_dp8800, Emc_vnx2_firmware, Emc_vnx2, Chengming_3967_firmware
2022-02-16
N/A
5.1 MEDIUM
Select Dell Client Commercial and Consumer platforms are vulnerable to an insufficient verification of data authenticity vulnerability. An authenticated malicious user may exploit this vulnerability in order to install modified BIOS firmware.
Xps_7390_firmware, Xps_7390, Emc_integrated_data_protection_appliance_firmware, Emc_idpa_dp4400, Emc_idpa_dp5800, Emc_idpa_dp8300, Emc_idpa_dp8800, Emc_vnx2_firmware, Emc_vnx2, Chengming_3967_firmware
2022-02-16
N/A
7.2 HIGH
Select Dell Client Commercial and Consumer platforms contain a pre-boot direct memory access (DMA) vulnerability. An authenticated attacker with physical access to the system may potentially exploit this vulnerability in order to execute arbitrary code on the device.
Dell PowerScale OneFS, versions 9.0.0-9.3.0, contain an improper authorization of index containing sensitive information. An authenticated and privileged user could potentially exploit this vulnerability, leading to disclosure or modification of sensitive data.
Dell EMC Unity versions before 5.2.0.0.5.173 , use(es) broken cryptographic algorithm. A remote unauthenticated attacker could potentially exploit this vulnerability by performing MitM attacks and let attackers obtain sensitive information.
Dell EMC Powerscale OneFS 8.2.x - 9.2.x omit security-relevant information in /etc/master.passwd. A high-privileged user can exploit this vulnerability to not record information identifying the source of account information changes.
