| CVE |
Vendors |
Products |
Updated |
CVSS v3.1 |
| In Apache James, using Jazzer fuzzer, we identified that an IMAP user can craft IMAP LIST commands to orchestrate a Denial Of Service using a vulnerable Regular expression. This affected Apache James prior to 3.6.1 We recommend upgrading to Apache James 3.6.1 or higher , which enforce the use of RE2J regular expression engine to execute regex in linear time without back-tracking. |
| An issue was discovered in Concrete CMS through 8.5.5. The Calendar is vulnerable to CSRF. ccm_token is not verified on the ccm/calendar/dialogs/event/add/save endpoint. |
| An issue was discovered in Concrete CMS through 8.5.5. There is an SVG sanitizer bypass. |
| An issue was discovered in Concrete CMS through 8.5.5. Path Traversal can lead to Arbitrary File Reading and SSRF. |
| An issue was discovered in Concrete CMS before 8.5.7. The Dashboard allows a user's password to be changed without a prompt for the current password. |
| An issue was discovered in Concrete CMS through 8.5.5. Fetching the update json scheme over HTTP leads to remote code execution. |
| An issue was discovered in Concrete CMS through 8.5.5. Authenticated path traversal leads to to remote code execution via uploaded PHP code, related to the bFilename parameter. |
| Knot Resolver before 5.3.2 is prone to an assertion failure, triggerable by a remote attacker in an edge case (NSEC3 with too many iterations used for a positive wildcard proof). |
| The communication module has a service logic error vulnerability.Successful exploitation of this vulnerability may affect data confidentiality. |
| There is a heap-based buffer overflow vulnerability in system components. Successful exploitation of this vulnerability may affect system stability. |
| There is an improper access control vulnerability in the video module. Successful exploitation of this vulnerability may affect confidentiality. |
| There is a vulnerability of copying input buffer without checking its size in the video framework. Successful exploitation of this vulnerability may affect availability. |
| There is a vulnerability of accessing resources using an incompatible type (type confusion) in the Bastet module. Successful exploitation of this vulnerability may affect integrity. |
| There is a heap-based buffer overflow vulnerability in the video framework. Successful exploitation of this vulnerability may affect availability. |
| There is a heap-based buffer overflow vulnerability in the video framework. Successful exploitation of this vulnerability may affect availability. |
| There is a heap-based and stack-based buffer overflow vulnerability in the video framework. Successful exploitation of this vulnerability may affect availability. |
| There is a vulnerability of copying input buffer without checking its size in the video framework. Successful exploitation of this vulnerability may affect availability. |
| There is an integer underflow vulnerability in the atcmdserver module. Successful exploitation of this vulnerability may affect integrity. |
| There is an incorrect buffer size calculation vulnerability in the video framework.Successful exploitation of this vulnerability may affect availability. |
| There is an unauthorized access vulnerability in system components. Successful exploitation of this vulnerability will affect confidentiality. |
