| CVE |
Vendors |
Products |
Updated |
CVSS v3.1 |
| SAP BusinessObjects Business Intelligence Platform - versions 420, 430, allows an authenticated attacker to access sensitive information which is otherwise restricted. On successful exploitation, there could be a high impact on confidentiality, limited impact on integrity and availability of the application.
|
| An arbitrary code execution vulnerability contained in Rockwell Automation's Arena Simulation software was reported that could potentially allow a malicious user to commit unauthorized arbitrary code to the software by using a memory buffer overflow in the heap.
potentially resulting in a complete loss of confidentiality, integrity, and availability.
|
| Sngrep v1.6.0 was discovered to contain a heap buffer overflow via the function capture_packet_reasm_ip at /src/capture.c. |
| Jerryscript 3.0 (commit 05dbbd1) was discovered to contain a heap-buffer-overflow via the component parser_parse_function_statement at /jerry-core/parser/js/js-parser-statm.c. |
| Jerryscript 3.0 (commit 05dbbd1) was discovered to contain a heap-buffer-overflow via the component ecma_builtin_typedarray_prototype_sort. |
| IT Sourcecode Content Management System Project In PHP and MySQL With Source Code 1.0.0 is vulnerable to Cross Site Scripting (XSS) via /ecodesource/search_list.php. |
| Wekan v6.84 and earlier is vulnerable to Cross Site Scripting (XSS). An attacker with user privilege on kanban board can insert JavaScript code in in "Reaction to comment" feature. |
| A vulnerability was found in libvirt. This security flaw ouccers due to repeatedly querying an SR-IOV PCI device's capabilities that exposes a memory leak caused by a failure to free the virPCIVirtualFunction array within the parent struct's g_autoptr cleanup. |
| Missing authentication for critical function exists in SkyBridge MB-A100/110 firmware Ver. 4.2.0 and earlier, which may allow a remote unauthenticated attacker to execute some critical functions without authentication, e.g., rebooting the product. |
| Improper access control vulnerability in SkyBridge MB-A200 firmware Ver. 01.00.05 and earlier allows a remote unauthenticated attacker to connect to the product's ADB port. |
| In modem control device, there is a possible out of bounds write due to a missing bounds check. This could lead to local denial of service with System execution privileges needed. |
| In powerEx service, there is a possible missing permission check. This could lead to local escalation of privilege with no additional execution privileges. |
| In modem control device, there is a possible out of bounds write due to a missing bounds check. This could lead to local denial of service with System execution privileges needed. |
| In phasecheck server, there is a possible out of bounds read due to a missing bounds check. This could lead to local denial of service with System execution privileges needed. |
| In phoneEx service, there is a possible missing permission check. This could lead to local escalation of privilege with no additional execution privileges. |
| In modem, there is a possible missing verification of HashMME value in Security Mode Command. This could local denial of service with no additional execution privileges. |
| In modem, there is a possible missing verification of NAS Security Mode Command Replay Attacks in LTE. This could local denial of service with no additional execution privileges. |
| There is a command injection vulnerability in ZTE MF258 Pro product. Due to insufficient validation of Ping Diagnosis interface parameter, an authenticated attacker could use the vulnerability to execute arbitrary commands. |
| The ZENIC ONE R58 products by ZTE Corporation have a command injection vulnerability. An authenticated attacker can exploit this vulnerability to tamper with messages, inject malicious code, and subsequently launch attacks on related devices. |
| PostgresNIO is a Swift client for PostgreSQL. Any user of PostgresNIO prior to version 1.14.2 connecting to servers with TLS enabled is vulnerable to a man-in-the-middle attacker injecting false responses to the client's first few queries, despite the use of TLS certificate verification and encryption. The vulnerability is addressed in PostgresNIO versions starting from 1.14.2. There are no known workarounds for unpatched users. |