| CVE |
Vendors |
Products |
Updated |
CVSS v3.1 |
| Windows Pragmatic General Multicast (PGM) Remote Code Execution Vulnerability |
| Windows GDI Elevation of Privilege Vulnerability |
| Alotcer - AR7088H-A firmware version 16.10.3 Command execution Improper validation of unspecified input field may allow Authenticated command execution. |
| Windows CryptoAPI Denial of Service Vulnerability |
| Alotcer - AR7088H-A firmware version 16.10.3 Information disclosure. Unspecified error message contains the default administrator user name. |
| GDI Elevation of Privilege Vulnerability |
| The login functionality of the web server in affected devices does not normalize the response times of login attempts. An unauthenticated remote attacker could exploit this side-channel information to distinguish between valid and invalid usernames. |
| The personnummer implementation before 3.0.3 for Dart mishandles numbers in which the last four digits match the ^000[0-9]$ regular expression. |
| workers/extractor.py in Pandora (aka pandora-analysis/pandora) 1.3.0 allows a denial of service when an attacker submits a deeply nested ZIP archive (aka ZIP bomb). |
| PgHero before 3.1.0 allows Information Disclosure via EXPLAIN because query results may be present in an error message. (Depending on database user privileges, this may only be information from the database, or may be information from file contents on the database server.) |
| Insufficient input validation in the SMU may allow an attacker to improperly lock resources, potentially resulting in a denial of service.
|
| Insufficient input validation of BIOS mailbox messages in SMU may result in out-of-bounds memory reads potentially resulting in a denial of service.
|
| Insufficient input validation in the SMU may allow a physical attacker to exfiltrate SMU memory contents over the I2C bus potentially leading to a loss of confidentiality.
|
| Improper Input Validation in GitHub repository publify/publify prior to 9.2.10. |
| Element X Android is a Matrix Android Client provided by element.io. In Element X Android versions between 0.4.16 and 25.03.3, the entity in control of the element.json well-known file is able, under certain conditions, to get access to the media encryption keys used for an Element Call call. This vulnerability is fixed in 25.03.4. |
| Element X iOS is a Matrix iOS Client provided by Element. In Element X iOS version between 1.6.13 and 25.03.7, the entity in control of the element.json well-known file is able, under certain conditions, to get access to the media encryption keys used for an Element Call call. This vulnerability is fixed in 25.03.8. |
| NVIDIA BMC contains a vulnerability in IPMI handler, where an unauthorized attacker can use certain oracles to guess a valid BMC username, which may lead to an information disclosure. |
| Improper syscall input validation in the ASP Bootloader may allow a privileged attacker to read memory out-of-bounds, potentially leading to a denial-of-service.
|
| Insufficient syscall input validation in the ASP Bootloader may allow a privileged attacker to read memory outside the bounds of a mapped register potentially leading to a denial of service.
|
| Insufficient input validation in ASP may allow an attacker with a malicious BIOS to potentially cause a denial of service.
|
