Vulnerabilities > Low

DATE CVE VULNERABILITY TITLE RISK
2023-01-26 CVE-2023-0463 Unspecified vulnerability in Devolutions Remote Desktop Manager 2022.3.29/2022.3.30
The force offline MFA prompt setting is not respected when switching to offline mode in Devolutions Remote Desktop Manager 2022.3.29 to 2022.3.30 allows a user to save sensitive data on disk.
local
low complexity
devolutions
3.3
2023-01-23 CVE-2023-24069 Unspecified vulnerability in Signal Signal-Desktop
** DISPUTED ** Signal Desktop before 6.2.0 on Windows, Linux, and macOS allows an attacker to obtain potentially sensitive attachments sent in messages from the attachments.noindex directory.
local
low complexity
signal
3.3
2023-01-18 CVE-2022-34399 Improper Restriction of Operations within the Bounds of a Memory Buffer vulnerability in Dell products
Dell Alienware m17 R5 BIOS version prior to 1.2.2 contain a buffer access vulnerability.
local
low complexity
dell CWE-119
2.3
2023-01-18 CVE-2023-21843 Unspecified vulnerability in Oracle Graalvm, JDK and JRE
Vulnerability in the Oracle Java SE, Oracle GraalVM Enterprise Edition product of Oracle Java SE (component: Sound).
network
high complexity
oracle
3.7
2023-01-18 CVE-2023-21874 Unspecified vulnerability in Oracle Mysql Server
Vulnerability in the MySQL Server product of Oracle MySQL (component: Server: Thread Pooling).
network
low complexity
oracle
2.7
2023-01-18 CVE-2023-21882 Unspecified vulnerability in Oracle Mysql
Vulnerability in the MySQL Server product of Oracle MySQL (component: Server: Optimizer).
network
low complexity
oracle
2.7
2023-01-18 CVE-2023-21885 Unspecified vulnerability in Oracle VM Virtualbox
Vulnerability in the Oracle VM VirtualBox product of Oracle Virtualization (component: Core).
local
low complexity
oracle
3.8
2023-01-18 CVE-2023-21889 Unspecified vulnerability in Oracle VM Virtualbox
Vulnerability in the Oracle VM VirtualBox product of Oracle Virtualization (component: Core).
local
low complexity
oracle
3.8
2023-01-16 CVE-2022-4309 Cross-Site Request Forgery (CSRF) vulnerability in Subscribe2 Project Subscribe2
The Subscribe2 WordPress plugin before 10.38 does not have CSRF check when deleting users, which could allow attackers to make a logged in admin delete arbitrary users by knowing their email via a CSRF attack.
network
high complexity
subscribe2-project CWE-352
3.1
2023-01-13 CVE-2023-22489 Missing Authorization vulnerability in Flarum
Flarum is a discussion platform for websites.
network
low complexity
flarum CWE-862
3.5