| CVE |
Vendors |
Products |
Updated |
CVSS v3.1 |
| vim is vulnerable to Use After Free |
| semver-regex is vulnerable to Inefficient Regular Expression Complexity |
| An improper access control vulnerability was reported in some Motorola-branded Binatone Hubble Cameras which could allow an unauthenticated attacker on the same network as the device to access administrative pages that could result in information disclosure or device firmware update with verified firmware. |
| Some device communications in some Motorola-branded Binatone Hubble Cameras with backend Hubble services are not encrypted which could lead to the communication channel being accessible by an attacker. |
| An information disclosure vulnerability was reported in some Motorola-branded Binatone Hubble Cameras that could allow an unauthenticated attacker on the same subnet to download an encrypted log file containing sensitive information such as WiFi SSID and password. |
| A buffer overflow was reported in the local web server of some Motorola-branded Binatone Hubble Cameras that could allow an unauthenticated attacker on the same network to perform a denial-of-service attack against the device. |
| An information disclosure vulnerability was reported in some Motorola-branded Binatone Hubble Cameras that could allow an attacker with physical access to obtain the encryption key used to decrypt firmware update packages. |
| An exposed debug interface was reported in some Motorola-branded Binatone Hubble Cameras that could allow an attacker with physical access unauthorized access to the device. |
| A vulnerability was reported in some Motorola-branded Binatone Hubble Cameras that could allow an attacker with local access to obtain the MQTT credentials that could result in unauthorized access to backend Hubble services. |
| A potential vulnerability in the SMI callback function used in CSME configuration of some Lenovo Notebook and ThinkPad systems could be used to leak out data out of the SMRAM range. |
| yourls is vulnerable to Improper Neutralization of Input During Web Page Generation ('Cross-site Scripting') |
| yourls is vulnerable to Improper Neutralization of Input During Web Page Generation ('Cross-site Scripting') |
| A trivial sandbox (enabled with the `-dSAFER` option) escape flaw was found in the ghostscript interpreter by injecting a specially crafted pipe command. This flaw allows a specially crafted document to execute arbitrary commands on the system in the context of the ghostscript interpreter. The highest threat from this vulnerability is to confidentiality, integrity, as well as system availability. |
| peertube is vulnerable to Improper Neutralization of Input During Web Page Generation ('Cross-site Scripting') |
| A malicious MySQL server can request local file content from a client using ruby-mysql prior to version 2.10.0 without explicit authorization from the user. This issue was resolved in version 2.10.0 and later. |
| vim is vulnerable to Heap-based Buffer Overflow |
| nodejs-tmpl is vulnerable to Inefficient Regular Expression Complexity |
| showdoc is vulnerable to Cross-Site Request Forgery (CSRF) |
| showdoc is vulnerable to Cross-Site Request Forgery (CSRF) |
| A flaw was found in the Linux SCTP stack. A blind attacker may be able to kill an existing SCTP association through invalid chunks if the attacker knows the IP-addresses and port numbers being used and the attacker can send packets with spoofed IP addresses. |
