NETGEAR WAC104 devices before 1.0.4.15 are affected by an authentication bypass vulnerability in /usr/sbin/mini_httpd, allowing an unauthenticated attacker to invoke any action by adding the. Rated critical severity (CVSS 9.8), this vulnerability is remotely exploitable, no authentication required, low attack complexity. Public exploit code available and no vendor patch available.
A UNIX Symbolic Link (Symlink) Following vulnerability in arpwatch of SUSE Linux Enterprise Server 11-SP4-LTSS, SUSE Manager Server 4.0, SUSE OpenStack Cloud Crowbar 9; openSUSE Factory, Leap 15.2. Rated high severity (CVSS 7.8), this vulnerability is low attack complexity. Public exploit code available and no vendor patch available.
Talk 4 in Coral before 4.12.1 allows remote attackers to discover e-mail addresses and other sensitive information via GraphQL because permission checks use an incorrect data type. Rated high severity (CVSS 7.5), this vulnerability is remotely exploitable, no authentication required, low attack complexity. Public exploit code available.
XXE vulnerability in 'XML2Dict' version 0.2.2 allows an attacker to cause a denial of service. Rated high severity (CVSS 7.5), this vulnerability is remotely exploitable, no authentication required, low attack complexity. Public exploit code available and no vendor patch available.
Chevereto before 3.17.1 allows Cross Site Scripting (XSS) via an image title at the image upload stage. Rated medium severity (CVSS 6.1), this vulnerability is remotely exploitable, no authentication required, low attack complexity. Public exploit code available and no vendor patch available.
In Artica Pandora FMS <=754 in the File Manager component, there is sensitive information exposed on the client side which attackers can access. Rated medium severity (CVSS 5.9), this vulnerability is remotely exploitable, no authentication required. Public exploit code available and no vendor patch available.
There is an Input Verification Vulnerability in Huawei Smartphone. Rated critical severity (CVSS 9.8), this vulnerability is remotely exploitable, no authentication required, low attack complexity. No vendor patch available.
There is a Memory Buffer Improper Operation Limit Vulnerability in Huawei Smartphone. Rated critical severity (CVSS 9.8), this vulnerability is remotely exploitable, no authentication required, low attack complexity. No vendor patch available.
There is a Key Management Errors Vulnerability in Huawei Smartphone. Rated critical severity (CVSS 9.8), this vulnerability is remotely exploitable, no authentication required, low attack complexity. No vendor patch available.
Veeam Backup and Replication 10 before 10.0.1.4854 P20210609 and 11 before 11.0.0.837 P20210507 mishandles deserialization during Microsoft .NET remoting. Rated critical severity (CVSS 9.8), this vulnerability is remotely exploitable, no authentication required, low attack complexity. No vendor patch available.
There is an Integer Overflow Vulnerability in Huawei Smartphone. Rated critical severity (CVSS 9.8), this vulnerability is remotely exploitable, no authentication required, low attack complexity. No vendor patch available.
There is a Key Management Errors Vulnerability in Huawei Smartphone. Rated critical severity (CVSS 9.8), this vulnerability is remotely exploitable, no authentication required, low attack complexity. No vendor patch available.
An issue was discovered in Craft CMS before 3.6.7. Rated critical severity (CVSS 9.8), this vulnerability is remotely exploitable, no authentication required, low attack complexity. This Missing Authorization vulnerability could allow attackers to access resources or perform actions without proper authorization checks.
The Symantec Advanced Secure Gateway (ASG) and ProxySG web management consoles are susceptible to an authentication bypass vulnerability. Rated critical severity (CVSS 9.8), this vulnerability is remotely exploitable, no authentication required, low attack complexity. No vendor patch available.
Stack-based Buffer Overflow vulnerability in cachekey plugin of Apache Traffic Server.0.0 to 7.1.12, 8.0.0 to 8.1.1, 9.0.0 to 9.0.1. Rated critical severity (CVSS 9.8), this vulnerability is remotely exploitable, no authentication required, low attack complexity. No vendor patch available.
