Home

• CVE-2023-45883

  October 19th, 2023

  A privilege escalation vulnerability exists within the Qumu Multicast Extension v2 before 2.0.63 for Windows. When a standard user triggers a repair of the software, a pop-up window opens with SYSTEM privileges. Standard users may use this to gain arbitrary code execution as SYSTEM.




• CVE-2023-0010

  June 14th, 2023

  A reflected cross-site scripting vulnerability exists in the Captive Portal feature of Palo Alto Networks PAN-OS software. This issue applies to firewalls configured to use Captive Portal authentication, and on PAN-OS 10.0 and later only when default token generation for Captive Portal authentication is disabled.




• CVE-2023-31200

  June 7th, 2023

  PTC Vuforia Studio before 9.9 contains a cross-site request forgery vulnerability. The local web application does not require a token, which could allow an attacker with local access to perform a CSRF or replay attack.




• CVE-2023-29502

  June 7th, 2023

  PTC Vuforia Studio before 9.9 contains a path traversal vulnerability. Before importing a project into Vuforia, a user could modify the resourceDirectory attribute in the appConfig.json file to use a different path.




• CVE-2023-29168

  June 7th, 2023

  PTC Vuforia Studio before 9.9 contains an insufficiently protected credentials vulnerability. The local Vuforia web application does not support HTTPS, and federated credentials are passed via basic authentication.

Previous      Page: 6 of 21      Next