| CVE |
Vendors |
Products |
Updated |
CVSS v3.1 |
| A vulnerability has been found in Surya2Developer Hostel Management Service 1.0 and classified as problematic. Affected by this vulnerability is an unknown functionality of the file /check_availability.php of the component HTTP POST Request Handler. The manipulation of the argument oldpassword leads to observable response discrepancy. The attack can be launched remotely. The complexity of an attack is rather high. The exploitation appears to be difficult. The exploit has been disclosed to the public and may be used. The associated identifier of this vulnerability is VDB-256891. |
| Improper Input Validation vulnerability in multiple CODESYS V3 products allows an authenticated remote attacker to block consecutive logins of a specific type. |
|
Observable Response Discrepancy in SICK FTMg AIR FLOW SENSOR with Partnumbers 1100214, 1100215, 1100216, 1120114, 1120116, 1122524, 1122526 allows a remote attacker
to gain information about valid usernames by analyzing challenge responses from the server via the
REST interface.
|
| An improper input validation in the Qualcom plctool allows a local attacker with low privileges to gain root access by changing the ownership of specific files. |
| An unauthenticated local attacker can perform a privilege escalation due to improper input validation in the OCPP agent service. |
| An unauthenticated remote attacker can perform a log injection due to improper input validation. Only a certain log file is affected.
|
|
Dell Networking Switches running Enterprise SONiC versions 4.1.0, 4.0.5, 3.5.4 and below contains an improper input validation vulnerability. A remote unauthenticated malicious user may exploit this vulnerability and escalate privileges up to the highest administrative level. This is a Critical vulnerability affecting certain protocols, Dell recommends customers to upgrade at the earliest opportunity.
|
| Insertion of Sensitive Information Into Sent Data vulnerability in NotFound WM Options Import Export allows Retrieve Embedded Sensitive Data. This issue affects WM Options Import Export: from n/a through 1.0.1. |
| An Improper Input Validation vulnerability in Juniper Tunnel Driver (jtd) and ICMP module of Juniper Networks Junos OS Evolved allows an unauthenticated attacker within the MPLS administrative domain to send specifically crafted packets to the Routing Engine (RE) to cause a Denial of Service (DoS).
When specifically crafted transit MPLS IPv4 packets are received by the Packet Forwarding Engine (PFE), these packets are internally forwarded to the RE. Continued receipt of these packets may create a sustained Denial of Service (DoS) condition.
This issue affects Juniper Networks Junos OS:
* All versions before 21.2R3-S8-EVO;
* from 21.4-EVO before 21.4R3-S6-EVO;
* from 22.2-EVO before 22.2R3-S4-EVO;
* from 22.3-EVO before 22.3R3-S3-EVO;
* from 22.4-EVO before 22.4R3-EVO;
* from 23.2-EVO before 23.2R2-EVO.
* from 23.4-EVO before 23.4R1-S1-EVO. |
| Windows Win32k Elevation of Privilege Vulnerability |
| Windows Kernel Memory Information Disclosure Vulnerability |
| Microsoft Message Queuing (MSMQ) Remote Code Execution Vulnerability |
| Visual Studio Code Remote Code Execution Vulnerability |
| Raw Image Extension Remote Code Execution Vulnerability |
| Windows Error Reporting Service Elevation of Privilege Vulnerability |
| Microsoft ODBC and OLE DB Remote Code Execution Vulnerability |
| Exposure of Sensitive Information to an Unauthorized Actor vulnerability in HasThemes HT Mega.This issue affects HT Mega: from n/a through 2.4.7.
|
| The GLPI Agent is a generic management agent. A vulnerability that only affects GLPI-Agent installed on windows via MSI packaging can allow a local user to cause denial of agent service by replacing GLPI server url with a wrong url or disabling the service. Additionally, in the case the Deploy task is installed, a local malicious user can trigger privilege escalation configuring a malicious server providing its own deploy task payload. GLPI-Agent 1.7.2 contains a patch for this issue. As a workaround, edit GLPI-Agent related key under `HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\Uninstall` and add `SystemComponent` DWORD value setting it to `1` to hide GLPI-Agent from installed applications. |
| A Server-Side Request Forgery (SSRF) vulnerability has been identified in the Web Services feature of newer
Lexmark devices. |
| Under certain conditions, the memory of SAP GUI
for Windows contains the password used to log on to an SAP system, which might
allow an attacker to get hold of the password and impersonate the affected
user. As a result, it has a high impact on the confidentiality but there is no
impact on the integrity and availability. |