There exists an unauthenticated BLE Interface in Sloan SmartFaucets including Optima EAF, Optima ETF/EBF, BASYS EFX, and Flushometers including SOLIS. Rated medium severity (CVSS 5.4), this vulnerability is no authentication required, low attack complexity. Public exploit code available and no vendor patch available.
Stored cross-site scripting (XSS) in the embedded webserver of AKCP sensorProbe before SP480-20210624 enables remote authenticated attackers to introduce arbitrary JavaScript via the Sensor. Rated medium severity (CVSS 5.4), this vulnerability is remotely exploitable, low attack complexity. Public exploit code available and no vendor patch available.
There is an Information Disclosure Vulnerability in Huawei Smartphone. Rated critical severity (CVSS 9.1), this vulnerability is remotely exploitable, no authentication required, low attack complexity. No vendor patch available.
There is a Defects Introduced in the Design Process Vulnerability in Huawei Smartphone. Rated critical severity (CVSS 9.1), this vulnerability is remotely exploitable, no authentication required, low attack complexity. No vendor patch available.
There is a Cleartext Transmission of Sensitive Information Vulnerability in Huawei Smartphone. Rated critical severity (CVSS 9.1), this vulnerability is remotely exploitable, no authentication required, low attack complexity. No vendor patch available.
TensorFlow through 2.5.0 allows attackers to overwrite arbitrary files via a crafted archive when tf.keras.utils.get_file is used with extract=True. Rated critical severity (CVSS 9.1), this vulnerability is remotely exploitable, no authentication required, low attack complexity. No vendor patch available.
A component of the HarmonyOS has a Improper Privilege Management vulnerability. Rated high severity (CVSS 8.4), this vulnerability is no authentication required, low attack complexity. No vendor patch available.
There is a Credentials Management Errors Vulnerability in Huawei Smartphone. Rated high severity (CVSS 8.1), this vulnerability is remotely exploitable, low attack complexity. No vendor patch available.
There is a Time-of-check Time-of-use (TOCTOU) Race Condition Vulnerability in Huawei Smartphone. Rated high severity (CVSS 8.1), this vulnerability is remotely exploitable, no authentication required. No vendor patch available.
There is a Configuration Defect Vulnerability in Huawei Smartphone. Rated high severity (CVSS 7.8), this vulnerability is no authentication required, low attack complexity. No vendor patch available.
Bootloader contains a vulnerability in NVIDIA MB2 where a potential heap overflow could cause memory corruption, which might lead to denial of service or code execution. Rated high severity (CVSS 7.8), this vulnerability is low attack complexity. No vendor patch available.
Trusty TLK contains a vulnerability in the NVIDIA TLK kernel’s tz_map_shared_mem function where an integer overflow on the size parameter causes the request buffer and the logging buffer to overflow,. Rated high severity (CVSS 7.8), this vulnerability is low attack complexity. No vendor patch available.
Trusty TLK contains a vulnerability in the NVIDIA TLK kernel function where a lack of checks allows the exploitation of an integer overflow on the size parameter of the tz_map_shared_mem function,. Rated high severity (CVSS 7.8), this vulnerability is low attack complexity. No vendor patch available.
Bootloader contains a vulnerability in NVIDIA MB2 where potential heap overflow might cause corruption of the heap metadata, which might lead to arbitrary code execution, denial of service, and. Rated high severity (CVSS 7.8), this vulnerability is low attack complexity. No vendor patch available.
Plixer Scrutinizer 19.0.2 is affected by: SQL Injection. Rated high severity (CVSS 7.5), this vulnerability is remotely exploitable, no authentication required, low attack complexity. No vendor patch available.
There is a Memory Buffer Improper Operation Limit Vulnerability in Huawei Smartphone. Rated high severity (CVSS 7.5), this vulnerability is remotely exploitable, no authentication required, low attack complexity. No vendor patch available.
