| CVE |
Vendors |
Products |
Updated |
CVSS v3.1 |
| Cross-compartment wrappers wrapping a scripted proxy could have caused objects from other compartments to be stored in the main compartment resulting in a use-after-free after unwrapping the proxy. This vulnerability affects Firefox < 110, Thunderbird < 102.8, and Firefox ESR < 102.8. |
| After downloading a Windows <code>.url</code> shortcut from the local filesystem, an attacker could supply a remote path that would lead to unexpected network requests from the operating system. This also had the potential to leak NTLM credentials to the resource.<br>*This bug only affects Firefox on Windows. Other operating systems are unaffected.*. This vulnerability affects Firefox < 110, Thunderbird < 102.8, and Firefox ESR < 102.8. |
| When encoding data from an <code>inputStream</code> in <code>xpcom</code> the size of the input being encoded was not correctly calculated potentially leading to an out of bounds memory write. This vulnerability affects Firefox < 110, Thunderbird < 102.8, and Firefox ESR < 102.8. |
| IBM GSKit could allow a remote attacker to obtain sensitive information, caused by a timing-based side channel in the RSA Decryption implementation. By sending an overly large number of trial messages for decryption, an attacker could exploit this vulnerability to obtain sensitive information. IBM X-Force ID: 255828. |
| Cross-site Scripting (XSS) - Reflected in GitHub repository mkucej/i-librarian-free prior to 5.10.4. |
| Initial xbl_sec revision does not have all the debug policy features and critical checks. |
| On some hardware revisions where VP9 decoding is hardware-accelerated, the frame size is not programmed correctly into the decoder hardware which can lead to an invalid memory access by the decoder. |
| Download Center fails to properly validate the file path submitted by a user, An attacker can exploit this vulnerability to gain unauthorized access to sensitive files or directories without appropriate permission restrictions. Download Center on ADM 4.0 and above will be affected. Affected products and versions include: Download Center 1.1.5.r1280 and below. |
| Buffer overwrite in the WLAN host driver by leveraging a compromised WLAN FW |
| EZ Sync service fails to adequately handle user input, allowing an attacker to navigate beyond the intended directory structure and delete files. Affected products and versions include: ADM 4.0.6.REG2, 4.1.0 and below as well as ADM 4.2.1.RGE2 and below. |
| In multiple functions that process 802.11 frames, out-of-bounds reads can occur due to insufficient validation. |
| In JetBrains TeamCity before 2023.05 bypass of permission checks allowing to perform admin actions was possible |
| A race condition exists in a driver potentially leading to a use-after-free condition. |
| Wrong configuration in Touch Pal application can collect user behavior data without awareness by the user. |
| An image with a version lower than the fuse version may potentially be booted lead to improper authentication. |
|
Dell NetWorker 19.6.1.2, contains an OS command injection Vulnerability in the NetWorker client. A remote unauthenticated attacker could potentially exploit this vulnerability, leading to the execution of arbitrary OS commands on the application's underlying OS, with the privileges of the vulnerable application. This is a high severity vulnerability as the exploitation allows an attacker to take complete control of a system, so Dell recommends customers to upgrade at the earliest opportunity.
|
| In JetBrains TeamCity before 2023.05 improper permission checks allowed users without appropriate permissions to edit Build Configuration settings via REST API |
| In JetBrains TeamCity before 2023.05 stored XSS in the Show Connection page was possible |
| In JetBrains TeamCity before 2023.05 possible XSS in the Plugin Vendor URL was possible |
| In JetBrains TeamCity before 2023.05 parameters of the "password" type from build dependencies could be logged in some cases |
