| CVE |
Vendors |
Products |
Updated |
CVSS v3.1 |
| CLUSTERPRO X Ver5.1 and earlier and EXPRESSCLUSTER X 5.1 and earlier, CLUSTERPRO X SingleServerSafe 5.1 and earlier, EXPRESSCLUSTER X SingleServerSafe 5.1 and earlier allows a attacker to log in to the product may execute an arbitrary command.
|
| A vulnerability, which was classified as problematic, was found in Code4Berry Decoration Management System 1.0. This affects an unknown part of the file /decoration/admin/user_permission.php of the component User Permission Handler. The manipulation leads to permission issues. It is possible to initiate the attack remotely. The exploit has been disclosed to the public and may be used. The vendor was contacted early about this disclosure but did not respond in any way. |
| CLUSTERPRO X Ver5.1 and earlier and EXPRESSCLUSTER X 5.1 and earlier, CLUSTERPRO X SingleServerSafe 5.1 and earlier, EXPRESSCLUSTER X SingleServerSafe 5.1 and earlier allows a attacker to log in to the product may execute an arbitrary command.
|
| A vulnerability has been found in Code4Berry Decoration Management System 1.0 and classified as critical. This vulnerability affects unknown code of the file /decoration/admin/btndates_report.php of the component Between Dates Reports. The manipulation of the argument fromdate/todate leads to sql injection. The attack can be initiated remotely. The exploit has been disclosed to the public and may be used. The vendor was contacted early about this disclosure but did not respond in any way. |
| A vulnerability was found in 115cms up to 20240807 and classified as problematic. This issue affects some unknown processing of the file /app/admin/view/web_user.html. The manipulation of the argument ks leads to cross site scripting. The attack may be initiated remotely. The exploit has been disclosed to the public and may be used. The vendor was contacted early about this disclosure but did not respond in any way. |
| TP-Link TL-WR940N V2/V4/V6, TL-WR841N V8, TL-WR941ND V5, and TL-WR740N V1/V2 were discovered to contain a buffer read out-of-bounds via the component /userRpm/VirtualServerRpm. This vulnerability allows attackers to cause a Denial of Service (DoS) via a crafted GET request. |
| funadmin v3.3.2 and v3.3.3 are vulnerable to Insecure file upload via the plugins install. |
| Meshtastic is an open source, off-grid, decentralized, mesh network. Meshtastic uses MQTT to communicate over an internet connection to a shared or private MQTT Server. Nodes can communicate directly via an internet connection or proxied through a connected phone (i.e., via bluetooth). Prior to version 2.5.1, multiple weaknesses in the MQTT implementation allow for authentication and authorization bypasses resulting in unauthorized control of MQTT-connected nodes. Version 2.5.1 contains a patch. |
|
A reflected XSS vulnerability allows an open redirect when the victim clicks a malicious link to an error page on
Sophos Email Appliance
older than version 4.5.3.4.
|
| In firewall service, there is a possible way to write permission usage records of an app due to a missing permission check. This could lead to local information disclosure with no additional execution privileges needed |
| In flv extractor, there is a possible missing verification incorrect input. This could lead to local denial of service with no additional execution privileges needed |
| In Gnss service, there is a possible out of bounds read due to a missing bounds check. This could lead to local denial of service with System execution privileges needed |
| In sysui, there is a possible missing permission check. This could lead to local denial of service with no additional execution privileges needed |
| In telecom service, there is a possible missing permission check. This could lead to local denial of service with no additional execution privileges needed |
| In decoder, there is a possible out of bounds write due to an integer overflow. This could lead to local escalation of privilege with no additional execution privileges needed. User interaction is needed for exploitation. Patch ID: ALPS08016659; Issue ID: ALPS08016659. |
| An allocation of resources without limits or throttling vulnerability in the Schweitzer Engineering Laboratories SEL-451 could allow a remote authenticated attacker to make the system unavailable for an indefinite amount of time.
See product Instruction Manual Appendix A dated 20230830 for more details.
|
| Animate versions 24.0.2, 23.0.5 and earlier are affected by an out-of-bounds write vulnerability that could result in arbitrary code execution in the context of the current user. Exploitation of this issue requires user interaction in that a victim must open a malicious file. |
| The password for access to the debugging console of the PoWer Controller chip (PWC) of the MIB3 infotainment is hard-coded in the firmware. The console allows attackers with physical access to the MIB3 unit to gain full control over the PWC chip.
Vulnerability found on Škoda Superb III (3V3) - 2.0 TDI manufactured in 2022. |
| In imsservice, there is a possible way to write permission usage records of an app due to a missing permission check. This could lead to local information disclosure with no additional execution privileges needed |
| In wifi service, there is a possible missing permission check. This could lead to local escalation of privilege with no additional execution privileges needed |
