| CVE |
Vendors |
Products |
Updated |
CVSS v3.1 |
| Vulnerability of input parameters being not strictly verified in the RSMC module.
Impact: Successful exploitation of this vulnerability may cause out-of-bounds write. |
| Permission control vulnerability in the Bluetooth module.
Impact: Successful exploitation of this vulnerability may affect service confidentiality. |
| A vulnerability, which was classified as critical, was found in PHPGurukul Pre-School Enrollment System up to 1.0. Affected is an unknown function of the file /admin/profile.php. The manipulation of the argument fullname/emailid/mobileNumber leads to sql injection. It is possible to launch the attack remotely. The exploit has been disclosed to the public and may be used. |
| Race condition vulnerability in the Wi-Fi module.
Impact: Successful exploitation of this vulnerability will affect availability. |
| Input verification vulnerability in the power module.
Impact: Successful exploitation of this vulnerability will affect availability. |
| Vulnerability of data verification errors in the kernel module.
Impact: Successful exploitation of this vulnerability may affect service confidentiality. |
| Permission verification vulnerability in the system module.
Impact: Successful exploitation of this vulnerability will affect availability. |
| Vulnerability of file path verification being bypassed in the email module.
Impact: Successful exploitation of this vulnerability may affect service confidentiality. |
| Vulnerability of undefined permissions in the Calendar app.
Impact: Successful exploitation of this vulnerability will affect availability. |
| Vulnerability of data verification errors in the kernel module.
Impact: Successful exploitation of this vulnerability may affect service confidentiality. |
| Vulnerability of data verification errors in the kernel module.
Impact: Successful exploitation of this vulnerability may affect service confidentiality. |
| Permission verification vulnerability in the system module.
Impact: Successful exploitation of this vulnerability will affect availability. |
| Vulnerability of package name verification being bypassed in the HwIms module.
Impact: Successful exploitation of this vulnerability will affect availability. |
| Permission verification vulnerability in the Settings module.
Impact: Successful exploitation of this vulnerability may affect service confidentiality. |
| Authentication vulnerability in the API for app pre-loading.
Impact: Successful exploitation of this vulnerability may affect service confidentiality. |
| A vulnerability classified as problematic has been found in StarSea99 starsea-mall 1.0. This affects an unknown part of the file /admin/carousels/save. The manipulation of the argument redirectUrl leads to cross site scripting. It is possible to initiate the attack remotely. The exploit has been disclosed to the public and may be used. |
| Vulnerability in the Oracle Installed Base product of Oracle E-Business Suite (component: Engineering Change Order). Supported versions that are affected are 12.2.3-12.2.13. Easily exploitable vulnerability allows unauthenticated attacker with network access via HTTP to compromise Oracle Installed Base. Successful attacks require human interaction from a person other than the attacker and while the vulnerability is in Oracle Installed Base, attacks may significantly impact additional products (scope change). Successful attacks of this vulnerability can result in unauthorized update, insert or delete access to some of Oracle Installed Base accessible data as well as unauthorized read access to a subset of Oracle Installed Base accessible data. CVSS 3.1 Base Score 6.1 (Confidentiality and Integrity impacts). CVSS Vector: (CVSS:3.1/AV:N/AC:L/PR:N/UI:R/S:C/C:L/I:L/A:N). |
| A website was able to detect when a user took a screenshot of a page using the built-in Screenshot functionality in Firefox. This vulnerability affects Firefox < 127. |
| TOTOLINK X5000R V9.1.0cu.2350_B20230313 was discovered to contain an OS command injection vulnerability via the "desc" parameter in setVpnAccountCfg. |
| TOTOLINK X5000R V9.1.0cu.2350_B20230313 was discovered to contain an OS command injection vulnerability via the "pass" parameter in setVpnAccountCfg. |
