| CVE |
Vendors |
Products |
Updated |
CVSS v3.1 |
| The WP Custom Admin Interface WordPress plugin before 7.29 unserialize user input provided via the settings, which could allow high privilege users such as admin to perform PHP Object Injection when a suitable gadget is present. |
| The DMSDP module of the distributed hardware has a vulnerability that may cause imposter control connections.Successful exploitation of this vulnerability may disconnect normal service connections. |
| The DUBAI module has a double free vulnerability. Successful exploitation of this vulnerability may affect system availability. |
| The Bluetooth AVRCP module has a vulnerability that can lead to DoS attacks.Successful exploitation of this vulnerability may cause the Bluetooth process to restart. |
| An improper neutralization of input during web page generation ('Cross-site Scripting') [CWE-79] vulnerability in Sling App CMS version 1.1.2 and prior may allow an authenticated remote attacker to perform a reflected cross-site scripting (XSS) attack in the site group feature.
Upgrade to Apache Sling App CMS >= 1.1.4
|
| Unproper laxist permissions on the temporary files used by MIME4J TempFileStorageProvider may lead to information disclosure to other local users. This issue affects Apache James MIME4J version 0.8.8 and prior versions.
We recommend users to upgrade to MIME4j version 0.8.9 or later.
|
| Memory corruption due to stack-based buffer overflow in Core |
| The WPtouch WordPress plugin before 4.3.45 unserialises the content of an imported settings file, which could lead to PHP object injections issues when an user import (intentionally or not) a malicious settings file and a suitable gadget chain is present on the blog. |
| The WPtouch WordPress plugin before 4.3.45 does not properly validate images to be uploaded, allowing high privilege users such as admin to upload arbitrary files on the server even when they should not be allowed to (for example in multisite setup) |
| A vulnerability was found in SourceCodester Online Medicine Ordering System 1.0. It has been classified as critical. This affects an unknown part of the file /view_category.php. The manipulation of the argument ID leads to sql injection. It is possible to initiate the attack remotely. The exploit has been disclosed to the public and may be used. |
| The WPQA Builder WordPress plugin before 5.9.3 (which is a companion plugin used with Discy and Himer Discy WordPress themes) incorrectly tries to validate that a user already follows another in the wpqa_following_you_ajax action, allowing a user to inflate their score on the site by having another user send repeated follow actions to them. |
| Memory corruption due to buffer copy without checking size of input in modem while receiving WMI_REQUEST_STATS_CMDID command. |
| Memory corruption in android core due to improper validation of array index while returning feature ids after license authentication. |
| Memory corruption in Audio due to integer overflow to buffer overflow while music playback of clips like amr,evrc,qcelp with modified content. |
| Transient DOS due to buffer over-read in WLAN while parsing corrupted NAN frames. |
| Information disclosure due to buffer over-read in WLAN while handling IBSS beacons frame. |
| Memory corruption in Automotive due to integer overflow to buffer overflow while registering a new listener with shared buffer. |
| Memory corruption in Automotive due to improper input validation. |
| Memory corruption in kernel due to missing checks when updating the access rights of a memextent mapping. |
| Memory corruption in display due to double free while allocating frame buffer memory |
