Vulnerability Index: Year 2021

Timing Discrepancy Vulnerability in Intel(R) IPP (Before Version 2020 Update 1) Allows Local Information Disclosure Improper Conditions Check in Intel Ethernet Controllers 800 Series Linux Drivers: Information Disclosure and Denial of Service Vulnerability Information Disclosure Vulnerability in Intel(R) Ethernet Controllers 800 Series Linux Drivers Buffer Overflow Vulnerability in Intel(R) Ethernet Adapters 800 Series Controllers and Associated Adapters Denial of Service Vulnerability in Intel(R) Ethernet Adapters 800 Series Controllers Denial of Service Vulnerability in Intel(R) Ethernet Adapters 800 Series Controllers and Associated Adapters Uncaught Exception Vulnerability in Intel(R) Ethernet Adapters 800 Series Controllers Uncontrolled Resource Consumption Vulnerability in Intel Ethernet Adapters 800 Series Controllers Denial of Service Vulnerability in Intel Ethernet Adapters 800 Series Controllers Intel Graphics Driver Use After Free Vulnerability Denial of Service Vulnerability in Intel(R) EMA (CVE-2021-XXXX) Denial of Service Vulnerability in Intel(R) SPS Privilege Escalation Vulnerability in Intel(R) Computing Improvement Program Firmware Vulnerability in Intel(R) PROSet/Wireless WiFi and Killer(TM) WiFi Allows Information Disclosure via Adjacent Access Buffer Overflow Vulnerability in Intel(R) NUC System Firmware Insecure Inherited Permissions in Intel(R) NUC 9 Extreme Laptop Kit LAN Drivers: Privilege Escalation Vulnerability Insecure Inherited Permissions in Intel(R) NUC M15 Laptop Kit Driver Pack Software: Potential Privilege Escalation Vulnerability Uncontrolled Search Path Vulnerability in Intel(R) NUC M15 Laptop Kit Driver Pack Software Privilege Escalation Vulnerability in Intel(R) NUC M15 Laptop Kit Driver Pack Software Insufficient Compartmentalization Vulnerability in Intel(R) SPS HECI Subsystem Intel Graphics Driver Improper Initialization Vulnerability Escalation of Privilege Vulnerability in Intel Graphics Drivers Denial of Service Vulnerability in Intel(R) PROSet/Wireless WiFi and Killer(TM) WiFi Firmware Insecure Inherited Permissions in Intel(R) PROSet/Wireless WiFi Software Installer for Windows 10: Privilege Escalation Vulnerability Privilege Escalation Vulnerability in Intel(R) PROSet/Wireless WiFi Software Installer Privilege Escalation Vulnerability in Intel(R) PROSet/Wireless Wi-Fi and Killer(TM) Wi-Fi Firmware Vulnerability: Improper Access Control in Intel(R) NUC System Firmware Denial of Service Vulnerability in Intel(R) PROSet/Wireless WiFi and Killer(TM) WiFi Escalation of Privilege Vulnerability in Intel(R) Server Board M10JNP2SB BMC Firmware Vulnerability: Privilege Escalation via Adjacent Access in Intel(R) PROSet/Wireless WiFi Firmware Information Disclosure Vulnerability in Intel(R) PROSet/Wireless Wi-Fi and Killer(TM) Wi-Fi Firmware Privilege Escalation Vulnerability in Intel(R) DSA before version 20.11.50.9 Privilege Escalation Vulnerability in Intel(R) Computing Improvement Program Software Installer Denial of Service Vulnerability in Intel(R) PROSet/Wireless WiFi and Killer(TM) WiFi Firmware Denial of Service Vulnerability in Intel(R) PROSet/Wireless Wi-Fi and Killer(TM) Wi-Fi Firmware Insecure Inherited Permissions in Intel(R) VTune(TM) Profiler Installer: Potential Privilege Escalation Vulnerability Vulnerability: Improper Input Validation in Intel(R) PROSet/Wireless WiFi and Killer(TM) WiFi Software for Windows 10 Denial of Service Vulnerability in Intel(R) PROSet/Wireless WiFi and Killer(TM) WiFi Software for Windows 10 Uncontrolled Search Path Vulnerability in Intel(R) PROSet/Wireless WiFi Installer for Windows 10 Denial of Service Vulnerability in Intel(R) Optane(TM) PMem Privilege Escalation Vulnerability in Intel Ethernet Controllers X722 and 800 Series Linux RDMA Driver Floating-Point Operation Response Discrepancy Vulnerability in Intel(R) Processors Intel(R) Processor Vulnerability: Local Access Information Disclosure via Observable Response Discrepancy Uncontrolled Search Path Element Vulnerability in Intel(R) DSA Firmware Vulnerability in Intel(R) Processors Allows Unauthorized Privilege Escalation Firmware Vulnerability in Intel(R) Processors Allows Local Privileged User to Enable Denial of Service Default Permissions Vulnerability in Intel(R) Processors Firmware: Local Privileged User Denial of Service Exploit Local Privilege Escalation Vulnerability in Intel(R) DSA before version 20.11.50.9 Firmware Vulnerability in Intel(R) Processors Enables Local Denial of Service Authentication Bypass Vulnerability in Intel(R) NUC HDMI Firmware Update Tool for NUC7i3DN, NUC7i5DN, NUC7i7DN Path Traversal Vulnerability in Intel(R) Server Board M10JNP2SB Firmware Improper Access Control in Intel Unite(R) Client for Windows: Local Privilege Escalation Vulnerability Escalation of Privilege Vulnerability in Intel(R) Processors Firmware Privilege Escalation Vulnerability in Intel(R) SSD Data Center Tool Installer Buffer Overflow Vulnerability in Intel(R) Server Board M10JNP2SB BMC Firmware Insecure Inherited Permissions in Intel Unite(R) Client for Windows: Privilege Escalation Vulnerability Privilege Escalation Vulnerability in Intel(R) Processor Firmware Uncontrolled Search Path Element Vulnerability in Intel(R) Rapid Storage Technology Installer Insecure Inherited Permissions in Intel(R) ProSet/Wireless WiFi Drivers: A Potential Gateway for Information Disclosure and Denial of Service Attacks Privilege Escalation Vulnerability in Intel(R) Optane(TM) DC Persistent Memory for Windows Software Unchecked Return Value Vulnerability in Intel(R) Processor Firmware Allows Privilege