| CVE |
Vendors |
Products |
Updated |
CVSS v3.1 |
| A stored XSS vulnerability has been found on BuddyBoss Platform affecting version 2.2.9. This vulnerability allows an attacker to store a malicious javascript payload via POST request when sending an invitation. |
| Cross-Site Scripting vulnerability
in BuddyBoss 2.2.9 version
, which could allow a local attacker with basic privileges to execute a malicious payload through the "[name]=image.jpg" parameter, allowing to assign a persistent javascript payload that would be triggered when the associated image is loaded.
|
| Authorization bypass vulnerability in BuddyBoss 2.2.9 version, the exploitation of which could allow an authenticated user to access and rename other users' albums. This vulnerability can be exploited by changing the album identification (id). |
| Incorrect default permissions in some Intel(R) RealSense(TM) SDKs in version 2.53.1 may allow an authenticated user to potentially enable escalation of privilege via local access.
|
| Improper authorization in some Intel Battery Life Diagnostic Tool installation software before version 2.2.1 may allow a privilaged user to potentially enable escalation of privilege via local access. |
| Improper authentication in some Intel(R) NUC Kits NUC7PJYH and NUC7CJYH Realtek* SD Card Reader Driver installation software before version 10.0.19041.29098 may allow an authenticated user to potentially enable escalation of privilege via local access. |
| Uncontrolled search path in some Intel(R) NUC Kit NUC6i7KYK Thunderbolt(TM) 3 Firmware Update Tool installation software before version 46 may allow an authenticated user to potentially enable escalation of privilege via local access. |
| Unquoted search path in some Intel(R) NUC Kits NUC7i3DN, NUC7i5DN, NUC7i7DN HDMI firmware update tool software before version 1.79.1.1 may allow an authenticated user to potentially enable escalation of privilege via local access. |
|
Weintek Weincloud v0.13.6
could allow an attacker to efficiently develop a brute force attack on credentials with authentication hints from error message responses.
|
| Improper buffer restrictions in some Intel(R) RealSense(TM) ID software for Intel(R) RealSense(TM) 450 FA in version 0.25.0 may allow an authenticated user to potentially enable escalation of privilege via local access. |
| Path transversal in some Intel(R) NUC Kits & Mini PCs - NUC8i7HVK & NUC8HNK USB Type C power delivery controller installatio software before version 1.0.10.3 for Windows may allow an authenticated user to potentially enable escalation of privilege via local access. |
|
PiiGAB M-Bus does not validate identification strings before processing, which could make it vulnerable to cross-site scripting attacks.
|
| Improper validation of specified type of input for some Intel(R) PROSet/Wireless and Intel(R) Killer(TM) Wi-Fi software before version 22.240 may allow an unauthenticated user to potentially enable denial of service via adjacent access. |
| Improper access control in some Intel(R) XTU software before version 7.12.0.29 may allow an authenticated user to potentially enable escalation of privilege via local access. |
| Uncontrolled search path element in some Intel(R) VROC software before version 8.0.8.1001 may allow an authenticated user to potentially enable escalation of privilege via local access. |
| Protection mechanism failure for some Intel(R) PROSet/Wireless and Intel(R) Killer(TM) Wi-Fi software before version 22.240 may allow an unauthenticated user to potentially enable denial of service via adjacent access. |
| Insufficient adherence to expected conventions for some Intel(R) PROSet/Wireless and Intel(R) Killer(TM) Wi-Fi software before version 22.240 may allow an unauthenticated user to potentially enable denial of service via adjacent access. |
| Improper input validation in firmware for Intel(R) QAT before version QAT20.L.1.0.40-00004 may allow escalation of privilege and denial of service via adjacent access. |
| Applicant Programme Ver.7.06 and earlier improperly restricts XML external entity references (XXE). By processing a specially crafted XML file, arbitrary files on the system may be read by an attacker. |
| Incorrect default permissions in some Intel Arc RGB Controller software before version 1.06 may allow an authenticated user to potentially enable escalation of privilege via local access. |