| CVE |
Vendors |
Products |
Updated |
CVSS v3.1 |
| MediaKind (formerly Ericsson) RX8200 5.13.3 devices are vulnerable to multiple reflected and stored XSS. An attacker has to inject JavaScript code directly in the "path" or "Services+ID" parameters and send the URL to a user in order to exploit reflected XSS. In the case of stored XSS, an attacker must modify the "name" parameter with the malicious code. |
| A cross site scripting (XSS) vulnerability in /admin.php?page=permalinks of Piwigo 2.10.1 allows attackers to execute arbitrary web scripts or HTML. |
| A stored cross site scripting (XSS) vulnerability in /admin.php?page=tags of Piwigo 2.10.1 allows attackers to execute arbitrary web scripts or HTML. |
| A vulnerability in the \inc\config.php component of joyplus-cms v1.6 allows attackers to access sensitive information. |
| A SQL injection vulnerability in /oa.php?c=Staff&a=read of Find a Place LJCMS v 1.3 allows attackers to access sensitive database information via a crafted POST request. |
| A remote code execution (RCE) vulnerability in /root/run/adm.php?admin-ediy&part=exdiy of imcat v5.1 allows authenticated attackers to execute arbitrary code. |
| jsonpickle through 1.4.1 allows remote code execution during deserialization of a malicious payload through the decode() function. Note: It has been argued that this is expected and clearly documented behaviour. pickle is known to be capable of causing arbitrary code execution, and must not be used with un-trusted data |
| Stack-based buffer overflow in Tenda AC-10U AC1200 Router US_AC10UV1.0RTL_V15.03.06.48_multi_TDE01 allows remote attackers to execute arbitrary code via the timeZone parameter to goform/SetSysTimeCfg. |
| SUPERAntispyware v8.0.0.1050 was discovered to contain an issue in the component saskutil64.sys. This issue allows attackers to arbitrarily write data to the device via IOCTL 0x9C402140. |
| The WinRin0x64.sys and WinRing0.sys low-level drivers in EVGA Precision XOC version v6.2.7 were discovered to be configured with the default security descriptor which allows attackers to access sensitive components and data. |
| A Denial of Service vulnerability exists in FFmpeg 4.2 due to a memory leak in the config_input function in af_acrossover.c. |
| A Denial of Service vulnerability exists in FFmpeg 4.2 due to a memory leak in the av_dict_set function in dict.c. |
| A Denial of Service vulnerability exists in FFmpeg 4.2 due to a memory leak in the filter_frame function in vf_tile.c. |
| A Denial of Service vulnerability exists in FFmpeg 4.2 due to a memory leak in the wtvfile_open_sector function in wtvdec.c. |
| A Denial of Service vulnerability exists in FFmpeg 4.2 due to a memory leak in the ff_frame_pool_get function in framepool.c. |
| A Denial of Service vulnerability exists in FFmpeg 4.2 due to a memory leak in the avpriv_float_dsp_allocl function in libavutil/float_dsp.c. |
| A Denial of Service vulnerability exists in FFmpeg 4.2 due to a memory leak in the url_open_dyn_buf_internal function in libavformat/aviobuf.c. |
| A Denial of Service vulnerability exists in FFmpeg 4.2 due to a memory leak at the fifo_alloc_common function in libavutil/fifo.c. |
| A Denial of Service vulnerability exists in FFmpeg 4.2 due to a memory leak is affected by: memory leak in the link_filter_inouts function in libavfilter/graphparser.c. |
| A Denial of Service vulnerability exists in FFmpeg 4.2 due to a memory leak in the av_buffersrc_add_frame_flags function in buffersrc. |
