| CVE |
Vendors |
Products |
Updated |
CVSS v3.1 |
| Cross Site Scripting vulnerability found in TeaCMS storage allows attacker to cause a leak of sensitive information via the article title parameter. |
| io.finnet tss-lib before 2.0.0 can leak the lambda value of a private key via a timing side-channel attack because it relies on Go big.Int, which is not constant time for Cmp, modular exponentiation, or modular inverse. An example leak is in crypto/paillier/paillier.go. (bnb-chain/tss-lib and thorchain/tss are also affected.) |
| io.finnet tss-lib before 2.0.0 can leak a secret key via a timing side-channel attack because it relies on the scalar-multiplication implementation in Go crypto/elliptic, which is not constant time (there is an if statement in a loop). One leak is in ecdsa/keygen/round_2.go. (bnb-chain/tss-lib and thorchain/tss are also affected.) |
| In Progress Flowmon Packet Investigator before 12.1.0, a Flowmon user with access to Flowmon Packet Investigator could leverage a path-traversal vulnerability to retrieve files on the Flowmon appliance's local filesystem. |
| A vulnerability within the Avira network protection feature allowed an attacker with local execution rights to cause an overflow. This could corrupt the data on the heap and lead to a denial-of-service situation.
Issue was fixed with Endpointprotection.exe version 1.0.2303.633 |
| Unprotected Alternate Channel vulnerability in debug console of GateManager allows system administrator to obtain sensitive information. |
| Plaintext Storage of a Password vulnerability in Secomea GateManager (USB wizard) allows Authentication abuse on SiteManager, if the generated file is leaked. |
| Shopware v5.5.10 was discovered to contain a cross-site scripting (XSS) vulnerability via the recovery/install/ URI. |
| An issue was discovered in IO FinNet tss-lib before 2.0.0. The parameter ssid for defining a session id is not used through the MPC implementation, which makes replaying and spoofing of messages easier. In particular, the Schnorr proof of knowledge implemented in sch.go does not utilize a session id, context, or random nonce in the generation of the challenge. This could allow a malicious user or an eavesdropper to replay a valid proof sent in the past. |
| Improper Restriction of Communication Channel to Intended Endpoints vulnerability in Secomea SiteManager (FTP Agent modules) allows Exploiting Trust in Client. |
| Sensitive data could be exposed in world readable logs of cloud-init before version 22.3 when schema failures are reported. This leak could include hashed passwords. |
| An issue was discovered in ONOS 2.5.1. Modification of an existing intent to have the same source and destination shows the INSTALLED state without any flow rule. Improper handling of such an intent is misleading to a network operator. |
| An issue was discovered in ONOS 2.5.1. An intent with a large port number shows the CORRUPT state, which is misleading to a network operator. Improper handling of such port numbers causes inconsistency between intent and flow rules in the network. |
| Improper input validation in the BIOS firmware for some Intel(R) Processors may allow a privileged user to potentially enable escalation of privilege via local access. |
| Stargate-Bukkit is a mod for the minecraft video game which adds a portal focused environment. In affected versions Minecarts with chests will drop their items when teleporting through a portal; when they reappear, they will still have their items impacting the integrity of the game world. The teleport code has since been rewritten and is available in release `0.11.5.1`. Users are advised to upgrade. There are no known workarounds for this issue. |
| When instructing cloud-init to set a random password for a new user account, versions before 21.2 would write that password to the world-readable log file /var/log/cloud-init-output.log. This could allow a local user to log in as another user. |
| Improper Limitation of a Pathname to a Restricted Directory ('Path Traversal') vulnerability in QODE Interactive Qi Addons For Elementor allows PHP Local File Inclusion.This issue affects Qi Addons For Elementor: from n/a through 1.6.3. |
| Missing Authorization vulnerability in ThemeFusion Avada.This issue affects Avada: from n/a through 7.11.1. |
| Missing Authorization vulnerability in Merv Barrett Easy Property Listings.This issue affects Easy Property Listings: from n/a through 3.5.3. |
|
A CWE-754: Improper Check for Unusual or Exceptional Conditions vulnerability exists that
could cause denial of service of the controller when a malicious project file is loaded onto the
controller by an authenticated user.
|