Escalation via Local Access Uncontrolled Search Path Vulnerability in Intel Unite(R) Client for Windows Insecure Inherited Permissions in Intel(R) SOC Driver Package for STK1A32SC: Privilege Escalation Vulnerability Improper Access Control in Intel Thunderbolt Windows DCH Drivers: Potential Denial of Service Vulnerability Privilege Escalation Vulnerability in Intel(R) Processor Firmware Unquoted Service Path Vulnerability in Intel Unite(R) Client for Windows BMC Firmware Out of Bounds Write Vulnerability in Intel(R) Server Board M10JNP2SB Unchecked Return Value Vulnerability in Intel(R) Processor Firmware: Local Privilege Escalation Critical Buffer Overflow Vulnerability in Intel(R) Processor Firmware Allows Privilege Escalation Escalation of Privilege Vulnerability in Intel(R) Processor Firmware Privilege Escalation Vulnerability in Intel(R) Processor Firmware Intel(R) Processors Firmware Out-of-Bounds Read Vulnerability: Local Privilege Escalation Firmware Vulnerability in Intel(R) Processors Allows Privilege Escalation via Physical Access Denial of Service Vulnerability in Intel Graphics DCH Driver Installer Privilege Escalation Vulnerability in Intel(R) Iris(R) Xe MAX Dedicated Graphics Drivers Installer Firmware Vulnerability in Intel(R) Processors Allows Privilege Escalation via Physical Access Firmware Vulnerability in Intel(R) Processors Allows Privilege Escalation via Physical Access Privilege Escalation Vulnerability in Intel(R) Manageability Commander Denial of Service Vulnerability in Intel(R) Processors: Insufficient Control Flow Management BlueZ Vulnerability: Unauthorized Information Disclosure via Adjacent Access Cryptographically Weak PRNG in Intel(R) Security Library API: Potential Information Disclosure Vulnerability Denial of Service Vulnerability in Intel(R) Security Library API Vulnerability: Key Exchange without Entity Authentication in Intel(R) Security Library Denial of Service Vulnerability in Intel(R) Security Library API Privilege Escalation Vulnerability in Intel(R) Ethernet Diagnostic Driver for Windows Privilege Escalation Vulnerability in Intel(R) Brand Verification Tool Installer Default Variable Initialization Vulnerability in Intel BSSA DFT Feature Intel(R) Processors Vulnerability: Improper Initialization of Shared Resources Enables Local Information Disclosure Intel(R) Processor Test/Debug Logic Activation Vulnerability Denial of Service Vulnerability in Intel Chipset Firmware Power Management Controller (PMC) Log File Information Disclosure Vulnerability in Intel(R) SSD DC Firmware Privilege Escalation Vulnerability in Windows 10 Bluetooth Installers Cryptographic Signature Verification Vulnerability in Windows 10 Bluetooth Installers Vulnerability in Intel(R) Processor BIOS Firmware Allows Local Privilege Escalation BIOS Firmware Vulnerability: Privilege Escalation via Local Access in Intel(R) Processors Unchecked Return Value Vulnerability in Intel(R) Processor BIOS Firmware Firmware Vulnerability in Intel(R) Processors Allows Local Privilege Escalation BIOS Firmware Vulnerability: Privilege Escalation via Insufficient Control Flow Management BIOS Firmware Vulnerability: Privilege Escalation via Local Access in Intel(R) Processors BIOS Authenticated Code Module Vulnerability: Local Privilege Escalation in Intel(R) Processors Uncontrolled Search Path Vulnerability in Intel(R) NUC Pro Chassis Element AverMedia Capture Card Drivers Privilege Escalation Vulnerability in Intel(R) PROSet/Wireless Wi-Fi and Killer(TM) Wi-Fi Firmware Unauthenticated Privilege Escalation Vulnerability in Intel(R) PROSet/Wireless Wi-Fi and Killer(TM) Wi-Fi Software Escalation of Privilege Vulnerability in Intel(R) PROSet/Wireless Wi-Fi and Killer(TM) Wi-Fi Software for Windows 10 and 11 Firmware Vulnerability in Intel(R) PROSet/Wireless Wi-Fi and Killer(TM) Wi-Fi Allows Privilege Escalation via Local Access Denial of Service Vulnerability in Intel(R) PROSet/Wireless Wi-Fi and Killer(TM) Wi-Fi Firmware Privilege Escalation via Local Access in Intel(R) PROSet/Wireless Wi-Fi and Killer(TM) Wi-Fi Firmware Privilege Escalation Vulnerability in Intel(R) PROSet/Wireless Wi-Fi and Killer(TM) Wi-Fi Software for Windows 10 and 11 Privilege Escalation Vulnerability in Intel(R) PROSet/Wireless Wi-Fi and Killer(TM) Wi-Fi Firmware Uncontrolled Search Path Element Vulnerability in Intel(R) PROSet/Wireless Wi-Fi Software for Windows 10 and 11 Information Disclosure Vulnerability in Intel(R) PROSet/Wireless Wi-Fi and Killer(TM) Wi-Fi Firmware Local Access Information Disclosure Vulnerability in Intel(R) PROSet/Wireless Wi-Fi and Killer(TM) Wi-Fi Software Denial of Service Vulnerability in Intel(R) PROSet/Wireless Wi-Fi and Killer(TM) Wi-Fi Firmware Denial of Service Vulnerability in Intel(R) PROSet/Wireless Wi-Fi and Killer(TM) Wi-Fi Vulnerability: Denial of Service via Adjacent Access in Intel(R) PROSet/Wireless Wi-Fi and Killer(TM) Wi-Fi Denial of Service Vulnerability in Intel(R) PROSet/Wireless Wi-Fi and Killer(TM) Wi-Fi Firmware Denial of Service Vulnerability in Intel(R) PROSet/Wireless Wi-Fi and Killer(TM) Wi-Fi Firmware Denial of Service Vulnerability in Intel(R) PROSet/Wireless Wi-Fi and Killer(TM) Wi-Fi Software for Windows 10 and 11 Denial of Service Vulnerability in Intel(R) PROSet/Wireless Wi-Fi and Killer(TM) Wi-Fi Software for Windows 10 and 11 Denial of Service Vulnerability in Intel(R) PROSet/Wireless Wi-Fi and Killer(TM) Wi-Fi Software for Windows 10 and 11 Unauthenticated Privilege Escalation via Uncontrolled Resource Consumption in Intel(R) HAXM Software Unauthenticated User Information Disclosure Vulnerability in Intel(R) HAXM Software