Security Vulnerabilities
- CVEs Published In May 2023
Improper authentication in OpenBlue Enterprise Manager Data Collector versions prior to 3.2.5.75 allow access to an unauthorized user under certain circumstances.
OpenBlue Enterprise Manager Data Collector versions prior to 3.2.5.75 may expose sensitive information to an unauthorized user under certain circumstances.
SofaWiki <=3.8.9 is vulnerable to Cross Site Scripting (XSS) via index.php.
redis v7.0.10 was discovered to contain a segmentation violation. This vulnerability allows attackers to cause a Denial of Service (DoS) via unspecified vectors.
Compiler removal of buffer clearing in sli_cryptoacc_transparent_key_agreement in Silicon Labs Gecko Platform SDK v4.2.1 and earlier results in key material duplication to RAM.
Compiler removal of buffer clearing in
sli_se_driver_key_agreement
in Silicon Labs Gecko Platform SDK v4.2.1 and earlier results in key material duplication to RAM.
Compiler removal of buffer clearing in
sli_se_opaque_import_key
in Silicon Labs Gecko Platform SDK v4.2.1 and earlier results in key material duplication to RAM.
An arbitrary file upload vulnerability in the component /admin/ThemeController.java of PerfreeBlog v3.1.2 allows attackers to execute arbitrary code via a crafted file.
Compiler removal of buffer clearing in
sli_crypto_transparent_aead_encrypt_tag
in Silicon Labs Gecko Platform SDK v4.2.1 and earlier results in key material duplication to RAM.
Compiler removal of buffer clearing in
sli_crypto_transparent_aead_decrypt_tag
in Silicon Labs Gecko Platform SDK v4.2.1 and earlier results in key material duplication to RAM.