| CVE |
Vendors |
Products |
Updated |
CVSS v3.1 |
| Windows rndismp6.sys Remote Code Execution Vulnerability |
| Microsoft Power BI Client JavaScript SDK Information Disclosure Vulnerability |
| Windows Mobile Broadband Driver Remote Code Execution Vulnerability |
| Windows Mobile Broadband Driver Remote Code Execution Vulnerability |
| Zettlr version 2.3.0 allows an external attacker to remotely obtain arbitrary local files on any client that attempts to view a malicious markdown file through Zettlr. This is possible because the application does not have a CSP policy (or at least not strict enough) and/or does not properly validate the contents of markdown files before rendering them. |
| "IBM InfoSphere Information Server 11.7 could allow a user to cause a denial of service by removing the ability to run jobs due to improper input validation. IBM X-Force ID: 235725." |
| A security vulnerability has been identified in HPE Nimble Storage Hybrid Flash Arrays and HPE Nimble Storage Secondary Flash Arrays which could potentially allow local disclosure of sensitive information.
|
|
Improper input validation and output encoding in all comments fields, in M-Files Hubshare before 3.3.10.9 allows authenticated attackers to introduce cross-site scripting attacks via specially crafted comments.
|
| Aruba has identified certain configurations of ArubaOS that can lead to sensitive information disclosure from the configured ESSIDs. The scenarios in which disclosure of potentially sensitive information can occur are complex, and depend on factors beyond the control of attackers.
|
| Fedora CoreOS supports setting a GRUB bootloader password
using a Butane config. When this feature is enabled, GRUB requires a password to access the
GRUB command-line, modify kernel command-line arguments, or boot
non-default OSTree deployments. Recent Fedora CoreOS releases have a
misconfiguration which allows booting non-default OSTree deployments
without entering a password. This allows someone with access to the
GRUB menu to boot into an older version of Fedora CoreOS, reverting
any security fixes that have recently been applied to the machine. A
password is still required to modify kernel command-line arguments and
to access the GRUB command line.
|
| OpenHarmony-v3.1.2 and prior versions had an Arbitrary file read vulnerability via download_server. Local attackers can install an malicious application on the device and reveal any file from the filesystem that is accessible to download_server service which run with UID 1000. |
| HCL Domino is susceptible to an information disclosure vulnerability. In some scenarios, local calls made on the server to search the Domino directory will ignore xACL read restrictions. An authenticated attacker could leverage this vulnerability to access attributes from a user's person record.
|
| The Zoom Client for Meetings (for Android, iOS, Linux, macOS, and Windows) before version 5.12.2 is susceptible to a URL parsing vulnerability. If a malicious Zoom meeting URL is opened, the malicious link may direct the user to connect to an arbitrary network address, leading to additional attacks including session takeovers. |
|
Broken access controls on PDFtron data in M-Files Hubshare before 3.3.11.3 allows unauthenticated attackers to access restricted PDF files via a known URL.
|
| The Yame | Link In Bio plugin for WordPress is vulnerable to Sensitive Information Exposure in all versions up to, and including, 0.9.0 through the publicly accessible phpinfo.php script. This makes it possible for unauthenticated attackers to view potentially sensitive information contained in the exposed file. |
|
An Improper Validation of Syntactic Correctness of Input vulnerability in Routing Protocol Daemon (rpd) Juniper Networks Junos OS and Junos OS Evolved allows an unauthenticated, network based attacker to cause a Denial of Service (DoS).
When a malformed BGP UPDATE packet is received over an established BGP session, the rpd crashes and restarts.
This issue affects both eBGP and iBGP implementations.
This issue affects:
Juniper Networks Junos OS
* 21.4 versions prior to 21.4R3-S4;
* 22.1 versions prior to 22.1R3-S3;
* 22.2 versions prior to 22.2R3-S2;
* 22.3 versions prior to 22.3R2-S2, 22.3R3;
* 22.4 versions prior to 22.4R2-S1, 22.4R3;
* 23.2 versions prior to 23.2R1, 23.2R2;
Juniper Networks Junos OS Evolved
* 21.4 versions prior to 21.4R3-S5-EVO;
* 22.1 versions prior to 22.1R3-S3-EVO;
* 22.2 versions prior to 22.2R3-S3-EVO;
* 22.3 versions prior to 22.3R2-S2-EVO;
* 22.4 versions prior to 22.4R3-EVO;
* 23.2 versions prior to 23.2R2-EVO;
|
| KHC-INVITATION-AUTOMATION is a GitHub automation script that automatically invites followers of a bot account to join your organization. In some commits on version 1.2, a vulnerability was identified where user data, including email addresses and Discord usernames, were exposed in API responses without proper access controls. This allowed unauthorized users to access sensitive user information by directly calling specific endpoints. This issue has been patched in a later commit on version 1.2. |
| A vulnerability in the login functionality of the web application of ctrlX OS allows a remote unauthenticated attacker to guess valid usernames via multiple crafted HTTP requests. |
| An issue in the oneflow.scatter_nd parameter OneFlow-Inc. Oneflow v0.9.1 allows attackers to cause a Denial of Service (DoS) when index parameter exceeds the range of shape. |
| Improper input validation in OneFlow-Inc. Oneflow v0.9.1 allows attackers to cause a Denial of Service (DoS) via inputting a negative value into the oneflow.full parameter. |