Denial of Service Vulnerability in Intel(R) PROSet/Wireless Wi-Fi and Killer(TM) Wi-Fi Privilege Escalation Vulnerability in Intel(R) Server Board M10JNP Firmware Privilege Escalation Vulnerability in Intel(R) SGX SDK Applications on SGX2 Enabled Processors BIOS Firmware Vulnerability: Local Privilege Escalation via Improper Access Control in Intel(R) Processors BIOS Firmware Vulnerability: Pointer Value Return and Privilege Escalation Out-of-Range Pointer Offset Vulnerability in Intel(R) Processor BIOS Firmware Allows Local Privilege Escalation Uncaught Exception in BIOS Firmware: Local Privilege Escalation Vulnerability for Intel(R) Processors Authentication Bypass Vulnerability in Intel(R) In-Band Manageability Software Privilege Escalation via Network Access in Intel(R) In-Band Manageability Software Kernel Mode Driver Vulnerability in Intel(R) NUC 9 Extreme Laptop Kits: Local Privilege Escalation Firmware Vulnerability in Intel Ethernet Network Controller E810: Privileged User Denial of Service Exploit Improper Access Control in Intel Ethernet Network Controller E810 Firmware: Local Denial of Service Vulnerability Denial of Service Vulnerability in Intel(R) Ethernet Network Controller E810 Firmware Escalation of Privilege Vulnerability in Intel Ethernet 700 Series Controllers Firmware Memory Leak Vulnerability in Juniper Networks MX and EX9200 Series Platforms with Trio-based MPC Vulnerability: Ineffective Storm Control Profile on Juniper Networks EX and QFX5K Series Platforms Sensitive Information Disclosure Vulnerability in Juniper Networks Junos OS Delta-Export Configuration Utility (dexp) Vulnerability: Incorrect Matching of IPv6 Prefixes in Juniper Networks MX Series with IDS Configuration NULL Pointer Dereference Vulnerability in Juniper Networks Junos OS with SSL Proxy Configuration Denial of Service (DoS) Vulnerability in Juniper Networks Junos OS Devices Improper Input Validation Vulnerability in Juniper Networks Junos OS RPD Service Uninitialized Pointer Vulnerability in Juniper Networks Junos OS Evolved Privilege Escalation Vulnerability in Juniper Networks Junos OS J-Web BGP FlowSpec Message DoS Vulnerability in Juniper Networks Junos OS and Junos OS Evolved Plaintext Storage of Administrator Credentials in Juniper Networks Contrail Networking Vulnerability in Juniper Networks Junos OS PPMD Daemon Allows for DoS Attacks Memory Leak Vulnerability in Juniper Networks Junos OS Denial of Service (DoS) Vulnerability in Juniper Networks Junos OS on ACX5448 and ACX710 Routers Denial of Service (DoS) Vulnerability in Juniper Networks Junos OS with DHCP Server Command Injection Vulnerability in Juniper Networks Junos OS License-Check Daemon Command Injection Vulnerability in Juniper Networks Junos OS Vulnerability: Junos Space Network Management Platform Credential Exposure EVPN/VXLAN IRB Interface Traffic Loop DoS Vulnerability Denial of Service (DoS) Vulnerability in Juniper Networks Junos OS Local Privilege Escalation Vulnerability in Juniper Networks Junos OS telnetd.real Denial of Service (DoS) Vulnerability in Juniper Networks Junos OS Improper Check for Unusual or Exceptional Conditions in Juniper Networks Junos OS Evolved IPv6 BGP Session Termination Vulnerability on Juniper Networks Junos OS Evolved Devices Denial of Service (DoS) Vulnerability in Juniper Networks Junos OS J-Web on SRX Series Devices Improper Check for Unusual Conditions Vulnerability in Juniper Networks MX Series Platforms with Trio-based MPC in EVPN-VXLAN Configuration Uncontrolled Resource Consumption Vulnerability in Juniper Networks Junos OS MQTT Server Memory Leak Vulnerability in Juniper Networks SRX Series Devices with Link Aggregation (Lag) Configuration Path Traversal Vulnerability in Juniper Networks SRX and vSRX Series Authentication Bypass Vulnerability in Juniper Networks Paragon Active Assurance Control Center Denial of Service (DoS) Vulnerability in Juniper Networks Junos OS ACX500 and ACX4000 Series Improper Initialization Vulnerability on Juniper Networks Junos OS QFX5100-96S Devices Incorrect Permission Scheme Allows Traffic Leakage and Modification on Juniper Networks Junos OS Denial of Service (DoS) Vulnerability in Juniper Networks Junos OS and Junos OS Evolved Juniper Networks Junos OS Layer 2 Circuit Configuration Denial of Service Vulnerability Disk Space Exhaustion Vulnerability in Juniper Networks Junos OS on MX Series BNG Denial of Service (DoS) Vulnerability in Juniper Networks Junos OS Evolved Juniper Networks Junos OS DHCPv6 DoS Vulnerability Juniper Networks Junos OS DHCPv6 Denial of Service Vulnerability Improper Handling of DMA Buffers on Juniper Networks EX4300 Switches: Denial of Service Vulnerability Improper Handling of Unexpected Data in Firewall Policer of Juniper Networks Junos OS on EX4300 Switches Allows Traffic to Exceed Policer Limits, Leading to Limited DoS Vulnerability Race Condition Vulnerability in Juniper Networks Junos OS L2ALD Use of Hard-coded Credentials vulnerability in Juniper Networks Junos OS on Junos Fusion Satellite Devices Incorrect Default Permissions in Juniper Networks Junos OS on SRX1500, SRX4100, SRX4200, SRX4600, SRX5000 Series with SPC2/SPC3 Race Condition Vulnerability in Juniper Networks Junos OS Firewall Process Vulnerability: Hard-coded Credentials in Juniper Networks Junos OS on NFX Series Devices Buffer Overflow Vulnerability in Juniper Networks Junos OS on SRX Series Devices with UTM Services Juniper Networks Junos OS BGP Update Message DoS Vulnerability NULL Pointer Dereference Vulnerability in Juniper Networks Junos OS on MX Series with MS-PIC, MS-SPC3, MS-MIC or MS-MPC Local Code Execution