| CVE |
Vendors |
Products |
Updated |
CVSS v3.1 |
| Improper buffer restrictions in the Intel(R) Optimization for Tensorflow software before version 2.12 may allow an authenticated user to potentially enable escalation of privilege via local access. |
| Incorrect default permissions in some Intel(R) Advanced Link Analyzer Standard Edition software installers before version 22.1 .1 may allow an authenticated user to potentially enable escalation of privilege via local access. |
| An attacker with non-administrative authorizations can exploit a directory traversal flaw in program SAPRSBRO to over-write system files. In this attack, no data can be read but potentially critical OS files can be over-written making the system unavailable.
|
| An issue was discovered in Insyde InsydeH2O with kernel 5.0 through 5.5. UEFI implementations do not correctly protect and validate information contained in the 'MeSetup' UEFI variable. On some systems, this variable can be overwritten using operating system APIs. Exploitation of this vulnerability could potentially lead to denial of service for the platform. |
| BASupSrvcUpdater.exe in N-able Take Control Agent through 7.0.41.1141 before 7.0.43 has a TOCTOU Race Condition via a pseudo-symlink at %PROGRAMDATA%\GetSupportService_N-Central\PushUpdates, leading to arbitrary file deletion. |
| A vulnerability has been identified in SIMOTION C240 (All versions >= V5.4 < V5.5 SP1), SIMOTION C240 PN (All versions >= V5.4 < V5.5 SP1), SIMOTION D410-2 DP (All versions >= V5.4 < V5.5 SP1), SIMOTION D410-2 DP/PN (All versions >= V5.4 < V5.5 SP1), SIMOTION D425-2 DP (All versions >= V5.4 < V5.5 SP1), SIMOTION D425-2 DP/PN (All versions >= V5.4 < V5.5 SP1), SIMOTION D435-2 DP (All versions >= V5.4 < V5.5 SP1), SIMOTION D435-2 DP/PN (All versions >= V5.4 < V5.5 SP1), SIMOTION D445-2 DP/PN (All versions >= V5.4), SIMOTION D445-2 DP/PN (All versions >= V5.4 < V5.5 SP1), SIMOTION D455-2 DP/PN (All versions >= V5.4 < V5.5 SP1), SIMOTION P320-4 E (All versions >= V5.4), SIMOTION P320-4 S (All versions >= V5.4). When operated with Security Level Low the device does not protect access to certain services relevant for debugging. This could allow an unauthenticated attacker to extract confidential technology object (TO) configuration from the device. |
| Cross-Site Request Forgery (CSRF) vulnerability in Yoohoo Plugins When Last Login plugin <= 1.2.1 versions. |
| Cross-Site Request Forgery (CSRF) vulnerability in wpstream WpStream plugin <= 4.4.10 versions. |
| Cross-Site Request Forgery (CSRF) vulnerability in Passionate Brains Add Expires Headers & Optimized Minify plugin <= 2.7 versions. |
| Auth. (admin+) Stored Cross-Site Scripting (XSS) vulnerability in Wow-Company Button Generator – easily Button Builder plugin <= 2.3.3 versions. |
| Server-Side Request Forgery (SSRF) vulnerability in Darren Cooney Instant Images plugin <= 5.1.0.2 versions. |
| Unauth. Stored Cross-Site Scripting (XSS) vulnerability in Teplitsa of social technologies Leyka plugin <= 3.29.2 versions. |
| Cross-Site Request Forgery (CSRF) vulnerability in MakeStories Team MakeStories (for Google Web Stories) plugin <= 2.8.0 versions. |
| Cross-Site Request Forgery (CSRF) vulnerability in Fluenx DeepL API translation plugin <= 2.1.4 versions. |
| Cross-Site Request Forgery (CSRF) vulnerability in Meril Inc. Blog Floating Button plugin <= 1.4.12 versions. |
| Cross-Site Request Forgery (CSRF) vulnerability in Pierre Lannoy / PerfOps One DecaLog plugin <= 3.7.0 versions. |
| Auth. (contributor+) Stored Cross-Site Scripting (XSS) vulnerability in Grant Kimball Simple Vimeo Shortcode plugin <= 2.9.1 versions. |
| Cross-Site Request Forgery (CSRF) vulnerability in Teplitsa of social technologies Leyka plugin <= 3.29.2 versions. |
| Cross-Site Request Forgery (CSRF) vulnerability in gl_SPICE New Adman plugin <= 1.6.8 versions. |
| Auth. (admin+) Stored Cross-Site Scripting (XSS) vulnerability in gl_SPICE New Adman plugin <= 1.6.8 versions. |
