| CVE |
Vendors |
Products |
Updated |
CVSS v3.1 |
| Symantec Advanced Secure Gateway (ASG) and ProxySG are susceptible to an HTTP desync vulnerability. When a remote unauthenticated attacker and other web clients communicate through the proxy with the same web server, the attacker can send crafted HTTP requests and cause the proxy to forward web server responses to unintended clients. Severity/CVSSv3: High / 8.1 AV:N/AC:L/PR:N/UI:R/S:U/C:H/I:H/A:N |
| Cross Site Scripting (XSS) vulnerability in sourcecodester School File Management System 1.0 via the Lastname parameter to the Update Account form in student_profile.php. |
| python-ldap before 3.4.0 is vulnerable to a denial of service when ldap.schema is used for untrusted schema definitions, because of a regular expression denial of service (ReDoS) flaw in the LDAP schema parser. By sending crafted regex input, a remote authenticated attacker could exploit this vulnerability to cause a denial of service condition. |
| The PPM reader in libjpeg-turbo through 2.0.90 mishandles use of tjLoadImage for loading a 16-bit binary PPM file into a grayscale buffer and loading a 16-bit binary PGM file into an RGB buffer. This is related to a heap-based buffer overflow in the get_word_rgb_row function in rdppm.c. |
| Arbitrary File Deletion vulnerability in XOS-Shop xos_shop_system 1.0.9 via current_manufacturer_image parameter to /shop/admin/categories.php |
| The video framework has an out-of-bounds memory read/write vulnerability. Successful exploitation of this vulnerability may affect system availability. |
| Vulnerability of residual files not being deleted after an update in the ChinaDRM module. Successful exploitation of this vulnerability may affect availability. |
| The Device Manager has a vulnerability in multi-device interaction. Successful exploitation of this vulnerability may affect data integrity. |
| HwSEServiceAPP has a vulnerability in permission management. Successful exploitation of this vulnerability may cause disclosure of the Card Production Life Cycle (CPLC) information. |
| ntfsck in NTFS-3G through 2021.8.22 has a heap-based buffer overflow involving buffer+512*3-2. NOTE: the upstream position is that ntfsck is deprecated; however, it is shipped by some Linux distributions. |
| Configuration defects in the secure OS module. Successful exploitation of this vulnerability can affect availability. |
| Third-party pop-up window coverage vulnerability in the iConnect module.Successful exploitation of this vulnerability may cause system pop-up window may be covered to mislead users to perform incorrect operations. |
| The AMS module has a vulnerability of improper permission control.Successful exploitation of this vulnerability may cause non-system application processes to crash. |
| The audio module has a vulnerability in verifying the parameters passed by the application space.Successful exploitation of this vulnerability may cause out-of-bounds memory access. |
| The Property module has a vulnerability in permission control.This vulnerability can be exploited to obtain the unique device identifier. |
| In Squid 3.x through 3.5.28, 4.x through 4.17, and 5.x before 5.6, due to improper buffer management, a Denial of Service can occur when processing long Gopher server responses. |
| The Pricing Table by Supsystic WordPress plugin before 1.9.5 does not escape the tab parameter before outputting it back in an attribute in the admin dashboard, leading to a Reflected Cross-Site Scripting |
| The Coming Soon by Supsystic WordPress plugin before 1.7.6 does not sanitise and escape the tab parameter before outputting it back in an attribute in the admin dashboard, leading to a Reflected Cross-Site Scripting |
| The Easy Google Maps WordPress plugin before 1.9.32 does not escape the tab parameter before outputting it back in an attribute in the admin dashboard, leading to a Reflected Cross-Site Scripting |
| Execution unit scheduler contention may lead to a side channel vulnerability found on AMD CPU microarchitectures codenamed “Zen 1”, “Zen 2” and “Zen 3” that use simultaneous multithreading (SMT). By measuring the contention level on scheduler queues an attacker may potentially leak sensitive information. |
