| CVE |
Vendors |
Products |
Updated |
CVSS v3.1 |
| Zoho ManageEngine Desktop Central before build 10.0.647 allows a single authentication secret from multiple agents to communicate with the server. |
| An issue was discovered in SDDM before 0.19.0. It incorrectly starts the X server in a way that - for a short time period - allows local unprivileged users to create a connection to the X server without providing proper authentication. A local attacker can thus access X server display contents and, for example, intercept keystrokes or access the clipboard. This is caused by a race condition during Xauthority file creation. |
| AudimexEE before 14.1.1 is vulnerable to Reflected XSS (Cross-Site-Scripting). If the recommended security configuration parameter "unique_error_numbers" is not set, remote attackers can inject arbitrary web script or HTML via 'action, cargo, panel' parameters that can lead to data leakage. |
| An issue was discovered in ProlinOS through 2.4.161.8859R. An attacker with local code execution privileges as a normal user (MAINAPP) can escalate to root privileges by exploiting the setuid installation of the xtables-multi binary and leveraging the ip6tables --modprobe switch. |
| An unsigned-library issue was discovered in ProlinOS through 2.4.161.8859R. This OS requires installed applications and all system binaries to be signed either by the manufacturer or by the Point Of Sale application developer and distributor. The signature is a 2048-byte RSA signature verified in the kernel prior to ELF execution. Shared libraries, however, do not need to be signed, and they are not verified. An attacker may execute a custom binary by compiling it as a shared object and loading it via LD_PRELOAD. |
| An attacker with physical access to a PAX Point Of Sale device with ProlinOS through 2.4.161.8859R can boot it in management mode, enable the XCB service, and then list, read, create, and overwrite files with MAINAPP permissions. |
| MISP through 2.4.133 allows SSRF in the REST client via the use_full_path parameter with an arbitrary URL. |
| ServiceStack before 5.9.2 mishandles JWT signature verification unless an application has a custom ValidateToken function that establishes a valid minimum length for a signature. |
| The SIP ALG implementation on NETGEAR Nighthawk R7000 1.0.9.64_10.2.64 devices allows remote attackers to communicate with arbitrary TCP and UDP services on a victim's intranet machine, if the victim visits an attacker-controlled web site with a modern browser, aka NAT Slipstreaming. This occurs because the ALG takes action based on an IP packet with an initial REGISTER substring in the TCP data, and the correct intranet IP address in the subsequent Via header, without properly considering that connection progress and fragmentation affect the meaning of the packet data. |
| WordPress before 5.5.2 allows CSRF attacks that change a theme's background image. |
| is_protected_meta in wp-includes/meta.php in WordPress before 5.5.2 allows arbitrary file deletion because it does not properly determine whether a meta key is considered protected. |
| WordPress before 5.5.2 allows stored XSS via post slugs. |
| is_blog_installed in wp-includes/functions.php in WordPress before 5.5.2 improperly determines whether WordPress is already installed, which might allow an attacker to perform a new installation, leading to remote code execution (as well as a denial of service for the old installation). |
| wp-includes/class-wp-xmlrpc-server.php in WordPress before 5.5.2 allows attackers to gain privileges by using XML-RPC to comment on a post. |
| WordPress before 5.5.2 allows attackers to gain privileges via XML-RPC. |
| WordPress before 5.5.2 allows XSS associated with global variables. |
| WordPress before 5.5.2 mishandles embeds from disabled sites on a multisite network, as demonstrated by allowing a spam embed. |
| WordPress before 5.5.2 mishandles deserialization requests in wp-includes/Requests/Utility/FilteredIterator.php. |
| eramba through c2.8.1 allows HTTP Host header injection with (for example) resultant wkhtml2pdf PDF printing by authenticated users. |
| In Wireshark 3.2.0 to 3.2.7, the GQUIC dissector could crash. This was addressed in epan/dissectors/packet-gquic.c by correcting the implementation of offset advancement. |
