| CVE |
Vendors |
Products |
Updated |
CVSS v3.1 |
| In nopCommerce 4.30, a Reflected XSS issue in the Discount Coupon component allows remote attackers to inject arbitrary web script or HTML through the Filters/CheckDiscountCouponAttribute.cs discountcode parameter. |
| NetMotion Mobility before 11.73 and 12.x before 12.02 allows unauthenticated remote attackers to execute arbitrary code as SYSTEM because of Java deserialization in webrepdb StatusServlet. |
| NetMotion Mobility before 11.73 and 12.x before 12.02 allows unauthenticated remote attackers to execute arbitrary code as SYSTEM because of Java deserialization in MvcUtil valueStringToObject. |
| NetMotion Mobility before 11.73 and 12.x before 12.02 allows unauthenticated remote attackers to execute arbitrary code as SYSTEM because of Java deserialization in RpcServlet. |
| NetMotion Mobility before 11.73 and 12.x before 12.02 allows unauthenticated remote attackers to execute arbitrary code as SYSTEM because of Java deserialization in SupportRpcServlet. |
| core/imap/MCIMAPSession.cpp in Canary Mail before 3.22 has Missing SSL Certificate Validation for IMAP in STARTTLS mode. |
| Firejail before 0.9.64.4 allows attackers to bypass intended access restrictions because there is a TOCTOU race condition between a stat operation and an OverlayFS mount operation. |
| Automox Agent prior to version 31 uses an insufficiently protected S3 bucket endpoint for storing sensitive files, which could be brute-forced by an attacker to subvert an organization's security program. The issue has since been fixed in version 31 of the Automox Agent. |
| Automox Agent prior to version 31 logs potentially sensitive information in local log files, which could be used by a locally-authenticated attacker to subvert an organization's security program. The issue has since been fixed in version 31 of the Automox Agent. |
| An issue was discovered in res_pjsip_session.c in Digium Asterisk through 13.38.1; 14.x, 15.x, and 16.x through 16.16.0; 17.x through 17.9.1; and 18.x through 18.2.0, and Certified Asterisk through 16.8-cert5. An SDP negotiation vulnerability in PJSIP allows a remote server to potentially crash Asterisk by sending specific SIP responses that cause an SDP negotiation failure. |
| 1Password SCIM Bridge before 1.6.2 mishandles validation of authenticated requests for log files, leading to disclosure of a TLS private key. |
| LMA ISIDA Retriever 5.2 allows SQL Injection. |
| LMA ISIDA Retriever 5.2 is vulnerable to XSS via query['text']. |
| HEVC Video Extensions Remote Code Execution Vulnerability |
| Windows Event Tracing Elevation of Privilege Vulnerability |
| Windows Win32k Elevation of Privilege Vulnerability |
| Windows UPnP Device Host Elevation of Privilege Vulnerability |
| Windows Event Tracing Elevation of Privilege Vulnerability |
| Windows DNS Server Remote Code Execution Vulnerability |
| Windows DNS Server Denial of Service Vulnerability |
