| CVE |
Vendors |
Products |
Updated |
CVSS v3.1 |
| An authenticated administrator can upload a SAML configuration file with the wrong format, with the application not checking the correct file format. Every subsequent application request will return an error.
The whole application in rendered unusable until a console intervention. |
| A buffer overflow vulnerability exists in the uhttpd login functionality of Milesight UR32L v32.3.0.5. A specially crafted network request can lead to remote code execution. An attacker can send a network request to trigger this vulnerability. |
| Improper Neutralization of Formula Elements in a CSV File vulnerability in Muneeb Form Builder | Create Responsive Contact Forms.This issue affects Form Builder | Create Responsive Contact Forms: from n/a through 1.9.9.0.
|
| A heap-based buffer overflow in Fortinet FortiWeb version 7.0.0 through 7.0.1, FortiWeb version 6.3.0 through 6.3.19, FortiWeb 6.4 all versions, FortiWeb 6.2 all versions, FortiWeb 6.1 all versions allows attacker to escalation of privilege via specifically crafted arguments to existing commands. |
| A stack-based buffer overflow vulnerability [CWE-121] in FortiWeb version 7.0.1 and below, 6.4 all versions, version 6.3.19 and below SAML server configuration may allow an authenticated attacker to achieve arbitrary code execution via specifically crafted XML files. |
| A stack-based buffer overflow in Fortinet FortiWeb version 7.0.0 through 7.0.1, Fortinet FortiWeb version 6.3.6 through 6.3.19, Fortinet FortiWeb 6.4 all versions allows attacker to escalation of privilege via specifically crafted HTTP requests. |
| Improper Neutralization of Formula Elements in a CSV File vulnerability in WPEkaClub WP Cookie Consent ( for GDPR, CCPA & ePrivacy ).This issue affects WP Cookie Consent ( for GDPR, CCPA & ePrivacy ): from n/a through 2.2.5.
|
| A denial-of-service vulnerability exists in the vpnserver EnSafeHttpHeaderValueStr functionality of SoftEther VPN 5.01.9674 and 5.02. A specially crafted network packet can lead to denial of service. |
| An access violation vulnerability exists in the eventcore functionality of Milesight UR32L v32.3.0.5. A specially crafted network request can lead to denial of service. An attacker can send a network request to trigger this vulnerability. |
| Improper Input Validation in Checkmk <2.2.0p15, <2.1.0p37, <=2.0.0p39 allows priviledged attackers to cause partial denial of service of the UI via too long hostnames. |
| An out-of-bounds read was addressed with improved bounds checking. This issue is fixed in tvOS 16.4, iOS 16.4 and iPadOS 16.4. Processing a maliciously crafted Bluetooth packet may result in disclosure of process memory. |
| A buffer overflow issue was addressed with improved memory handling. This issue is fixed in macOS Big Sur 11.7.3, macOS Ventura 13.2, macOS Monterey 12.6.3. Mounting a maliciously crafted Samba network share may lead to arbitrary code execution. |
|
Some Honor products are affected by out of bounds read vulnerability, successful exploitation could cause information leak.
|
| A buffer copy without checking size of input vulnerability has been reported to affect QNAP operating systems. If exploited, the vulnerability possibly allows remote users to execute code via unspecified vectors.
We have already fixed the vulnerability in the following versions:
Multimedia Console 2.1.1 ( 2023/03/29 ) and later
Multimedia Console 1.4.7 ( 2023/03/20 ) and later
|
| A buffer copy without checking size of input vulnerability has been reported to affect QNAP operating system. If exploited, the vulnerability possibly allows remote users to execute code via unspecified vectors.
We have already fixed the vulnerability in the following versions:
QTS 4.3.6.2441 build 20230621 and later
QTS 4.3.3.2420 build 20230621 and later
QTS 4.2.6 build 20230621 and later
QTS 4.3.4.2451 build 20230621 and later
|
| IBM InfoSphere Information Server 11.7 is potentially vulnerable to CSV Injection. A remote attacker could execute arbitrary commands on the system, caused by improper validation of csv file contents. IBM X-Force ID: 244368. |
| An out-of-bounds read vulnerability exists in the TGAInput::decode_pixel() functionality of OpenImageIO Project OpenImageIO v2.4.7.1. A specially crafted targa file can lead to information disclosure. An attacker can provide a malicious file to trigger this vulnerability. |
| Improper Neutralization of Formula Elements in a CSV File vulnerability in GiveWP.This issue affects GiveWP: from n/a through 2.25.1.
|
| Out-of-bounds read in Intel(R) Media SDK and some Intel(R) oneVPL software before version 23.3.5 may allow an authenticated user to potentially enable escalation of privilege via local access. |
|
A stack-based buffer overflow in the Command Centre Server allows an attacker to cause a denial of service attack via assigning cardholders to an Access Group.
This issue affects Command Centre: vEL8.80 prior to vEL8.80.1192 (MR2)
|
