| CVE |
Vendors |
Products |
Updated |
CVSS v3.1 |
| A vulnerability was found in ImageMagick. This security flaw cause a remote code execution vulnerability in OpenBlob with --enable-pipes configured. |
| Macrovideo v380pro v1.4.97 shares the device id and password when sharing the device. |
| There is an information vulnerability in Huawei smartphones. A function in a module can be called without verifying the caller's access. Attackers with user access can exploit this vulnerability to obtain some information. This can lead to information leak. (Vulnerability ID: HWPSIRT-2019-12141)
This vulnerability has been assigned a Common Vulnerabilities and Exposures (CVE) ID: CVE-2020-9089. |
| The CMP – Coming Soon & Maintenance plugin for WordPress is vulnerable to Information Exposure in versions up to, and including, 4.1.6 via the cmp_get_post_detail function. This can allow unauthenticated individuals to obtain the contents of any non-password-protected, published post or page even when maintenance mode is enabled. |
| Exposure of Sensitive Information to an Unauthorized Actor vulnerability in Ernest Marcinko Ajax Search Lite plugin <= 4.10.3 versions. |
| An issue in alanclarke URLite v.3.1.0 allows an attacker to cause a denial of service (DoS) via a crafted payload to the parsing function. |
| Huawei printers have an input verification vulnerability. Successful exploitation of this vulnerability may cause device service exceptions. (Vulnerability ID: HWPSIRT-2022-80078)
This vulnerability has been assigned a Common Vulnerabilities and Exposures (CVE) ID: CVE-2022-34159. |
| There is an improper input verification vulnerability in Huawei printer product. Successful exploitation of this vulnerability may cause service abnormal. (Vulnerability ID: HWPSIRT-2022-87185)
This vulnerability has been assigned a Common Vulnerabilities and Exposures (CVE) ID: CVE-2022-32204. |
| Avaya IX Workforce Engagement v15.2.7.1195 - User Enumeration - Observable Response Discrepancy |
| ROZCOM server framework - Misconfiguration may allow information disclosure via an unspecified request. |
| A vulnerability was found in wangl1989 mysiteforme 1.0 and classified as critical. Affected by this issue is the function rememberMeManager of the file src/main/java/com/mysiteforme/admin/config/ShiroConfig.java. The manipulation leads to deserialization. The attack may be launched remotely. The exploit has been disclosed to the public and may be used. |
| gost (GO Simple Tunnel) is a simple tunnel written in golang. Sensitive secrets such as passwords, token and API keys should be compared only using a constant-time comparison function. Untrusted input, sourced from a HTTP header, is compared directly with a secret. Since this comparison is not secure, an attacker can mount a side-channel timing attack to guess the password. As a workaround, this can be easily fixed using a constant time comparing function such as `crypto/subtle`'s `ConstantTimeCompare`.
|
| IBM Engineering Lifecycle Optimization - Engineering Insights 7.0.2 and 7.0.3 could allow a remote attacker to obtain sensitive information when a detailed technical error message is returned in the browser. This information could be used in further attacks against the system. |
| Contacts app for Nextcloud easily syncs contacts from various devices with your Nextcloud and allows editing. The unsanitized SVG is converted to a JavaScript blob (in memory data) that the Avatar can't render. Due to this constellation the missing sanitization does not seem to be exploitable. It is recommended that the Contacts app is upgraded to 5.0.3 or 4.2.4
|
| Bluetooth Classic in Bluetooth Core Specification through 5.3 does not properly conceal device information for Bluetooth transceivers in Non-Discoverable mode. By conducting an efficient over-the-air attack, an attacker can fully extract the permanent, unique Bluetooth MAC identifier, along with device capabilities and identifiers, some of which may contain identifying information about the device owner. This additionally allows the attacker to establish a connection to the target device. |
| Minio Console is the UI for MinIO Object Storage. Unicode RIGHT-TO-LEFT OVERRIDE characters can be used to mask the original filename. This issue has been patched in version 0.28.0.
|
| In Sprecher Automation SPRECON-E-C/P/T3 CPU in variant PU244x a vulnerable firmware verification has been identified. Through physical access and hardware manipulation, an attacker might be able to bypass hardware-based code verification and thus inject and execute arbitrary code and gain full access of the device. |
| The <code>Content-Security-Policy-Report-Only</code> header could allow an attacker to leak a child iframe's unredacted URI when interaction with that iframe triggers a redirect. This vulnerability affects Firefox < 110, Thunderbird < 102.8, and Firefox ESR < 102.8. |
| Transient DOS while processing CAG info IE received from NW. |
| Mattermost fails to properly authorize the requests fetching team associated AD/LDAP groups, allowing a user to fetch details of AD/LDAP groups of a team that they are not a member of.
|
