| CVE |
Vendors |
Products |
Updated |
CVSS v3.1 |
| Vulnerability of input parameters being not strictly verified in the PMS module. Successful exploitation of this vulnerability may cause newly installed apps to fail to restart. |
| Vulnerability of configuration defects in the media module of certain products.. Successful exploitation of this vulnerability may cause unauthorized access. |
| Vulnerability of incomplete permission verification in the input method module. Successful exploitation of this vulnerability may cause features to perform abnormally. |
| Vulnerability of input parameters being not strictly verified in the AMS module. Successful exploitation of this vulnerability may compromise apps' data security. |
| Input verification vulnerability in the audio module. Successful exploitation of this vulnerability may cause virtual machines (VMs) to restart. |
| Input verification vulnerability in the storage module. Successful exploitation of this vulnerability may cause the device to restart. |
| Permission control vulnerability in the audio module. Successful exploitation of this vulnerability may cause audio devices to perform abnormally. |
| Fujitsu Software Infrastructure Manager (ISM) stores sensitive information at the product's maintenance data (ismsnap) in cleartext form. As a result, the password for the proxy server that is configured in ISM may be retrieved. Affected products and versions are as follows: Fujitsu Software Infrastructure Manager Advanced Edition V2.8.0.060, Fujitsu Software Infrastructure Manager Advanced Edition for PRIMEFLEX V2.8.0.060, and Fujitsu Software Infrastructure Manager Essential Edition V2.8.0.060.
|
| SiberianCMS - CWE-89: Improper Neutralization of Special Elements used in an SQL Command ('SQL Injection') by an unauthenticated user |
| SiberianCMS - CWE-434: Unrestricted Upload of File with Dangerous Type - A malicious user with administrative privileges may be able to upload a dangerous filetype via an unspecified method |
|
SiberianCMS - CWE-284 Improper Access Control Authorized user may disable a security feature over the network
|
|
SiberianCMS - CWE-274: Improper Handling of Insufficient Privileges
|
|
ForeScout NAC SecureConnector version 11.2 - CWE-427: Uncontrolled Search Path Element
|
|
A Hyundai model (2017) - CWE-294: Authentication Bypass by Capture-replay.
|
|
StarTrinity Softswitch version 2023-02-16 - Multiple CSRF (CWE-352)
|
|
StarTrinity Softswitch version 2023-02-16 - Open Redirect (CWE-601)
|
|
StarTrinity Softswitch version 2023-02-16 - Persistent XSS (CWE-79)
|
|
StarTrinity Softswitch version 2023-02-16 - Multiple Reflected XSS (CWE-79)
|
| Vyper is a Pythonic Smart Contract Language for the Ethereum Virtual Machine (EVM). In versions 0.2.15, 0.2.16 and 0.3.0, named re-entrancy locks are allocated incorrectly. Each function using a named re-entrancy lock gets a unique lock regardless of the key, allowing cross-function re-entrancy in contracts compiled with the susceptible versions. A specific set of conditions is required to result in misbehavior of affected contracts, specifically: a `.vy` contract compiled with `vyper` versions `0.2.15`, `0.2.16`, or `0.3.0`; a primary function that utilizes the `@nonreentrant` decorator with a specific `key` and does not strictly follow the check-effects-interaction pattern (i.e. contains an external call to an untrusted party before storage updates); and a secondary function that utilizes the same `key` and would be affected by the improper state caused by the primary function. Version 0.3.1 contains a fix for this issue. |
| Sentry is an error tracking and performance monitoring platform. Starting in version 22.1.0 and prior to version 23.7.2, an attacker with access to a token with few or no scopes can query `/api/0/api-tokens/` for a list of all tokens created by a user, including tokens with greater scopes, and use those tokens in other requests. There is no evidence that the issue was exploited on `sentry.io`. For self-hosted users, it is advised to rotate user auth tokens. A fix is available in version 23.7.2 of `sentry` and `self-hosted`. There are no known workarounds. |