Vulnerability in Juniper Networks Junos OS on NFX Series Devices via JDMD Process Local Command Execution Vulnerability in Juniper Networks Junos OS on NFX Series Devices Buffer Overflow Vulnerability in Juniper Networks Junos OS Overlayd Service Local Privilege Escalation Vulnerability in ethtraceroute of Juniper Networks Junos OS Sensitive Information Disclosure Vulnerability in Juniper Networks Junos OS Mosquitto Message Broker Memory Leak Vulnerability in Juniper Networks MX and EX9200 Series Platforms Vulnerability in TCPv6 Forwarding on Juniper Networks Junos OS Vulnerability in DDoS Protection on Juniper Networks QFX5K Series Switches Improper Authorization Vulnerability in Juniper Networks Junos OS SNMP Daemon Title: High-Volume Request DoS Vulnerability in Juniper Networks Junos OS Use After Free Vulnerability in PFE Packet Processing on Juniper Networks QFX10002-60C Switching Platform Data Processing Vulnerability in Multi-Service Process on Juniper Networks Junos OS on PTX Series Routers Leading to Denial of Service (DoS) Denial of Service (DoS) Vulnerability in Juniper Networks Junos OS and Junos OS Evolved Unvalidated REST API in Juniper Networks AppFormix Agent Allows Remote Root Command Execution Multiple Hard-Coded Cryptographic Keys Vulnerability in Juniper Networks Junos OS on cSRX Series Denial of Service (DoS) Vulnerability in JDHCPD's DHCP Relay Agent of Juniper Networks Junos OS HTTP Response Splitting Vulnerability in Juniper Networks Junos OS J-Web Client-Side Parameter Vulnerability in Juniper Networks Junos OS Use After Free Vulnerability in Juniper Networks Junos OS on PTX and QFX10k Series Devices Double Free Vulnerability in Juniper Networks Junos OS on EX Series Devices Kernel Memory Leak Vulnerability in Juniper Networks Junos OS on QFX10002-32Q, QFX10002-60C, QFX10002-72Q, QFX10008, QFX10016 Devices Vulnerability: Denial of Service (DoS) via Infinite Loop in Juniper Networks Junos OS and Junos OS Evolved Cross-site Scripting (XSS) Vulnerability in J-Web on Juniper Networks Junos OS Allows Session Hijacking Stack-based Buffer Overflow Vulnerability in Juniper Networks SBR Carrier with EAP Authentication: DoS and RCE Out-of-bounds Read Vulnerability in Juniper Networks Junos OS and Junos OS Evolved Privilege Escalation Vulnerability in J-Web of Juniper Networks Junos OS Hardcoded Credentials in Juniper Networks Contrail Cloud RabbitMQ Service Improper Initialization Vulnerability in Juniper Networks Junos OS on PTX Platforms and QFX10K Series with Paradise (PE) Chipset-based Line Cards Juniper Networks Junos OS BGP Origin Validation RPD Crash Vulnerability Juniper Networks Junos OS BGP UPDATE Message Denial of Service Vulnerability Buffer Overflow Vulnerability in Juniper Networks Junos OS TCP/IP Stack Buffer Overflow Vulnerability in Juniper Networks Junos OS TCP/IP Stack Allows DoS Attack Uncontrolled Resource Consumption Vulnerability in Juniper Networks Junos OS on QFX5000 and EX4600 Series Switches Denial of Service (DoS) Vulnerability in Juniper Networks Junos OS Evolved (EVO) Segment Routing ISIS (SR-ISIS)/MPLS Link Flap DoS Vulnerability Denial of Service (DoS) Vulnerability in Juniper Networks Junos OS on MX Series and EX9200 Series Devices with Trio-based MPCs TOCTOU Race Condition Vulnerability in Juniper Networks Junos OS ARP Policer Denial of Service (DoS) Vulnerability in Juniper Networks Junos OS Ethernet Interface Frame Processing Exposure of System Data Vulnerability in Juniper Networks Junos OS and Junos OS Evolved Uncontrolled Resource Consumption Vulnerability in Juniper Networks Junos OS Evolved ARP Daemon and Network Discovery Protocol Memory Leak Vulnerability in Juniper Networks Junos OS Vulnerability in Juniper Networks Junos OS 18.4R2-S5: Inconsistent Implementation of Storm Control Enhanced Function DVMRP Packet Forwarding Loop Vulnerability in Juniper Networks Junos OS on QFX10K Series Switches Vulnerability: Lack of HTTP Strict Transport Security (HSTS) in Juniper Networks CTPView Server TCP MD5 Authentication Bypass Vulnerability in Juniper Networks Junos OS Evolved Race Condition Vulnerability in 'show chassis pic' Command in Juniper Networks Junos OS Evolved IPv6 Malformed Packet Handling Vulnerability in Juniper Networks Junos OS Android SoC Out of Bounds Write Vulnerability Tapjacking Vulnerability in PackageInstaller Allows Local Privilege Escalation Race condition vulnerability in dispatchGraphTerminationMessage() of StreamSetObserver.cpp in Android-11 allows for local privilege escalation Unsafe PendingIntent in GlobalScreenshot.java allows for permission bypass and local information disclosure Tapjacking Vulnerability in PackageInstaller Allows Local Privilege Escalation Possible Permissions Bypass Vulnerability in addAllPermissions of PermissionManagerService.java Automatic Runtime Permission Grant Vulnerability in PermissionManagerService Out of Bounds Write Vulnerability in ReadLogicalParts of basicmbr.cc Confused Deputy Vulnerability in grantCredentialsPermissionActivity Use-after-free vulnerability in LazyServiceRegistrar of LazyServiceRegistrar.cpp in Android-11 allows for local privilege escalation without additional execution privileges. Out-of-bounds Write Vulnerability in ElementaryStreamQueue::dequeueAccessUnitH264() of ESQueue.cpp Integer Overflow Vulnerability in WAVSource::read of WAVExtractor.cpp TextView Denial of Service Vulnerability Uninformed Uninstallation Vulnerability in UninstallerActivity Tapjacking/Overlay Attack Vulnerability in GrantCredentialsPermissionActivity Out-of-bounds Write Vulnerability in avrc_pars_vendor_cmd of avrc_pars_tg.cc Possible Local