| CVE |
Vendors |
Products |
Updated |
CVSS v3.1 |
| VTiger CRM <= 8.1.0 does not correctly check user privileges. A low-privileged user can interact directly with the "Migration" administrative module to disable arbitrary modules. |
| FileCloud Versions 20.2 and later allows remote attackers to potentially cause unauthorized remote code execution and access to reported API endpoints via a crafted HTTP request. |
| This update resolves a multi-factor authentication bypass attack |
|
Elsight – Elsight Halo Remote Code Execution (RCE)
Elsight Halo web panel allows us to perform connection validation.
through the POST request :
/api/v1/nics/wifi/wlan0/ping
we can abuse DESTINATION parameter and leverage it to remote code execution.
|
|
IBM CICS TX 11.7 could allow an attacker to obtain sensitive information from HTTP response headers. IBM X-Force ID: 229467.
|
| iTerm2 before 3.4.18 mishandles a DECRQSS response. |
| An issue was discovered in Wind River VxWorks 6.9 and 7, that allows a specifically crafted packet sent by a Radius server, may cause Denial of Service during the IP Radius access procedure. |
| When using tasks to read config files, there is a risk of database password disclosure. We recommend you upgrade to version 2.0.6 or higher. |
| In telephony, there is a possible information disclosure due to a missing permission check. This could lead to local information disclosure with no additional execution privileges needed. User interaction is not needed for exploitation. Patch ID: ALPS08698617; Issue ID: MSV-1394. |
| In Modem, there is a possible system crash due to a missing bounds check. This could lead to remote denial of service with no additional execution privileges needed. User interaction is not needed for exploitation. Patch ID: MOLY00843282; Issue ID: MSV-1535. |
| The WebConfig functionality of Epson TM-C3500 and TM-C7500 devices with firmware version WAM31500 allows authentication bypass. |
| DragonflyDB Dragonfly before 1.27.0 allows authenticated users to cause a denial of service (daemon crash) via a crafted Redis command. The validity of the scan cursor was not checked. |
| Russound XSourcePlayer 777D v06.08.03 was discovered to contain a remote code execution vulnerability via the scriptRunner.cgi component. |
| HCL Launch could allow a user with administrative privileges, including "Manage Security" permissions, the ability to recover a credential previously saved for performing authenticated LDAP searches.
|
| Zenario CMS 9.3.57186 is vulnerable to Remote Code Excution (RCE). |
| Symantec Endpoint Protection (Windows) agent, prior to 14.3 RU6/14.3 RU5 Patch 1, may be susceptible to a Security Control Bypass vulnerability, which is a type of issue that can potentially allow a threat actor to circumvent existing security controls. This CVE applies narrowly to the Client User Interface Password protection and Policy Import/Export Password protection, if it has been enabled. |
| Symantec Endpoint Protection (Windows) agent may be susceptible to a Privilege Escalation vulnerability, which is a type of issue whereby an attacker may attempt to compromise the software application to gain elevated access to resources that are normally protected from an application or user. |
| An arbitrary file deletion vulnerability in the Damage Cleanup Engine component of Trend Micro Apex One and Trend Micro Apex One as a Service could allow a local attacker to escalate privileges and delete files on affected installations.
Please note: an attacker must first obtain the ability to execute low-privileged code on the target system in order to exploit this vulnerability. |
| Vulnerabilities in the Aruba EdgeConnect Enterprise command line interface allow remote authenticated users to run arbitrary commands on the underlying host. A successful exploit could allow an attacker to execute arbitrary commands as root on the underlying operating system leading to complete system compromise in Aruba EdgeConnect Enterprise Software version(s): ECOS 9.2.1.0 and below; ECOS 9.1.3.0 and below; ECOS 9.0.7.0 and below; ECOS 8.3.7.1 and below.
|
| A type check was missing when handling fonts in PDF.js, which would allow arbitrary JavaScript execution in the PDF.js context. This vulnerability affects Firefox < 126, Firefox ESR < 115.11, and Thunderbird < 115.11. |
