An improper privilege management vulnerability in the hotspot feature of the Zyxel USG FLEX series firmware versions 4.50 through 5.37 and VPN series firmware versions 4.30 through 5.37 could allow. Rated medium severity (CVSS 5.5), this vulnerability is low attack complexity. No vendor patch available.
An improper privilege management vulnerability in the debug CLI command of the Zyxel ATP series firmware versions 4.32 through 5.37, USG FLEX series firmware versions 4.50 through 5.37, USG FLEX. Rated medium severity (CVSS 5.5), this vulnerability is low attack complexity. No vendor patch available.
An improper privilege management vulnerability in the ZySH of the Zyxel ATP series firmware versions 4.32 through 5.37, USG FLEX series firmware versions 4.50 through 5.37, USG FLEX 50(W) series. Rated medium severity (CVSS 5.5), this vulnerability is low attack complexity. No vendor patch available.
A buffer overflow vulnerability in the Zyxel ATP series firmware versions 4.32 through 5.37, USG FLEX series firmware versions 4.50 through 5.37, USG FLEX 50(W) series firmware versions 4.16 through. Rated medium severity (CVSS 5.5), this vulnerability is low attack complexity. No vendor patch available.
An improper privilege management vulnerability in the debug CLI command of the Zyxel ATP series firmware versions 4.32 through 5.37, USG FLEX series firmware versions 4.50 through 5.37, USG FLEX. Rated medium severity (CVSS 5.5), this vulnerability is low attack complexity. No vendor patch available.
An improper input validation vulnerability in the “Quagga” package of the Zyxel ATP series firmware versions 4.32 through 5.37, USG FLEX series firmware versions 4.50 through 5.37, USG FLEX 50(W). Rated medium severity (CVSS 5.5), this vulnerability is low attack complexity. No vendor patch available.
An authenticated attacker with update datasets permission could change a dataset link to an untrusted site by spoofing the HTTP Host header, users could be redirected to this site when clicking on. Rated medium severity (CVSS 5.4), this vulnerability is remotely exploitable, low attack complexity. No vendor patch available.
A vulnerability has been identified in Pachno 1.0.6 allowing an authenticated attacker to execute a cross-site scripting (XSS) attack. Rated medium severity (CVSS 5.4), this vulnerability is remotely exploitable, low attack complexity. No vendor patch available.
When an invalid public key is used to create an x509 certificate using the crypto.X509Certificate() API a non-expect termination occurs making it susceptible to DoS attacks when the attacker could. Rated medium severity (CVSS 5.3), this vulnerability is remotely exploitable, no authentication required, low attack complexity. No vendor patch available.
An authentication bypass vulnerability in the Direct Connection Module in Ezviz CS-C6N-xxx prior to v5.3.x build 20230401, Ezviz CS-CV310-xxx prior to v5.3.x build 20230401, Ezviz CS-C6CN-xxx prior. Rated medium severity (CVSS 5.3), this vulnerability is remotely exploitable, no authentication required, low attack complexity. No vendor patch available.
Knative Serving builds on Kubernetes to support deploying and serving of applications and functions as serverless containers. Rated medium severity (CVSS 5.3), this vulnerability is remotely exploitable. This Uncontrolled Resource Consumption vulnerability could allow attackers to cause denial of service by exhausting system resources.
There is no BIOS password on the FACSChorus workstation. Rated medium severity (CVSS 5.2), this vulnerability is no authentication required, low attack complexity. No vendor patch available.
OroCalendarBundle enables a Calendar feature and related functionality in Oro applications. Rated medium severity (CVSS 5.0), this vulnerability is remotely exploitable, low attack complexity.
The web interface of the PAC Device allows the device administrator user profile to store malicious scripts in some fields. Rated medium severity (CVSS 4.8), this vulnerability is remotely exploitable, low attack complexity. No vendor patch available.
A buffer overflow vulnerability in the Zyxel ATP series firmware version 5.37, USG FLEX series firmware version 5.37, USG FLEX 50(W) series firmware version 5.37, and USG20(W)-VPN series firmware. Rated medium severity (CVSS 4.4), this vulnerability is low attack complexity. No vendor patch available.
The FACSChorus software database can be accessed directly with the privileges of the currently logged-in user. Rated medium severity (CVSS 4.3), this vulnerability is no authentication required, low attack complexity. No vendor patch available.
The FACSChorus software contains sensitive information stored in plaintext. Rated medium severity (CVSS 4.3), this vulnerability is no authentication required, low attack complexity. No vendor patch available.
An authenticated user with read permissions on database connections metadata could potentially access sensitive information such as the connection's username.0.0. Rated medium severity (CVSS 4.3), this vulnerability is remotely exploitable, low attack complexity. No vendor patch available.
OroCommerce package with customer portal and non authenticated visitor website base features. Rated medium severity (CVSS 4.3), this vulnerability is remotely exploitable, low attack complexity. No vendor patch available.
The Operating System hosting the FACSChorus application is configured to allow transmission of hashed user credentials upon user action without adequately validating the identity of the requested. Rated low severity (CVSS 3.8), this vulnerability is no authentication required, low attack complexity. No vendor patch available.
The FACSChorus software does not properly assign data access privileges for operating system user accounts. Rated low severity (CVSS 3.5), this vulnerability is no authentication required, low attack complexity. No vendor patch available.
The FACSChorus workstation does not prevent physical access to its PCI express (PCIe) slots, which could allow a threat actor to insert a PCI card designed for memory capture. Rated low severity (CVSS 2.4), this vulnerability is no authentication required, low attack complexity. No vendor patch available.