Netgear JWNR2000v2 v1.0.0.11, XWN5001 v0.4.1.1, and XAVN2001v2 v0.4.0.7 were discovered to contain multiple buffer overflows via the http_passwd and http_username parameters in the update_auth. Rated high severity (CVSS 8.8), this vulnerability is remotely exploitable, low attack complexity. No vendor patch available.
Netgear WG302v2 v5.2.9 and WAG302v2 v5.1.19 were discovered to contain multiple command injection vulnerabilities in the upgrade_handler function via the firmwareRestore and firmwareServerip. Rated high severity (CVSS 8.8), this vulnerability is remotely exploitable, low attack complexity. No vendor patch available.
The Bubble Menu WordPress plugin before 3.0.5 does not sanitize and escape some of its settings, which could allow high-privilege users such as admin to perform Stored Cross-Site Scripting attacks. Rated medium severity (CVSS 4.8), this vulnerability is remotely exploitable, low attack complexity. Public exploit code available and no vendor patch available.
PrestaShop is an open source e-commerce web application. Rated high severity (CVSS 8.6), this vulnerability is remotely exploitable, no authentication required, low attack complexity. This Path Traversal vulnerability could allow attackers to access files and directories outside the intended path.
A use-after-free flaw was found in the Linux kernel’s Netfilter functionality when adding a rule with NFTA_RULE_CHAIN_ID. Rated high severity (CVSS 7.8), this vulnerability is low attack complexity. This Use After Free vulnerability could allow attackers to access freed memory to execute arbitrary code or crash the application.
ntpd will crash if the server is not NTS-enabled (no certificate) and it receives an NTS-enabled client request (mode 3). Rated high severity (CVSS 7.5), this vulnerability is remotely exploitable, no authentication required, low attack complexity. No vendor patch available.
ABB is aware of vulnerabilities in the product versions listed below. Rated high severity (CVSS 7.5), this vulnerability is remotely exploitable, no authentication required, low attack complexity.
ABB is aware of vulnerabilities in the product versions listed below. Rated high severity (CVSS 7.5), this vulnerability is remotely exploitable, no authentication required, low attack complexity.
In DRM/oemcrypto, there is a possible out of bounds write due to an incorrect calculation of buffer size.This could lead to remote escalation of privilege with System execution privileges needed. Rated high severity (CVSS 7.2), this vulnerability is remotely exploitable, low attack complexity. No vendor patch available.
In wlan service, there is a possible out of bounds write due to improper input validation. Rated medium severity (CVSS 6.7), this vulnerability is low attack complexity. No vendor patch available.
In wlan service, there is a possible out of bounds write due to improper input validation. Rated medium severity (CVSS 6.7), this vulnerability is low attack complexity. No vendor patch available.
In wlan service, there is a possible out of bounds write due to improper input validation. Rated medium severity (CVSS 6.7), this vulnerability is low attack complexity. No vendor patch available.
In wlan service, there is a possible out of bounds write due to improper input validation. Rated medium severity (CVSS 6.7), this vulnerability is low attack complexity. No vendor patch available.
In IOMMU, there is a possible out of bounds write due to a missing bounds check. Rated medium severity (CVSS 6.7), this vulnerability is low attack complexity. No vendor patch available.
In vdec, there is a possible out of bounds write due to a missing bounds check. Rated medium severity (CVSS 6.7), this vulnerability is low attack complexity. No vendor patch available.
In OPTEE, there is a possible out of bounds write due to a missing bounds check. Rated medium severity (CVSS 6.7), this vulnerability is low attack complexity. No vendor patch available.
In dpe, there is a possible out of bounds write due to a missing bounds check. Rated medium severity (CVSS 6.7), this vulnerability is low attack complexity. No vendor patch available.
In hcp, there is a possible out of bounds write due to a missing bounds check. Rated medium severity (CVSS 6.7), this vulnerability is low attack complexity. No vendor patch available.
In imgsys, there is a possible out of bounds write due to a missing bounds check. Rated medium severity (CVSS 6.7), this vulnerability is low attack complexity. No vendor patch available.
In imgsys, there is a possible out of bounds write due to a missing bounds check. Rated medium severity (CVSS 6.7), this vulnerability is low attack complexity. No vendor patch available.
In camera middleware, there is a possible out of bounds write due to a missing bounds check. Rated medium severity (CVSS 6.7), this vulnerability is low attack complexity. No vendor patch available.
In ril, there is a possible out of bounds write due to a missing bounds check. Rated medium severity (CVSS 6.7), this vulnerability is low attack complexity. No vendor patch available.
In gps, there is a possible out of bounds write due to a missing bounds check. Rated medium severity (CVSS 6.7), this vulnerability is low attack complexity. No vendor patch available.
In keyinstall, there is a possible out of bounds write due to a missing bounds check. Rated medium severity (CVSS 6.7), this vulnerability is low attack complexity. No vendor patch available.