Privilege Escalation in Permission.java and Related Code (Android-10, Android-11, Android-8.0, Android-8.1, Android-9) Use-after-free vulnerability in appendEventsToCacheLocked in SensorEventConnection.cpp allows for local privilege escalation without additional execution privileges needed Bluetooth MAC Address Disclosure Vulnerability Race condition vulnerability allows bypass of lockscreen requirements for keyguard bound keys in Android Side Channel Information Disclosure in enforceDumpPermissionForPackage of ActivityManagerService.java Misleading String Display Vulnerability in SlicePermissionActivity.java Title: Android SoC Vulnerability (A-175402462) Heap Buffer Overflow in ih264d_parse_pslice of ih264d_parse_pslice.c Allows Remote Code Execution on Android Out-of-bounds Write Vulnerability in p2p_copy_client_info of Android's Wi-Fi Direct Search Possible Permission Bypass in getContentProviderImpl of ActivityManagerService.java Missing Permission Check in GattService.java Allows Unauthorized Retrieval of Bluetooth Scan Results Out of Bounds Write Vulnerability in AdvertiseManager.java Use-after-free vulnerability in add_user_ce and remove_user_ce functions of storaged.cpp in Android allows for local privilege escalation. Insecure Default Value in NotificationAccessConfirmationActivity Allows for Overlay Attack Possible Use After Free Vulnerability in bootFinished of SurfaceFlinger.cpp Bluetooth Permission Bypass via Tapjacking Overlay Arbitrary Domain Default Handler Bypass Vulnerability in ResolverActivity.java Out of Bounds Write Vulnerability in C2SoftHevcDec.cpp Leads to Remote Information Disclosure BluetoothPermissionRequest: Mutable PendingIntent Vulnerability Possible File Exposure Due to Stale Metadata in moveInMediaStore of FileSystemProvider.java Missing Bounds Checks in SystemSettingsValidators: A Potential Permanent Denial of Service Vulnerability in Android Foreground App Overlay Vulnerability Possible Information Disclosure in IsoInterface.java's parseNextBox Method Improper Crypto Usage in verifyHostName of OkHostnameVerifier.java Allows for Remote Information Disclosure Memory Corruption Vulnerability in tun_get_user of tun.c Android-11 Out of Bounds Write Vulnerability with Local Privilege Escalation Memory Corruption Vulnerability in mtkpower Allows Local Privilege Escalation Possible Privilege Escalation Vulnerability in Android-10 and Android-11 (Patch ID: ALPS05432974) Out of Bounds Write Vulnerability in Android-10 and Android-11 (ALPS05371580) Possible Out of Bounds Read Vulnerability in Android Out of Bounds Write Vulnerability in Android VPU Use-after-free vulnerability in Android Display Driver allows for local privilege escalation Improper Input Validation Vulnerability in Android OS (ALPS05342338) Remote Denial of Service Vulnerability in Android WLAN Driver Memory Corruption Vulnerability in RT Regmap Driver Heap Buffer Overflow Vulnerability in Android-11 (ALPS05425247) Integer Overflow Vulnerability in Android (ALPS05431161) Integer Overflow Vulnerability in Android-11 Allows Local Privilege Escalation Command Injection Vulnerability in netdiag on Android 10 and 11 Out of Bounds Write Vulnerability in netdiag on Android Command Injection Vulnerability in netdiag on Android 10 and 11 Out of Bounds Write Vulnerability in netdiag on Android Out of Bounds Write Vulnerability in netdiag on Android Possible Out of Bounds Read Vulnerability in Android-11 (ALPS05449968) Stack Buffer Overflow Vulnerability in Android-11 (ALPS05457070) Command Injection Vulnerability in mobile_log_d Command Injection Vulnerability in mobile_log_d Use-after-free vulnerability in Android Display Driver allows for local privilege escalation Race condition vulnerability in vpu leading to local privilege escalation Race condition vulnerability in vpu leading to local privilege escalation Out of Bounds Read Vulnerability in oggpack_look of bitwise.c Improper Display of INTERACT_ACROSS_PROFILES Grant State in Android-11 Out of Bounds Write Vulnerability in NxpMfcReader.cc Out-of-Bounds Read Vulnerability in nci_proc_rf_management_ntf of nci_hrcv.cc Possible Permission Bypass in getMediaOutputSliceAction of RemoteMediaSlice.java Possible Out of Bounds Read in BnAudioPolicyService::onTransact of IAudioPolicyService.cpp Insecure Default Value in onPackageModified of VoiceInteractionManagerService.java Allows Local Privilege Escalation Potential Local Privilege Escalation via Permissions Bypass in MediaProvider.java Untrusted Input Validation Vulnerability in DeltaPerformer::Write of delta_performer.cc Heap Buffer Overflow in getNbits of pvmp3_getbits.cpp Heap Buffer Overflow in getUpTo17bits of pvmp3_getbits.cpp Unauthenticated Privilege Escalation in onReceive of DcTracker.java Potential Permission Bypass in DeviceStorageMonitorService.java's updateNotifications() Method Incorrect Permission Check in checkSlicePermission of SliceManagerService.java Allows for Local Information Disclosure Confused Deputy Vulnerability in CaptivePortalLoginActivity.java Allows Local Privilege Escalation Untrusted WiFi Network Connection Vulnerability in ConnectToNetworkNotificationBuilder Insecure Default Value in onCreate of UsbConfirmActivity Allows for Tapjacking Vulnerability Race Condition Vulnerability in FindQuotaDeviceForUuid of QuotaUtils.cpp Incorrect Broadcast Handler in onReceive of ImsPhoneCallTracker.java Allows Misattribution of Data Usage Missing Permission Check in setNightModeActivated of UiModeManagerService.java Allows Local Privilege Escalation Missing Permission Check in WifiNetworkSuggestionsManager.java Allows Local Privilege Escalation Account