Vulnerabilities > Low
| DATE | CVE | VULNERABILITY TITLE | RISK |
|---|---|---|---|
| 2023-02-27 | CVE-2023-22636 | Unspecified vulnerability in Fortinet Fortiweb An unauthorized configuration download vulnerability in FortiWeb 6.3.6 through 6.3.21, 6.4.0 through 6.4.2 and 7.0.0 through 7.0.4 may allow a local attacker to access confidential configuration files via a crafted http request. | 3.3 |
| 2023-02-24 | CVE-2023-0481 | Exposure of Resource to Wrong Sphere vulnerability in Quarkus In RestEasy Reactive implementation of Quarkus the insecure File.createTempFile() is used in the FileBodyHandler class which creates temp files with insecure permissions that could be read by a local user. | 3.3 |
| 2023-02-23 | CVE-2022-3219 | Out-of-bounds Write vulnerability in Gnupg GnuPG can be made to spin on a relatively small input by (for example) crafting a public key with thousands of signatures attached, compressed down to just a few KB. | 3.3 |
| 2023-02-20 | CVE-2022-48321 | Server-Side Request Forgery (SSRF) vulnerability in Checkmk 2.1.0 Limited Server-Side Request Forgery (SSRF) in agent-receiver in Tribe29's Checkmk <= 2.1.0p11 allows an attacker to communicate with local network restricted endpoints by use of the host registration API. | 3.3 |
| 2023-02-19 | CVE-2023-0919 | Unspecified vulnerability in Kavitareader Kavita Missing Authentication for Critical Function in GitHub repository kareadita/kavita prior to 0.7.0. | 3.5 |
| 2023-02-16 | CVE-2022-29054 | Unspecified vulnerability in Fortinet Fortios and Fortiproxy A missing cryptographic steps vulnerability [CWE-325] in the functions that encrypt the DHCP and DNS keys in Fortinet FortiOS version 7.2.0, 7.0.0 through 7.0.5, 6.4.0 through 6.4.9, 6.2.x and 6.0.x may allow an attacker in possession of the encrypted key to decipher it. | 3.3 |
| 2023-02-16 | CVE-2022-48307 | Improper Certificate Validation vulnerability in Palantir Magritte-Ftp It was discovered that the Magritte-ftp was not verifying hostnames in TLS certificates due to a misuse of the javax.net.ssl.SSLSocketFactory API. | 3.7 |
| 2023-02-16 | CVE-2022-48308 | Improper Certificate Validation vulnerability in Palantir Sls-Logging It was discovered that the sls-logging was not verifying hostnames in TLS certificates due to a misuse of the javax.net.ssl.SSLSocketFactory API. | 3.7 |
| 2023-02-15 | CVE-2023-23847 | Cross-Site Request Forgery (CSRF) vulnerability in Jenkins Synopsys Coverity A cross-site request forgery (CSRF) vulnerability in Synopsys Jenkins Coverity Plugin 3.0.2 and earlier allows attackers to connect to an attacker-specified HTTP server using attacker-specified credentials IDs obtained through another method, capturing credentials stored in Jenkins. | 3.5 |
| 2023-02-14 | CVE-2023-23934 | Unspecified vulnerability in Palletsprojects Werkzeug Werkzeug is a comprehensive WSGI web application library. low complexity palletsprojects | 3.5 |