| CVE |
Vendors |
Products |
Updated |
CVSS v3.1 |
| Auth. (admin+) Stored Cross-Site Scripting (XSS) vulnerability in StPeteDesign Call Now Accessibility Button plugin <= 1.1 versions. |
| Auth. (admin+) Stored Cross-Site Scripting (XSS) vulnerability in Never5 Post Connector plugin <= 1.0.9 versions. |
| Cross-Site Request Forgery (CSRF) vulnerability in Robin Phillips Mobile Banner plugin <= 1.5 versions. |
| By sending a specific reset UDS request via OBDII port of Skoda vehicles, it is possible to cause vehicle engine shutdown and denial of service of other vehicle components even when the vehicle is moving at a high speed. No safety critical functions affected. |
| The Real-Time Streaming Protocol implementation in the MIB3 infotainment incorrectly handles requests to /logs URI, when the id parameter equals to zero. This issue allows an attacker connected to the in-vehicle Wi-Fi network to cause denial-of-service of the infotainment system, when the certain preconditions are met.
Vulnerability discovered on Škoda Superb III (3V3) - 2.0 TDI manufactured in 2022.
|
| Access to critical Unified Diagnostics Services (UDS) of the Modular Infotainment Platform 3 (MIB3) infotainment is transmitted via Controller Area Network (CAN) bus in a form that can be easily decoded by attackers with physical access to the vehicle.
Vulnerability discovered on Škoda Superb III (3V3) - 2.0 TDI manufactured in 2022.
|
| Malwarebytes AdwCleaner 8.4.0 runs as Administrator and performs an insecure file delete operation on C:\AdwCleaner\Logs\AdwCleaner_Debug.log in which the target location is user-controllable, allowing a non-admin user to escalate privileges to SYSTEM via a symbolic link. |
| In MISP 2.4.169, app/Lib/Tools/CustomPaginationTool.php allows XSS in the community index. |
| A Broken Access Control issue in comments to uploaded files in Filerun through Update 20220202 allows attackers to delete comments on files uploaded by other users. |
| A Stored XSS issue in shared files download terms in Filerun Update 20220202 allows attackers to inject JavaScript code that is executed when a user follows the crafted share link. |
| The next parameter in the /accounts/login endpoint of Seafile 9.0.6 allows attackers to redirect users to arbitrary sites. |
| An XSS issue in wiki and discussion pages in Seafile 9.0.6 allows attackers to inject JavaScript into the Markdown editor. |
| Support Assistant in NCP Secure Enterprise Client before 13.10 allows attackers to execute DLL files with SYSTEM privileges by creating a symbolic link from a %LOCALAPPDATA%\Temp\NcpSupport* location. |
| Support Assistant in NCP Secure Enterprise Client before 12.22 allows attackers to read registry information of the operating system by creating a symbolic link. |
| Insecure File Permissions in Support Assistant in NCP Secure Enterprise Client before 12.22 allow attackers to write to configuration files from low-privileged user accounts. |
| Support Assistant in NCP Secure Enterprise Client before 12.22 allows attackers to delete arbitrary files on the operating system by creating a symbolic link. |
| Progress Chef Infra Server before 15.7 allows a local attacker to exploit a /var/opt/opscode/local-mode-cache/backup world-readable temporary backup path to access sensitive information, resulting in the disclosure of all indexed node data, because OpenSearch credentials are exposed. (The data typically includes credentials for additional systems.) The attacker must wait for an admin to run the "chef-server-ctl reconfigure" command. |
| AMI MegaRAC SPx12 and SPx13 devices have Insufficient Verification of Data Authenticity. |
| A vulnerability has been identified in JT2Go (All versions < V14.2.0.5), Solid Edge SE2022 (All versions < V222.0 Update 13), Solid Edge SE2023 (All versions < V223.0 Update 4), Teamcenter Visualization V13.2 (All versions < V13.2.0.15), Teamcenter Visualization V13.3 (All versions < V13.3.0.11), Teamcenter Visualization V14.1 (All versions < V14.1.0.11), Teamcenter Visualization V14.2 (All versions < V14.2.0.5). The affected application contains a use-after-free vulnerability that could be triggered while parsing specially crafted ASM file. An attacker could leverage this vulnerability to execute code in the context of the current process. |
| Uncontrolled search path in some Intel(R) oneAPI Toolkit and component software installers before version 4.3.1.493 may allow an authenticated user to potentially enable escalation of privilege via local access. |
