| CVE |
Vendors |
Products |
Updated |
CVSS v3.1 |
| There is a SQL injection in the PHPSHE 1.6 userbank parameter. |
| Xiuno BBS 4.0.0 has XSS in the adminpage sitename parameter. |
| Diagnostics functionality on D-Link DSL-3782 devices with firmware EU v. 1.01 has a buffer overflow, allowing authenticated remote attackers to execute arbitrary code via a long Addr value to the 'set Diagnostics_Entry' function in an HTTP request, related to /userfs/bin/tcapi. |
| ClientServiceConfigController.cs in Enghouse Cloud Contact Center Platform 7.2.5 has functionality for loading external XML files and parsing them, allowing an attacker to upload a malicious XML file and reference it in the URL of the application, forcing the application to load and parse the malicious XML file, aka an XXE issue. |
| An SSRF issue was discovered in NmAPI.exe in Ipswitch WhatsUp Gold before 2018 (18.0). Malicious actors can submit specially crafted requests via the NmAPI executable to (1) gain unauthorized access to the WhatsUp Gold system, (2) obtain information about the WhatsUp Gold system, or (3) execute remote commands. |
| A Code Injection issue was discovered in DlgSelectMibFile.asp in Ipswitch WhatsUp Gold before 2018 (18.0). Malicious actors can inject a specially crafted SNMP MIB file that could allow them to execute arbitrary commands and code on the WhatsUp Gold server. |
| An issue was discovered in Open-AudIT Professional 2.1. It is possible to inject a malicious payload in the redirect_url parameter to the /login URI to trigger an open redirect. A "data:text/html;base64," payload can be used with JavaScript code. |
| The AMD EPYC Server, Ryzen, Ryzen Pro, and Ryzen Mobile processor chips allow Platform Security Processor (PSP) privilege escalation. |
| The Promontory chipset, as used in AMD Ryzen and Ryzen Pro platforms, has a backdoor in the ASIC, aka CHIMERA-HW. |
| The Promontory chipset, as used in AMD Ryzen and Ryzen Pro platforms, has a backdoor in firmware, aka CHIMERA-FW. |
| The AMD EPYC Server processor chips have insufficient access control for protected memory regions, aka FALLOUT-1, FALLOUT-2, and FALLOUT-3. |
| The AMD Ryzen and Ryzen Pro processor chips have insufficient access control for the Secure Processor, aka RYZENFALL-2, RYZENFALL-3, and RYZENFALL-4. |
| The AMD Ryzen, Ryzen Pro, and Ryzen Mobile processor chips have insufficient access control for the Secure Processor, aka RYZENFALL-1. |
| The AMD EPYC Server, Ryzen, Ryzen Pro, and Ryzen Mobile processor chips have insufficient enforcement of Hardware Validated Boot, aka MASTERKEY-1, MASTERKEY-2, and MASTERKEY-3. |
| Improper restriction of communication channel to intended endpoints vulnerability in HTTP daemon in Synology SSL VPN Client before 1.2.4-0224 allows remote attackers to conduct man-in-the-middle attacks via a crafted payload. |
| Cross-site scripting (XSS) vulnerability in Address Book Editor in Synology CardDAV Server before 6.0.8-0086 allows remote authenticated users to inject arbitrary web script or HTML via the (1) family_name, (2) given_name, or (3) additional_name parameter. |
| Improper authorization vulnerability in SYNO.Cal.Event in Calendar before 2.1.2-0511 allows remote authenticated users to create arbitrary events via the (1) cal_id or (2) original_cal_id parameter. |
| Permissive regular expression vulnerability in synophoto_dsm_user in Synology Photo Station before 6.8.5-3471 and before 6.3-2975 allows remote authenticated users to conduct privilege escalation attacks via the fullname parameter. |
| Cross-site request forgery (CSRF) vulnerability in admin/user.php in Synology Photo Station before 6.8.5-3471 and before 6.3-2975 allows remote attackers to hijack the authentication of administrators via the (1) username, (2) password, (3) admin, (4) action, (5) uid, or (6) modify_admin parameter. |
| Cross-site scripting (XSS) vulnerability in Title Tootip in Synology Office before 3.0.3-2143 allows remote authenticated users to inject arbitrary web script or HTML via the malicious file name. |