Existence Disclosure Vulnerability in ChooseTypeAndAccountActivity Double Free Vulnerability in main.cpp Allows for Local Privilege Escalation on Android Integer Overflow Vulnerability in Scanner::LiteralBuffer::NewCapacity of scanner.cc Out of Bounds Read Vulnerability in android_os_Parcel_readString8 of android_os_Parcel.cpp Use-after-free vulnerability in StopServicesAndLogViolations in reboot.cpp allows for local privilege escalation in Android 11 (A-170315126) Out-of-Bounds Write Vulnerability in Builtins::Generate_ArgumentsAdaptorTrampoline Double Free Vulnerability in sdp_copy_raw_data of sdp_discovery.cc Possible foreground service launch vulnerability in bindServiceLocked of ActiveServices.java Memory Corruption Vulnerability in qtaguid_untag of xt_qtaguid.c Improper Input Validation in GnssLocationProvider.java Leads to Incorrect Reporting of Location Data to Emergency Services Race condition vulnerability in Android-10 and Android-11 allows for local privilege escalation JPEG Out of Bounds Write Vulnerability in Android 11 Netdiag Vulnerability: Local Information Disclosure in Android-11 (ALPS05475124) Possible Information Disclosure Vulnerability in Android-11 (ALPS05457039) Out of Bounds Write Vulnerability in Android-10 and Android-11 (ALPS05466547) Out of Bounds Write Vulnerability in cameraisp Out of Bounds Write Vulnerability in clk Driver ASF Extractor Out of Bounds Read Vulnerability Out of Bounds Read Vulnerability in FLV Extractor Out of Bounds Read Vulnerability in FLV Extractor Integer Overflow Vulnerability in FLV Extractor Allows for Local Information Disclosure Out of Bounds Read Vulnerability in FLV Extractor Out of Bounds Read Vulnerability in FLV Extractor Heap Buffer Overflow in FLV Extractor: Local Information Disclosure Vulnerability Missing Permission Check in Memory Management Driver Allows Local Information Disclosure Memory Management Driver Vulnerability: Local Denial of Service Exploit Memory Management Driver Vulnerability: Local Denial of Service Exploit Memory Management Driver Vulnerability: Local Denial of Service Exploit Memory Management Driver Vulnerability: Local Denial of Service Exploit Memory Management Driver Vulnerability: Local Denial of Service via Missing Bounds Check Memory Management Driver Vulnerability: Local Information Disclosure without User Interaction Memory Management Driver Vulnerability: Local Denial of Service via Missing Bounds Check Uninitialized Data Information Disclosure Vulnerability in Memory Management Driver Memory Management Driver Vulnerability: Local Denial of Service via Missing Bounds Check Memory Management Driver Vulnerability: Side Channel Information Disclosure Heap Buffer Overflow in parsePrimaryFieldFirstUidAnnotation of LogEvent.cpp Heap Buffer Overflow in parseExclusiveStateAnnotation of LogEvent.cpp Missing Permission Check in getSimSerialNumber of TelephonyManager.java Allows for Local Information Disclosure Use-after-free vulnerability in pollOnce of ALooper.cpp allows for local privilege escalation without additional execution privileges needed Out-of-bounds Write Vulnerability in rw_mfc_handle_read_op of rw_mfc.cc Out-of-bounds Read Vulnerability in avrc_msg_cback of avrc_api.cc Race Condition in ClearPullerCacheIfNecessary and ForceClearPullerCache of StatsPullerManager.cpp Allows for Local Privilege Escalation Potential Bluetooth Pairing Vulnerability in DeviceChooserActivity.java Insufficient Information in Bluetooth Permission Request Dialog Allows Phishing Attack Possible Heap Data Leak in avrc_proc_vendor_command of avrc_api.cc Integer Overflow Vulnerability in CryptoPlugin::decrypt of CryptoPlugin.cpp Double Free Vulnerability in setPlayPolicy of DrmPlugin.cpp Tapjacking Vulnerability in Android InputDispatcher and WindowManagerService Out-of-Bounds Write Vulnerability in setPowerModeWithHandle of PowerManagerService Confusing UI in PermissionActivity.java allows for local privilege escalation without additional execution privileges (Android-11, A-174495520) Use-after-free vulnerability in updateInfo of android_hardware_input_InputApplicationHandle.cpp allows for local privilege escalation without additional execution privileges needed Race condition vulnerability in ScreenshotHelper.java allows for local information disclosure across user profiles Unnecessary Intent Return in onActivityResult of QuickContactActivity.java Allows for Local Information Disclosure Confused Deputy Vulnerability in WelcomeActivity.java Allows Local Privilege Escalation Tapjacking/Overlay Attack Vulnerability in ImportVCardActivity Uninitialized Data Vulnerability in Titan M Chip Firmware Allows Local Information Disclosure Uninitialized Data Vulnerability in Titan M Chip Firmware Allows Local Information Disclosure Uninitialized Data Vulnerability in Titan M Chip Firmware Allows Local Information Disclosure Uninitialized Data in Titan M Chip Firmware: Local Information Disclosure Vulnerability Uninitialized Data in Titan-M Chip Firmware Leads to Local Information Disclosure Out of Bounds Write Vulnerability in Citadel Chip Firmware Allows Local Privilege Escalation Out of Bounds Write Vulnerability in Citadel Chip Firmware Allows Local Privilege Escalation Out of Bounds Write Vulnerability in Citadel Chip Firmware Allows Local Privilege Escalation Heap Buffer Overflow in FingerTipS Touch Screen Driver Allows for Local Privilege Escalation Integer Overflow Vulnerability in FingerTipS Touch Screen Driver Out-of-bounds Read Vulnerability in fts_driver_test_write of fts_proc.c Integer Overflow Vulnerability in FingerTipS Touch Screen Driver Out of Bounds Write Vulnerability in