CVE
Vendors
Products
Updated
CVSS v2
CVSS v3
Pan-os, Pa-7050, Pa-7080, Bridgecrew_checkov, Content_update330, Cortex_xdr_agent, Cortex_xsoar, Demisto, Expedition, Expedition_migration_tool
2023-02-18
N/A
6.5 MEDIUM
A file disclosure vulnerability in the Palo Alto Networks Cortex XSOAR server software enables an authenticated user with access to the web interface to read local files from the server.
Pan-os, Pa-7050, Pa-7080, Bridgecrew_checkov, Content_update330, Cortex_xdr_agent, Cortex_xsoar, Demisto, Expedition, Expedition_migration_tool
2023-02-18
N/A
7.8 HIGH
A problem with a protection mechanism in the Palo Alto Networks Cortex XDR agent on Windows devices allows a local user to execute privileged cytool commands that disable or uninstall the agent.
Pan-os, Pa-7050, Pa-7080, Bridgecrew_checkov, Content_update330, Cortex_xdr_agent, Cortex_xsoar, Demisto, Expedition, Expedition_migration_tool
2023-02-18
N/A
6.7 MEDIUM
An information exposure vulnerability in the Palo Alto Networks Cortex XDR agent on Windows devices allows a local system administrator to disclose the admin password for the agent in cleartext, which bad actors can then use to execute privileged cytool commands that disable or uninstall the agent.
Adequate, Advanced_package_tool, Amaya, Apache2, Apt, Apt-cacher, Aptlinex, Apt-listchanges, Apt-setup, Axiom, 389_administration_server, 389_directory_server, Anaconda, Arm_installer, Atomic, Commons, Coolkey, Crypto-utils, Dracut, Extra_packages_for_enterprise_linux, Leap, Libzypp, Rmt-server, Autoyast2, Cryptctl, Osc, Factory, Munge, Munin, Pcp, Jboss_core_services, Enterprise_linux, Jboss_enterprise_application_platform, Enterprise_linux_server, Jboss_amq_clients_2, Openstack, Virtualization, Virtualization_host, Single_sign-on, Openshift_container_platform, Jitterbug, Ppp, Rsync, Samba_server, Volume_service
2023-02-03
N/A
6.5 MEDIUM
A NULL pointer dereference, or possible use-after-free flaw was found in Samba AD LDAP server in versions before 4.10.17, before 4.11.11 and before 4.12.4. Although some versions of Samba shipped with Red Hat Enterprise Linux do not support Samba in AD mode, the affected code is shipped with the libldb package. This flaw allows an authenticated user to possibly trigger a use-after-free or NULL pointer dereference. The highest threat from this vulnerability is to system availability.
Bson, C#_driver, Compass, Database_tools, Go_driver, Java_driver, Js-bson, Kubernetes_operator, Libbson, Libmongocrypt
2023-02-03
N/A
6.5 MEDIUM
A user authorized to perform database queries may cause denial of service by issuing specially crafted queries, which violate an invariant in the query subsystem's support for geoNear. This issue affects: MongoDB Inc. MongoDB Server v4.4 versions prior to 4.4.0-rc7; v4.2 versions prior to 4.2.8; v4.0 versions prior to 4.0.19.
Logo!8_bm_firmware, Logo!8_bm, Cp1604_firmware, Cp1604, Cp1616_firmware, Cp1616, Dk_standard_ethernet_controller_firmware, Dk_standard_ethernet_controller, Ek-ertec_200_firmware, Ek-ertec_200
2023-02-03
N/A
5.4 MEDIUM
A vulnerability has been identified in Camstar Enterprise Platform (All versions), Opcenter Execution Core (All versions < V8.2), Opcenter Execution Core (V8.2). An authenticated user with the ability to create containers, packages or register defects could perform stored Cross-Site Scripting (XSS) attacks within the vulnerable software. The impact of this attack could result in the session cookies of legitimate users being stolen. Should the attacker gain access to these cookies, they could then hijack the session and perform arbitrary actions in the name of the victim.
Adequate, Advanced_package_tool, Amaya, Apache2, Apt, Apt-cacher, Aptlinex, Apt-listchanges, Apt-setup, Axiom, 389_administration_server, 389_directory_server, Anaconda, Arm_installer, Atomic, Commons, Coolkey, Crypto-utils, Dracut, Extra_packages_for_enterprise_linux, Go, Crypto, H2c, Hpack, Http2, Net, Package_ssh, Protobuf, Ssh, Text, Leap, Libzypp, Rmt-server, Autoyast2, Cryptctl, Osc, Factory, Munge, Munin, Pcp
2023-02-03
N/A
7.5 HIGH
Go before 1.13.15 and 14.x before 1.14.7 can have an infinite read loop in ReadUvarint and ReadVarint in encoding/binary via invalid inputs.
Boundary, Consul, Consul_docker_image, Consul_template, Go-getter, Go-slug, Nomad, Packer, Sentinel, Terraform
2023-02-03
N/A
9.8 CRITICAL
HashiCorp Vault and Vault Enterprise versions 0.8.3 and newer, when configured with the GCP GCE auth method, may be vulnerable to authentication bypass. Fixed in 1.2.5, 1.3.8, 1.4.4, and 1.5.1.
2023-02-03
N/A
5.3 MEDIUM
A broken access control vulnerability in the First_network_func function of spx_restservice allows an attacker to arbitrarily change the network configuration of the BMC. This issue affects: Lanner Inc IAC-AST2500A standard firmware version 1.10.0.
2023-02-03
N/A
5.3 MEDIUM
Observable discrepancies in the login process allow an attacker to guess legitimate user names registered in the BMC. This issue affects: Lanner Inc IAC-AST2500A standard firmware version 1.10.0.