Versions of Grocy <= 2.7.1 are vulnerable to Cross-Site Scripting via the Create Shopping List module, that is rendered upon deleting that Shopping List. Rated medium severity (CVSS 4.8), this vulnerability is remotely exploitable, low attack complexity. Public exploit code available.
Cross-Site Scripting vulnerability in McAfee ePolicy Orchestrator (ePO) prior to 5.10.9 Update 9 allows administrators to inject arbitrary web script or HTML via multiple parameters where the. Rated medium severity (CVSS 4.3), this vulnerability is low attack complexity. No vendor patch available.
In Open Enclave before version 0.12.0, an information disclosure vulnerability exists when an enclave application using the syscalls provided by the sockets.edl is loaded by a malicious host. Rated medium severity (CVSS 6.8), this vulnerability is low attack complexity.
In AudioFlinger::RecordThread::threadLoop of audioflinger/Threads.cpp, there is a possible non-silenced audio buffer due to a permissions bypass. Rated medium severity (CVSS 6.5), this vulnerability is remotely exploitable, no authentication required, low attack complexity.
In ~AACExtractor() of AACExtractor.cpp, there is a possible out of bounds write due to uninitialized data. Rated medium severity (CVSS 6.5), this vulnerability is remotely exploitable, no authentication required, low attack complexity. This Out-of-bounds Write vulnerability could allow attackers to write data beyond allocated buffer boundaries leading to code execution or crashes.
A potential vulnerability in the SMI callback function used in the legacy BIOS mode USB drivers in some legacy Lenovo and IBM System x servers may allow arbitrary code execution. Rated medium severity (CVSS 6.4). No vendor patch available.
Duo has identified and fixed an issue with the Duo Network Gateway (DNG) product in which some customer-provided SSL certificates and private keys were not excluded from logging. Rated medium severity (CVSS 6.3).
Cross-site scripting (XSS) vulnerability in the search functionality in Intrexx before 9.4.0 allows remote attackers to inject arbitrary web script or HTML via the request parameter. Rated medium severity (CVSS 6.1), this vulnerability is remotely exploitable, no authentication required, low attack complexity. No vendor patch available.
IProom MMC+ Server login page does not validate specific parameters properly. Rated medium severity (CVSS 6.1), this vulnerability is remotely exploitable, no authentication required, low attack complexity. No vendor patch available.
Trend Micro Antivirus for Mac 2020 (Consumer) has a vulnerability in a specific kernel extension where an attacker could supply a kernel pointer and leak several bytes of memory. Rated medium severity (CVSS 6.0), this vulnerability is low attack complexity.
In various locations in SystemUI, there is a possible permission bypass due to an unsafe PendingIntent. Rated medium severity (CVSS 5.5), this vulnerability is low attack complexity.
An improper input validation vulnerability in the UEM Core of BlackBerry UEM version(s) 12.13.0, 12.12.1a QF2 (and earlier), and 12.11.1 QF3 (and earlier) could allow an attacker to potentially cause. Rated medium severity (CVSS 5.5), this vulnerability is low attack complexity.
In generateInfo of PackageInstallerSession.java, there is a possible leak of cross-profile URI data during app installation due to a missing permission check. Rated medium severity (CVSS 5.5), this vulnerability is low attack complexity. This Missing Authorization vulnerability could allow attackers to access resources or perform actions without proper authorization checks.
In setNotification of SapServer.java, there is a possible permission bypass due to a PendingIntent error. Rated medium severity (CVSS 5.5), this vulnerability is low attack complexity. This Incorrect Permission Assignment vulnerability could allow attackers to access resources due to misconfigured permissions.
In showDataRoamingNotification of NotificationMgr.java, there is a possible permission bypass due to an unsafe PendingIntent. Rated medium severity (CVSS 5.5), this vulnerability is low attack complexity. No vendor patch available.
In updateMwi of NotificationMgr.java, there is a possible permission bypass due to a PendingIntent error. Rated medium severity (CVSS 5.5), this vulnerability is low attack complexity. No vendor patch available.
In onWnmFrameReceived of PasspointManager.java, there is a missing permission check. Rated medium severity (CVSS 5.5), this vulnerability is low attack complexity. No vendor patch available.
In getCarrierPrivilegeStatus of UiccAccessRule.java, there is a missing permission check. Rated medium severity (CVSS 5.5), this vulnerability is low attack complexity. No vendor patch available.
IBM Security Access Manager Appliance 9.0.7 does not invalidate session after logout which could allow an authenticated user to impersonate another user on the system. Rated medium severity (CVSS 5.4), this vulnerability is remotely exploitable, low attack complexity.
Trend Micro Antivirus for Mac 2020 (Consumer) is vulnerable to a specific kernel extension request attack where an attacker could bypass the Web Threat Protection feature of the product. Rated medium severity (CVSS 5.4), this vulnerability is remotely exploitable, no authentication required, low attack complexity.
Trend Micro Antivirus for Mac 2020 (Consumer) contains a vulnerability in the product that occurs when a webserver is started that implements an API with several properties that can be read and. Rated medium severity (CVSS 4.4), this vulnerability is low attack complexity. No vendor patch available.
Cross-Site Scripting vulnerability in McAfee ePolicy Orchistrator (ePO) prior to 5.10.9 Update 9 allows administrators to inject arbitrary web script or HTML via parameter values for "syncPointList". Rated medium severity (CVSS 4.3), this vulnerability is low attack complexity. No vendor patch available.