iaxxx_core_sensor_change_state of iaxxx-module.c Possible Insecure Firmware Update Vulnerability in NXP NFC Firmware Possible Out of Bounds Read Vulnerability in convertToHidl of convert.cpp Heap Buffer Overflow in sound_trigger_event_alloc of platform.h Out-of-bounds Write Vulnerability in GenerateFaceMask of face.cc Possible identifier leakage in startIpClient of ClientModeImpl.java in Android-10 Chromecast BootROM Out of Bounds Write Vulnerability Insecure Default Value Allows Local Privilege Escalation in Android SoC Integer Overflow Vulnerability in decrypt_1_2 of CryptoPlugin.cpp Vulnerability: App Pinning Bypass in shouldLockKeyguard of LockTaskController.java Double Free Vulnerability in rw_t3t_process_error of rw_t3t.cc Allows Remote Code Execution over NFC Heap Buffer Overflow in avrc_msg_cback of avrc_api.cc Allows Remote Code Execution Use-after-free vulnerability in on_l2cap_data_ind of btif_sock_l2cap.cc allows for remote code execution over Bluetooth in Android Race Condition Use-After-Free Vulnerability in FindOrCreatePeer of btif_av.cc Possible permission bypass in notifyScreenshotError of ScreenshotNotificationsController.java Possible Permission Bypass in updateDrawable of StatusBarIconView.java Sensitive Identifier Disclosure in createPendingIntent of SnoozeHelper.java Unauthorized File Access Vulnerability in EditUserPhotoController's onActivityResult Use-after-free vulnerability in BinderDiedCallback of MediaCodec.cpp allows for local privilege escalation Race condition vulnerability in AAudioService allows for local privilege escalation (Android-10 and Android-11) Uninitialized Heap Data Read Vulnerability in readVector of IMediaPlayer.cpp Possible Privilege Escalation in getMinimalSize of PipBoundsAlgorithm.java Potential Local Privilege Escalation via Permissions Bypass in Android Possible Tapjacking/Overlay Attack in CalendarDebugActivity.java Allows Unauthorized Export of Calendar Data Out of Bounds Write Vulnerability in pb_encode.c (Android Kernel) Out of Bounds Write Vulnerability in Android SoC Memory Management Driver Out of Bounds Write Vulnerability in Android SoC Memory Management Driver Missing Permission Check in Android SoC Memory Management Driver Allows Local Privilege Escalation Out of Bounds Write Vulnerability in Android SoC Memory Management Driver Out of Bounds Write Vulnerability in Android SoC Memory Management Driver Integer Overflow Vulnerability in Android SoC Memory Management Driver Uninitialized Data Out-of-Bounds Write Vulnerability in Android Memory Management Driver Use-after-free vulnerability in Android SoC memory management driver allows for local privilege escalation Use-after-free vulnerability in Android SoC memory management driver allows for local privilege escalation Double Free Vulnerability in Android SoC Memory Management Driver Out-of-Bounds Read Vulnerability in avrc_pars_browse_rsp of avrc_pars_ct.cc Missing Permission Check Allows Local Privilege Escalation in Android-11 VPN Tapjacking/Overlay Attack Vulnerability in ActivityPicker.java Out of Bounds Write Vulnerability in btif_rc.cc Allows Remote Code Execution over Bluetooth Race Condition Use After Free Vulnerability in DrmPlugin.cpp Race condition vulnerability in CryptoPlugin.cpp allows for local privilege escalation Integer Overflow Vulnerability in CryptoPlugin.cpp Allows for Local Privilege Escalation Improper Input Validation in Dex2oat.cc Allows Bytecode Injection and Local Privilege Escalation Heap Buffer Overflow in hid-input.c Allows Local Privilege Escalation Permission Bypass in deleteNotificationChannel and Related Functions of NotificationManagerService.java Race condition vulnerability in V8 library allows for remote code execution in Android Out of Bounds Write Vulnerability in Factory::CreateStrictFunctionMap of factory.cc Use-after-free vulnerability in p2p_process_prov_disc_req of p2p_pd.c allows for remote privilege escalation Incorrect Network State Determination in ConnectivityService.java Could Lead to Remote Information Disclosure Android Wi-Fi Vulnerability: Location-Sensitive Data Leak without User Interaction Heap Buffer Overflow in BITSTREAM_FLUSH of ih264e_bitstream.h Race Condition Vulnerability in MemoryFileSystem.cpp Allows for Local Privilege Escalation Information Disclosure Vulnerability in PackageManagerService's getAllPackages Method Out-of-Bounds Read Vulnerability in ConnectionHandler::SdpCb of connection_handler.cc Potential Wi-Fi Scanning Consent Bypass Vulnerability in WifiScanModeActivity.java Side Channel Information Disclosure in isServiceDistractionOptimized of CarPackageManagerService.java Use-after-free vulnerability in Android SoC memory management driver allows for local privilege escalation Uninitialized Data Out-of-Bounds Write Vulnerability in Android Memory Management Driver Use-after-free vulnerability in Android SoC memory management driver allows for local privilege escalation Double Free Vulnerability in Android SoC Memory Management Driver Improper Locking in Android SoC Memory Management Driver Allows Local Privilege Escalation Uninitialized Data Out-of-Bounds Write Vulnerability in Android Memory Management Driver Use-after-free vulnerability in Android SoC memory management driver allows for local privilege escalation Race condition vulnerability in Android SoC memory management driver allows for local privilege escalation Race condition vulnerability in Android SoC memory management driver allows for local privilege escalation Insecure Default Broadcast Protection in DeviceAdminReceiver.java Allows Local Privilege Escalation Memory Corruption Vulnerability in