Vulnerabilities > Low

DATE CVE VULNERABILITY TITLE RISK
2023-07-25 CVE-2023-38496 Unspecified vulnerability in Lfprojects Apptainer 1.2.0
Apptainer is an open source container platform.
local
low complexity
lfprojects
3.3
2023-07-25 CVE-2023-37361 SQL Injection vulnerability in Vanderbilt Redcap
REDCap 12.0.26 LTS and 12.3.2 Standard allows SQL Injection via scheduling, repeatforms, purpose, app_title, or randomization.
network
low complexity
vanderbilt CWE-89
2.7
2023-07-21 CVE-2023-25840 Unspecified vulnerability in Esri Arcgis Server 10.8.1/10.9.0/10.9.1
There is a Cross-site Scripting vulnerability in ArcGIS Server in versions 11.1 and below that may allow a remote, authenticated attacker to create a crafted link which onmouseover wont execute but could potentially render an image in the victims browser.
network
low complexity
esri
3.4
2023-07-21 CVE-2023-3803 Unrestricted Upload of File with Dangerous Type vulnerability in Cdwanjiang Flash Flood Disaster Monitoring and Warning System 2.0
A vulnerability classified as problematic has been found in Chengdu Flash Flood Disaster Monitoring and Warning System 2.0.
network
high complexity
cdwanjiang CWE-434
3.7
2023-07-20 CVE-2023-3072 Missing Authorization vulnerability in Hashicorp Nomad
HashiCorp Nomad and Nomad Enterprise 0.7.0 up to 1.5.6 and 1.4.10 ACL policies using a block without a label generates unexpected results.
network
low complexity
hashicorp CWE-862
3.8
2023-07-20 CVE-2023-3299 Exposure of Resource to Wrong Sphere vulnerability in Hashicorp Nomad
HashiCorp Nomad Enterprise 1.2.11 up to 1.5.6, and 1.4.10 ACL policies using a block without a label generates unexpected results.
network
low complexity
hashicorp CWE-668
2.7
2023-07-19 CVE-2023-3674 A flaw was found in the keylime attestation verifier, which fails to flag a device's submitted TPM quote as faulty when the quote's signature does not validate for some reason.
local
low complexity
keylime fedoraproject
2.8
2023-07-17 CVE-2023-3584 Incorrect Authorization vulnerability in Mattermost Server
Mattermost fails to properly check the authorization of POST /api/v4/teams when passing a team override scheme ID in the request, allowing an authenticated attacker with knowledge of a Team Override Scheme ID to create a new team with said team override scheme.
network
high complexity
mattermost CWE-863
3.1
2023-07-17 CVE-2023-3587 Missing Authorization vulnerability in Mattermost Server
Mattermost fails to properly show information in the UI, allowing a system admin to modify a board state allowing any user with a valid sharing link to join the board with editor access, without the UI showing the updated permissions.
network
low complexity
mattermost CWE-862
2.7
2023-07-17 CVE-2023-3613 Incorrect Authorization vulnerability in Mattermost Server
Mattermost WelcomeBot plugin fails to to validate the membership status when inviting or adding users to channels allowing guest accounts to be added or invited to channels by default.
network
low complexity
mattermost CWE-863
3.5