| CVE |
Vendors |
Products |
Updated |
CVSS v3.1 |
| The secure OS module has configuration defects. Successful exploitation of this vulnerability may affect data confidentiality. |
| The secure OS module has configuration defects. Successful exploitation of this vulnerability may affect data confidentiality. |
| The secure OS module has configuration defects. Successful exploitation of this vulnerability may affect system availability. |
| The secure OS module has configuration defects. Successful exploitation of this vulnerability may affect system availability. |
| The secure OS module has configuration defects. Successful exploitation of this vulnerability may affect data confidentiality. |
| The secure OS module has configuration defects. Successful exploitation of this vulnerability may affect system availability. |
| The secure OS module has configuration defects. Successful exploitation of this vulnerability may affect data confidentiality. |
| The secure OS module has configuration defects. Successful exploitation of this vulnerability may affect data confidentiality. |
| Certain The MPlayer Project products are vulnerable to Buffer Overflow via function play() of libaf/af.c:639. This affects mplayer SVN-r38374-13.0.1 and mencoder SVN-r38374-13.0.1. |
| CSV Injection in Create Contacts in EspoCRM 7.1.8 allows remote authenticated users to run system commands via creating contacts with payloads capable of executing system commands. Admin user exporting contacts in CSV file may end up executing the malicious system commands on his system. |
| EspoCRM version 7.1.8 is vulnerable to Unrestricted File Upload allowing attackers to upload malicious file with any extension to the server. Attacker may execute these malicious files to run unintended code on the server to compromise the server. |
| Dapr Dashboard v0.1.0 through v0.10.0 is vulnerable to Incorrect Access Control that allows attackers to obtain sensitive data. |
| ywoa v6.1 is vulnerable to SQL Injection via backend/oa/visual/exportExcel.do interface. |
| Zaver through 2020-12-15 allows directory traversal via the GET /.. substring. |
| Poppler prior to and including 22.08.0 contains an integer overflow in the JBIG2 decoder (JBIG2Stream::readTextRegionSeg() in JBIGStream.cc). Processing a specially crafted PDF file or JBIG2 image could lead to a crash or the execution of arbitrary code. This is similar to the vulnerability described by CVE-2022-38171 in Xpdf. |
| Zoho ManageEngine OpManager, OpManager Plus, OpManager MSP, Network Configuration Manager, NetFlow Analyzer, and OpUtils before 125658, 126003, 126105, and 126120 allow authenticated users to make database changes that lead to remote code execution in the NMAP feature. |
| The mobile application in Transtek Mojodat FAM (Fixed Asset Management) 2.4.6 allows remote attackers to fetch cleartext passwords upon a successful login request. |
| A vulnerability on Trend Micro HouseCall version 1.62.1.1133 and below could allow a local attacker to escalate privlieges due to an overly permissive folder om the product installer. |
| A leftover debug code vulnerability exists in the httpd shell.cgi functionality of Siretta QUARTZ-GOLD G5.0.1.5-210720-141020. A specially-crafted HTTP request can lead to remote code execution. An attacker can send an HTTP request to trigger this vulnerability. |
| OpenHarmony-v3.1.1 and prior versions have a permission bypass vulnerability. LAN attackers can bypass permission control and get control of camera service. |
