Vulnerabilities
| DATE | CVE | VULNERABILITY TITLE | RISK |
|---|---|---|---|
| 2024-02-07 | CVE-2023-43017 | Improper Certificate Validation vulnerability in IBM Security Verify Access IBM Security Verify Access 10.0.0.0 through 10.0.6.1 could allow a privileged user to install a configuration file that could allow remote access. | 7.2 |
| 2024-02-07 | CVE-2023-47700 | Improper Certificate Validation vulnerability in IBM Storage Virtualize 8.6 IBM SAN Volume Controller, IBM Storwize, IBM FlashSystem and IBM Storage Virtualize 8.6 products could allow a remote attacker to spoof a trusted system that would not be correctly validated by the Storwize server. | 7.5 |
| 2024-02-07 | CVE-2024-20252 | Cross-Site Request Forgery (CSRF) vulnerability in Cisco Expressway 14.0/14.0.7 Multiple vulnerabilities in Cisco Expressway Series and Cisco TelePresence Video Communication Server (VCS) could allow an unauthenticated, remote attacker to conduct cross-site request forgery (CSRF) attacks that perform arbitrary actions on an affected device. | 8.8 |
| 2024-02-07 | CVE-2024-20254 | Cross-Site Request Forgery (CSRF) vulnerability in Cisco Expressway 14.0/14.0.7 Multiple vulnerabilities in Cisco Expressway Series and Cisco TelePresence Video Communication Server (VCS) could allow an unauthenticated, remote attacker to conduct cross-site request forgery (CSRF) attacks that perform arbitrary actions on an affected device. | 8.8 |
| 2024-02-07 | CVE-2024-20255 | Cross-Site Request Forgery (CSRF) vulnerability in Cisco Expressway 14.0/14.0.7 A vulnerability in the SOAP API of Cisco Expressway Series and Cisco TelePresence Video Communication Server could allow an unauthenticated, remote attacker to conduct a cross-site request forgery (CSRF) attack on an affected system. This vulnerability is due to insufficient CSRF protections for the web-based management interface of an affected system. | 7.1 |
| 2024-02-07 | CVE-2024-20290 | Out-of-bounds Read vulnerability in multiple products A vulnerability in the OLE2 file format parser of ClamAV could allow an unauthenticated, remote attacker to cause a denial of service (DoS) condition on an affected device. This vulnerability is due to an incorrect check for end-of-string values during scanning, which may result in a heap buffer over-read. | 7.5 |
| 2024-02-07 | CVE-2024-23806 | Improper Authentication vulnerability in Hidglobal products Sensitive data can be extracted from HID iCLASS SE reader configuration cards. | 5.3 |
| 2024-02-07 | CVE-2024-24563 | Improper Validation of Array Index vulnerability in Vyperlang Vyper Vyper is a Pythonic Smart Contract Language for the Ethereum Virtual Machine. | 9.8 |
| 2024-02-07 | CVE-2024-24706 | Cross-Site Request Forgery (CSRF) vulnerability in Forumone Wp-Cfm Cross-Site Request Forgery (CSRF) vulnerability in Forum One WP-CFM wp-cfm.This issue affects WP-CFM: from n/a through 1.7.8. | 4.3 |
| 2024-02-07 | CVE-2024-24816 | Cross-site Scripting vulnerability in Ckeditor CKEditor4 is an open source what-you-see-is-what-you-get HTML editor. | 6.1 |