| CVE |
Vendors |
Products |
Updated |
CVSS v3.1 |
| Buffer OverFlow Vulnerability in MojoJson v1.2.3 allows an attacker to execute arbitrary code via the SkipString function. |
| In vcu, there is a possible memory corruption due to improper locking. This could lead to local escalation of privilege with System execution privileges needed. User interaction is not needed for exploitation. Patch ID: ALPS07519159; Issue ID: ALPS07519159. |
| In vcu, there is a possible memory corruption due to improper locking. This could lead to local escalation of privilege with System execution privileges needed. User interaction is not needed for exploitation. Patch ID: ALPS07519184; Issue ID: ALPS07519184. |
| The PDF Generator for WordPress plugin before 1.1.2 includes a vendored dompdf example file which is susceptible to Reflected Cross-Site Scripting and could be used against high privilege users such as admin |
| DedeCMS v5.7.97 was discovered to contain a cross-site scripting (XSS) vulnerability in the component /file_manage_view.php?fmdo=edit&filename. |
| Tenda W20E v15.11.0.6 was discovered to contain multiple stack overflows in the function formSetStaticRoute via the parameters staticRouteNet, staticRouteMask, staticRouteGateway, staticRouteWAN. |
| An issue in the component /api/v1/mentions of Zammad v5.3.0 allows authenticated attackers with agent permissions to view information about tickets they are not authorized to see. |
| A vulnerability in Zammad v5.3.0 allows attackers to execute arbitrary code or escalate privileges via a crafted message sent to the server. |
| In gin-vue-admin < 2.5.5, the download module has a Path Traversal vulnerability. |
| In wlan driver, there is a possible missing permission check. This could lead to local information disclosure. |
| In wlan driver, there is a possible missing permission check. This could lead to local information disclosure. |
| In wlan driver, there is a possible missing permission check. This could lead to local information disclosure. |
| In wlan driver, there is a possible missing permission check. This could lead to local information disclosure. |
| In NVS365 V01, the background network test function can trigger command execution. |
| BTicino Door Entry HOMETOUCH for iOS 1.4.2 was discovered to be missing an SSL certificate. |
| Buffer overflow vulnerability in function json_parse_value in sheredom json.h before commit 0825301a07cbf51653882bf2b153cc81fdadf41 (November 14, 2022) allows attackers to code arbitrary code and gain escalated privileges. |
| In wlan driver, there is a possible missing permission check. This could lead to local In wlan driver, information disclosure. |
| IBM App Connect Enterprise Certified Container 4.1, 4.2, 5.0, 5.1, 5.2, 6.0, 6.1, and 6.2 could disclose sensitive information to an attacker due to a weak hash of an API Key in the configuration. IBM X-Force ID: 241583. |
| A flaw was found in pesign. The pesign package provides a systemd service used to start the pesign daemon. This service unit runs a script to set ACLs for /etc/pki/pesign and /run/pesign directories to grant access privileges to users in the 'pesign' group. However, the script doesn't check for symbolic links. This could allow an attacker to gain access to privileged files and directories via a path traversal attack. |
| In wlan driver, there is a possible missing params check. This could lead to local denial of service in wlan services. |
