| CVE |
Vendors |
Products |
Updated |
CVSS v3.1 |
| DLL hijacking vulnerability in TTplayer version 7.0.2, allows local attackers to escalate privileges and execute arbitrary code via urlmon.dll. |
| Tenda AX9 V22.03.01.46 has been found to contain a stack overflow vulnerability in the 'deviceList' parameter at /goform/setMacFilterCfg. |
| Memory corruption when keymaster operation imports a shared key. |
| Tenda W30E V16.01.0.12(4843) was discovered to contain a command injection vulnerability via the function setUmountUSBPartition. |
| Missing Authorization vulnerability in CodeRevolution Aiomatic.This issue affects Aiomatic: from n/a through 1.9.3. |
| A web server in the Intelligent Platform Management Interface (IPMI) baseboard management controller (BMC) implementation on Supermicro X11 and M11 based devices, with firmware versions up to 3.17.02, allows remote unauthenticated users to perform directory traversal, potentially disclosing sensitive information. |
| NetScout nGeniusONE 6.3.4 build 2298 allows a Stored Cross-Site scripting vulnerability (issue 3 of 4). |
| libheif v1.17.5 was discovered to contain a segmentation violation via the component /libheif/exif.cc. |
| By default, .ZED containers produced by PRIMX ZED! for Windows before Q.2020.3 (ANSSI qualification submission); ZED! for Windows before Q.2021.2 (ANSSI qualification submission); ZONECENTRAL for Windows before Q.2021.2 (ANSSI qualification submission); ZONECENTRAL for Windows before 2023.5; ZEDMAIL for Windows before 2023.5; and ZED! for Windows, Mac, Linux before 2023.5 include an encrypted version of sensitive user information, which could allow an unauthenticated attacker to obtain it via brute force. |
| A Cross Site Scripting (XSS) vulnerability was discovered in Emlog Pro v2.1.14 via the component /admin/store.php. |
| Emlog Pro v2.1.14 was discovered to contain a reflective cross-site scripting (XSS) vulnerability via the component /admin/article.php?active_savedraft. |
| Silverpeas Core 6.3.1 is vulnerable to Incorrect Access Control via the "Porlet Deployer" which allows administrators to deploy .WAR portlets. |
| The "Create a Space" feature in Silverpeas Core 6.3.1 is reserved for use by administrators. This function suffers from broken access control, allowing any authenticated user to create a space by navigating to the correct URL. |
| A cross-site scripting (XSS) vulnerability in the component /logs/dopost.html in RPCMS v3.5.5 allows attackers to execute arbitrary web scripts or HTML via a crafted payload. |
| JFinalcms 5.0.0 is vulnerable to Cross Site Scripting (XSS) via Label management editing. |
| A Command Injection vulnerability exists in NETGEAR WNR2000v4 version 1.0.0.70. When using HTTP for SOAP authentication, command execution occurs during the process after successful authentication. |
| A vulnerability in the password change function of Cisco Prime Collaboration Provisioning could allow an authenticated, remote attacker to cause the system to become inoperable. The vulnerability is due to insufficient validation of a password change request. An attacker could exploit this vulnerability by changing a specific administrator account password. A successful exploit could allow the attacker to cause the affected device to become inoperable, resulting in a denial of service (DoS) condition. This vulnerability affects Cisco Prime Collaboration Provisioning (PCP) Releases 12.2 and prior. Cisco Bug IDs: CSCvd86586. |
| Defective request context handling in Self Service in LinOTP 3.x before 3.2.5 allows remote unauthenticated attackers to escalate privileges, thereby allowing them to act as and with the permissions of another user. Attackers must generate repeated API requests to trigger a race condition with concurrent user activity in the self-service portal. |
| Tenda i29 v1.0 V1.0.0.5 was discovered to contain a command injection vulnerability via the pingSet function. |
| An issue was discovered in NOKIA NFM-T R19.9. Reflected XSS in the Network Element Manager exists via /oms1350/pages/otn/cpbLogDisplay via the filename parameter, under /oms1350/pages/otn/connection/E2ERoutingDisplayWithOverLay via the id parameter, and under /oms1350/pages/otn/mainOtn via all parameters. |