Show filters
75 Total Results
Displaying 21-30 of 75
Sort by:
Attacker Value
Unknown

CVE-2023-28507

Disclosure Date: March 29, 2023 (last updated October 08, 2023)
Rocket Software UniData versions prior to 8.2.4 build 3003 and UniVerse versions prior to 11.3.5 build 1001 or 12.2.1 build 2002 suffer from a memory-exhaustion issue, where a decompression routine will allocate increasing amounts of memory until all system memory is exhausted and the forked process crashes.
Attacker Value
Unknown

CVE-2023-28506

Disclosure Date: March 29, 2023 (last updated October 08, 2023)
Rocket Software UniData versions prior to 8.2.4 build 3003 and UniVerse versions prior to 11.3.5 build 1001 or 12.2.1 build 2002 suffer from a stack-based buffer overflow, where a string is copied into a buffer using a memcpy-like function and a user-provided length. This requires a valid login to exploit.
Attacker Value
Unknown

CVE-2023-28505

Disclosure Date: March 29, 2023 (last updated October 08, 2023)
Rocket Software UniData versions prior to 8.2.4 build 3003 and UniVerse versions prior to 11.3.5 build 1001 or 12.2.1 build 2002 suffer from a buffer overflow in an API function, where a string is copied into a caller-provided buffer without checking the length. This requires a valid login to exploit.
Attacker Value
Unknown

CVE-2023-28504

Disclosure Date: March 29, 2023 (last updated October 08, 2023)
Rocket Software UniData versions prior to 8.2.4 build 3003 and UniVerse versions prior to 11.3.5 build 1001 or 12.2.1 build 2002 suffer from a stack-based buffer overflow that can lead to remote code execution as the root user.
Attacker Value
Unknown

CVE-2023-28503

Disclosure Date: March 29, 2023 (last updated October 08, 2023)
Rocket Software UniData versions prior to 8.2.4 build 3003 and UniVerse versions prior to 11.3.5 build 1001 or 12.2.1 build 2002 suffer from an authentication bypass vulnerability, where a special username with a deterministic password can be leveraged to bypass authentication checks and execute OS commands as the root user.
Attacker Value
Unknown

CVE-2023-28502

Disclosure Date: March 29, 2023 (last updated October 08, 2023)
Rocket Software UniData versions prior to 8.2.4 build 3003 and UniVerse versions prior to 11.3.5 build 1001 or 12.2.1 build 2002 suffer from a stack-based buffer overflow in the "udadmin" service that can lead to remote code execution as the root user.
Attacker Value
Unknown

CVE-2023-28501

Disclosure Date: March 29, 2023 (last updated October 08, 2023)
Rocket Software UniData versions prior to 8.2.4 build 3003 and UniVerse versions prior to 11.3.5 build 1001 or 12.2.1 build 2002 suffer from a heap-based buffer overflow in the unirpcd daemon that, if successfully exploited, can lead to remote code execution as the root user.
Attacker Value
Unknown

CVE-2021-27788

Disclosure Date: March 10, 2023 (last updated November 08, 2023)
HCL Verse is susceptible to a Cross Site Scripting (XSS) vulnerability.  By tricking a user into clicking a crafted URL, a remote unauthenticated attacker could execute script in a victim's web browser to perform operations as the victim and/or steal the victim's cookies, session tokens, or other sensitive information.
Attacker Value
Unknown

CVE-2022-42268

Disclosure Date: January 13, 2023 (last updated November 08, 2023)
Omniverse Kit contains a vulnerability in the reference applications Create, Audio2Face, Isaac Sim, View, Code, and Machinima. These applications allow executable Python code to be embedded in Universal Scene Description (USD) files to customize all aspects of a scene. If a user opens a USD file that contains embedded Python code in one of these applications, the embedded Python code automatically runs with the privileges of the user who opened the file. As a result, an unprivileged remote attacker could craft a USD file containing malicious Python code and persuade a local user to open the file, which may lead to information disclosure, data tampering, and denial of service.
Attacker Value
Unknown

CVE-2022-45384

Disclosure Date: November 15, 2022 (last updated February 24, 2025)
Jenkins Reverse Proxy Auth Plugin 1.7.3 and earlier stores the LDAP manager password unencrypted in the global config.xml file on the Jenkins controller where it can be viewed by attackers with access to the Jenkins controller file system.