In keyinstall, there is a possible out of bounds write due to a missing bounds check. Rated medium severity (CVSS 6.7), this vulnerability is low attack complexity. No vendor patch available.
Netgear DGN3500 1.1.00.37 was discovered to contain a buffer overflow via the http_password parameter at setup.cgi. Rated medium severity (CVSS 6.5), this vulnerability is remotely exploitable, low attack complexity. No vendor patch available.
lib/kadm5/kadm_rpc_xdr.c in MIT Kerberos 5 (aka krb5) before 1.20.2 and 1.21.x before 1.21.1 frees an uninitialized pointer. Rated medium severity (CVSS 6.5), this vulnerability is remotely exploitable, low attack complexity.
Microsoft Edge (Chromium-based) Security Feature Bypass Vulnerability. Rated medium severity (CVSS 6.5), this vulnerability is remotely exploitable, no authentication required, low attack complexity.
In imgsys, there is a possible memory corruption due to improper input validation. Rated medium severity (CVSS 6.5), this vulnerability is low attack complexity. No vendor patch available.
In imgsys, there is a possible memory corruption due to improper input validation. Rated medium severity (CVSS 6.5), this vulnerability is low attack complexity. No vendor patch available.
In imgsys, there is a possible system crash due to a mssing ptr check. Rated medium severity (CVSS 6.5), this vulnerability is low attack complexity. No vendor patch available.
In imgsys, there is a possible use after free due to a race condition. Rated medium severity (CVSS 6.4). No vendor patch available.
In thermal, there is a possible use after free due to a race condition. Rated medium severity (CVSS 6.4). No vendor patch available.
In thermal, there is a possible use after free due to a race condition. Rated medium severity (CVSS 6.4). No vendor patch available.
In audio, there is a possible out of bounds write due to a missing bounds check. Rated medium severity (CVSS 6.4). No vendor patch available.
PrestaShop is an open source e-commerce web application. Rated medium severity (CVSS 6.1), this vulnerability is remotely exploitable, no authentication required, low attack complexity. This Cross-Site Scripting (XSS) vulnerability could allow attackers to inject malicious scripts into web pages viewed by other users.
Improper Neutralization of Input During Web Page Generation ('Cross-site Scripting') vulnerability in advcomsys.com oneVote component for Joomla. Rated medium severity (CVSS 6.1), this vulnerability is remotely exploitable, no authentication required, low attack complexity. No vendor patch available.
Unauth. Rated medium severity (CVSS 6.1), this vulnerability is remotely exploitable, no authentication required, low attack complexity. No vendor patch available.
A flaw was found in the Linux kernel's TUN/TAP functionality. Rated medium severity (CVSS 5.5), this vulnerability is low attack complexity. This Access of Resource Using Incompatible Type (Type Confusion) vulnerability could allow attackers to execute arbitrary code by exploiting type confusion in the application.
An issue was discovered in Insyde InsydeH2O with kernel 5.0 through 5.5. Rated medium severity (CVSS 5.5), this vulnerability is low attack complexity. No vendor patch available.
In Contacts service, there is a possible missing permission check.This could lead to local information disclosure with no additional execution privileges. Rated medium severity (CVSS 5.5), this vulnerability is low attack complexity. No vendor patch available.
In vowifi service, there is a possible missing permission check.This could lead to local information disclosure with no additional execution privileges. Rated medium severity (CVSS 5.5), this vulnerability is low attack complexity. No vendor patch available.
In Contacts Service, there is a possible missing permission check.This could lead to local information disclosure with no additional execution privileges. Rated medium severity (CVSS 5.5), this vulnerability is low attack complexity. No vendor patch available.
In Contacts service, there is a possible missing permission check.This could lead to local information disclosure with no additional execution privileges. Rated medium severity (CVSS 5.5), this vulnerability is low attack complexity. No vendor patch available.
In ims service, there is a possible missing permission check. Rated medium severity (CVSS 5.5), this vulnerability is low attack complexity. No vendor patch available.
In Contacts Service, there is a possible missing permission check. Rated medium severity (CVSS 5.5), this vulnerability is low attack complexity. No vendor patch available.
In Contacts Service, there is a possible missing permission check.This could lead to local information disclosure with no additional execution privileges. Rated medium severity (CVSS 5.5), this vulnerability is low attack complexity. No vendor patch available.
An issue was discovered in Fujitsu Software Infrastructure Manager (ISM) before 2.8.0.061. Rated medium severity (CVSS 5.0), this vulnerability is low attack complexity.
In wlan service, there is a possible out of bounds read due to improper input validation. Rated medium severity (CVSS 4.4), this vulnerability is low attack complexity. No vendor patch available.
In wlan service, there is a possible out of bounds read due to improper input validation. Rated medium severity (CVSS 4.4), this vulnerability is low attack complexity. No vendor patch available.