There is an Input Verification Vulnerability in Huawei Smartphone. Rated high severity (CVSS 7.5), this vulnerability is remotely exploitable, no authentication required, low attack complexity. No vendor patch available.
think-helper defines a set of helper functions for ThinkJS. Rated high severity (CVSS 7.5), this vulnerability is remotely exploitable, no authentication required, low attack complexity. No vendor patch available.
There is a Permission Control Vulnerability in Huawei Smartphone. Rated high severity (CVSS 7.5), this vulnerability is remotely exploitable, no authentication required, low attack complexity. No vendor patch available.
There is a Memory Buffer Improper Operation Limit Vulnerability in Huawei Smartphone. Rated high severity (CVSS 7.5), this vulnerability is remotely exploitable, no authentication required, low attack complexity. No vendor patch available.
Jenkins 2.299 and earlier, LTS 2.289.1 and earlier does not invalidate the previous session on login. Rated high severity (CVSS 7.5), this vulnerability is remotely exploitable, no authentication required. No vendor patch available.
There is an Improper Validation of Array Index Vulnerability in Huawei Smartphone. Rated high severity (CVSS 7.5), this vulnerability is remotely exploitable, no authentication required, low attack complexity. No vendor patch available.
There is an Improper Permission Management Vulnerability in Huawei Smartphone. Rated high severity (CVSS 7.5), this vulnerability is remotely exploitable, no authentication required, low attack complexity. No vendor patch available.
There is a Security Features Vulnerability in Huawei Smartphone. Rated high severity (CVSS 7.5), this vulnerability is remotely exploitable, no authentication required, low attack complexity. No vendor patch available.
There is a Credentials Management Errors Vulnerability in Huawei Smartphone. Rated high severity (CVSS 7.5), this vulnerability is remotely exploitable, no authentication required, low attack complexity. No vendor patch available.
Improper Input Validation vulnerability in HTTP/2 of Apache Traffic Server allows an attacker to DOS the server.0.0 to 7.1.12, 8.0.0 to 8.1.1, 9.0.0 to 9.0.1. Rated high severity (CVSS 7.5), this vulnerability is remotely exploitable, no authentication required, low attack complexity. No vendor patch available.
Improper Input Validation vulnerability in HTTP/2 of Apache Traffic Server allows an attacker to DOS the server.0.0 to 7.1.12, 8.0.0 to 8.1.1, 9.0.0 to 9.0.1. Rated high severity (CVSS 7.5), this vulnerability is remotely exploitable, no authentication required, low attack complexity. No vendor patch available.
A component of the HarmonyOS has a Privilege Dropping / Lowering Errors vulnerability. Rated high severity (CVSS 7.1), this vulnerability is low attack complexity. No vendor patch available.
inappropriate x86 IOMMU timeout detection / handling IOMMUs process commands issued to them in parallel with the operation of the CPU(s) issuing such commands. Rated high severity (CVSS 7.1), this vulnerability is low attack complexity. No vendor patch available.
Trusty TLK contains a vulnerability in the NVIDIA TLK kernel where an integer overflow in the calculation of a length could lead to a heap overflow. Rated medium severity (CVSS 6.7), this vulnerability is low attack complexity. No vendor patch available.
Bootloader contains a vulnerability in NVIDIA MB2 where a potential heap overflow might lead to denial of service or escalation of privileges. Rated medium severity (CVSS 6.7), this vulnerability is low attack complexity. No vendor patch available.
Trusty contains a vulnerability in the HDCP service TA where bounds checking in command 10 is missing. Rated medium severity (CVSS 6.7), this vulnerability is low attack complexity. No vendor patch available.
Trusty contains a vulnerability in the HDCP service TA where bounds checking in command 11 is missing. Rated medium severity (CVSS 6.7), this vulnerability is low attack complexity. No vendor patch available.
Trusty contains a vulnerability in the HDCP service TA where bounds checking in command 9 is missing. Rated medium severity (CVSS 6.7), this vulnerability is low attack complexity. No vendor patch available.
Trusty contains a vulnerability in the HDCP service TA where bounds checking in command 5 is missing. Rated medium severity (CVSS 6.7), this vulnerability is low attack complexity. No vendor patch available.