| CVE |
Vendors |
Products |
Updated |
CVSS v3.1 |
| Unisys ALGOL Compiler 58.1 before 58.1a.15, 59.1 before 59.1a.9, and 60.0 before 60.0a.5 can emit invalid code sequences under rare circumstances related to syntax. The resulting code could, for example, trigger a system fault or adversely affect confidentiality, integrity, and availability. |
| Improper Authorization vulnerability of Pepperl+Fuchs P+F Comtrol RocketLinx ES7510-XT, ES8509-XT, ES8510-XT, ES9528-XTv2, ES7506, ES7510, ES7528, ES8508, ES8508F, ES8510, ES8510-XTE, ES9528/ES9528-XT (all versions) and ICRL-M-8RJ45/4SFP-G-DIN, ICRL-M-16RJ45/4CP-G-DIN FW 1.2.3 and below has an active TFTP-Service. |
| An open port used for debugging in SWARCOs CPU LS4000 Series with versions starting with G4... grants root access to the device without access control via network. A malicious user could use this vulnerability to get access to the device and disturb operations with connected devices. |
| Subrion CMS 4.2.1 allows CSV injection via a phrase value within a language. This is related to phrases/add/ and languages/download/. |
| By navigating a tab using the history API, an attacker could cause the address bar to display the incorrect domain (with the https:// scheme, a blocked port number such as '1', and without a lock icon) while controlling the page contents. This vulnerability affects Firefox < 70. |
| When using certain blank characters in a URL, they where incorrectly rendered as spaces instead of an encoded URL. This vulnerability affects Firefox < 77. |
| Improper access control in some Intel(R) Graphics Drivers before version 26.20.100.8476 may allow an authenticated user to potentially enable an escalation of privilege via local access. |
| Insufficient control flow management in the firmware for some Intel(R) Processors may allow an unauthenticated user to potentially enable escalation of privilege via physical access. |
| Insufficient control flow management in the API for the Intel(R) Collaboration Suite for WebRTC before version 4.3.1 may allow an authenticated user to potentially enable escalation of privilege via network access. |
| Insufficient control flow management in the Open WebRTC Toolkit before version 4.3.1 may allow an unauthenticated user to potentially enable escalation of privilege via network access. |
| Insufficient control flow management in some Intel(R) PROSet/Wireless WiFi products before version 21.110 may allow an unauthenticated user to potentially enable denial of service via adjacent access. |
| Insufficient control flow managementin firmware in some Intel(R) Client SSDs and some Intel(R) Data Center SSDs may allow an unauthenticated user to potentially enable information disclosure via physical access. |
| Insufficient control flow managementin firmware in some Intel(R) Client SSDs and some Intel(R) Data Center SSDs may allow an unauthenticated user to potentially enable information disclosure via physical access. |
| Improper access control for the Intel(R) Computing Improvement Program before version 2.4.5982 may allow an unprivileged user to potentially enable information disclosure via network access. |
| Insufficient control flow management in some Intel(R) Thunderbolt(TM) controllers may allow an authenticated user to potentially enable denial of service via local access. |
| Improper control of a resource through its lifetime in some Intel(R) Thunderbolt(TM) controllers may allow an authenticated user to potentially enable denial of service via local access. |
| Improper access control in some Intel(R) Thunderbolt(TM) controllers may allow an authenticated user to potentially enable denial of service via local access. |
| Protection mechanism failure in some Intel(R) Thunderbolt(TM) controllers may allow an authenticated user to potentially enable denial of service via local access. |
| The responsive-add-ons plugin before 2.2.7 for WordPress has incorrect access control for wp-admin/admin-ajax.php?action= requests. |
| A certain Postfix 2.10.1-7 package could allow an attacker to send an email from an arbitrary-looking sender via a homoglyph attack, as demonstrated by the similarity of \xce\xbf to the 'o' character. This is potentially relevant when the /etc/postfix/sender_login feature is used, because a spoofed outbound message that uses a configured sender address is blocked with a "Sender address rejected: not logged in" error message, but a spoofed outbound message that uses a homoglyph of a configured sender address is not blocked. NOTE: some third parties argue that any missed blocking of spoofed outbound messages - except for exact matches to a sender address in the /etc/postfix/sender_login file - is outside the design goals of Postfix and thus cannot be considered a Postfix vulnerability |