wpas_ctrl_msg_queue_timeout of ctrl_iface_unix.c Local Privilege Escalation Vulnerability in WiFiInstaller's dropFile Method Possible Hotspot 2.0 Configuration Installation Vulnerability in WiFiInstaller.java Possible Tapjacking/Overlay Attack in Emergency Callback Mode Exit Dialog (Android-11) Unauthenticated Archive Message Conversation Vulnerability in MmsService.java Out of Bounds Write Vulnerability in halWrapperDataCallback of hal_wrapper.cc Out of Bounds Read Vulnerability in phNxpNciHal_ext_process_nfc_init_rsp of phNxpNciHal_ext.cc Missing Permission Check in updateNotification of BeamTransferManager.java Allows Local Information Disclosure of Paired Bluetooth Addresses Integer Overflow Vulnerability in phNxpNciHal_process_ext_rsp of phNxpNciHal_ext.cc Out-of-bounds Write Vulnerability in phNxpNciHal_print_res_status of phNxpNciHal.cc Out of Bounds Write Vulnerability in phNxpNciHal_print_res_status of phNxpNciHal.cc Out of Bounds Write Vulnerability in phNxpNciHal_print_res_status of phNxpNciHal.cc Missing Permission Check in onReceive of NetInitiatedActivity.java Allows for Local Privilege Escalation Out of Bounds Write Vulnerability in rw_i93_send_to_lower of rw_i93.cc Possible Bluetooth MAC Address Leak in sspRequestCallback of BondStateMachine.java Potential Local Escalation of Privilege Vulnerability in AnnotateActivity.java Remote Denial of Service Vulnerability in MediaControlPanel.java Possible Permission Bypass in getEndItemSliceAction of MediaOutputSlice.java Possible Bypass of Device Admin Settings in AppSwitchPreference.java leading to Local Privilege Escalation Missing Permission Check in isBackupServiceActive of BackupManagerService.java Allows Local Information Disclosure Null Pointer Dereference in RenderStruct of protostream_objectsource.cc Heap Buffer Overflow in getBlockSum of fastcodemb.cpp in Android-11 (A-172716941) Integer Overflow in setRange of ABuffer.cpp Allows for Remote Code Execution Heap Buffer Overflow in fillMainDataBuf of pvmp3_framedecoder.cpp Out of Bounds Read Vulnerability in Lag_max of p_ol_wgh.cpp Out-of-bounds Write Vulnerability in append_to_verify_fifo_interleaved_ of stream_encoder.c Out-of-bounds Read Vulnerability in RasterIntraUpdate of motion_est.cpp Heap Buffer Overflow in ih264e_fmt_conv_422i_to_420sp of ih264e_fmt_conv.c Race condition vulnerability in CryptoPlugin.cpp allows for use-after-free and local privilege escalation in Android Race Condition in wrapUserThread of AudioStream.cpp Allows for Local Privilege Escalation Possible Out of Bounds Read in accessAudioHalPidscpp of TimeCheck.cpp Font File Injection Vulnerability in RemoteViews.isRestricted() Method Potential Local Privilege Escalation in DevicePolicyManagerService's onReceive Method Tapjacking/Overlay Vulnerability in ContactsDumpActivity.java Allows for Local Information Disclosure Possible Permission Bypass in sendBugreportNotification of BugreportProgressService.java Possible Permissions Bypass Vulnerability in ActivityTaskManagerService and AppTaskImpl Potential Permission Bypass in AccountManagerService's doNotification Method Out of Bounds Write Vulnerability in ASF Extractor Allows Local Privilege Escalation Out of Bounds Write Vulnerability in ASF Extractor Allows Local Privilege Escalation Out of Bounds Write Vulnerability in Android FLV Extractor Heap Buffer Overflow in FLV Extractor Allows Local Privilege Escalation on Android Android WiFi Driver Out of Bounds Read Vulnerability Android WiFi Driver Out of Bounds Read Vulnerability Android WiFi Driver Out of Bounds Read Vulnerability Android WiFi Driver Out of Bounds Read Vulnerability Android WiFi Driver Out of Bounds Read Vulnerability Possible Bluetooth Pairing Dialog Tapjacking Vulnerability Out-of-bounds Read Vulnerability in Parcel.cpp's verifyBufferObject Out-of-bounds Write Vulnerability in MessageQueueBase.h Bluetooth Device Picker Tapjacking Vulnerability Out of Bounds Write Vulnerability in StreamOut::prepareForWriting of StreamOut.cpp Possible SMS Disclosure Vulnerability in MceStateMachine.java Out-of-bounds Write Vulnerability in BTM_TryAllocateSCN of btm_scn.cc Potential Information Disclosure Vulnerability in sendNetworkConditionsBroadcast of NetworkMonitor.java Privileged Broadcast Receiver Invocation Vulnerability in BluetoothPermissionActivity.java WideVine Vulnerability: Out of Bounds Write Leading to Remote Code Execution Privileged Broadcast Receiver Invocation Vulnerability in sendDevicePickedIntent of DevicePickerFragment.java Remote Bypass of User Consent in ConfirmConnectActivity: NFC Escalation of Privilege Vulnerability Work Profile PIN Bypass Vulnerability in RootWindowContainer Out of Bounds Read Vulnerability in phNciNfc_RecvMfResp of phNxpExtns_MifareStd.cpp SIP Account Name Disclosure Vulnerability in SipService.java Possible Bluetooth Device Pairing Vulnerability in ConfirmConnectActivity Sensitive Identifier Disclosure via Broadcasted Intent in NotificationRecord.java Improper Input Validation in DeviceAdminAdd.java Allows for Unauthorized Device Admin Activation Double Free Out-of-Bounds Write Vulnerability in encodeFrames of avc_enc_fuzzer.cpp Potential Local Privilege Escalation in WifiNetworkDetailsFragment.java Possible Tapjacking/Overlay Vulnerability in ContactSelectionActivity.java Allows Unauthorized Access to Contacts BluetoothOppSendFileInfo.java: Potential Local Information Disclosure via Confused Deputy Vulnerability Out-of-bounds Read Vulnerability in pfkey_dump of af_key.c Use-after-free vulnerability in drm_syncobj_handle_to_fd in drm_syncobj.c allows local users to gain privileges via a crafted application. Missing Bounds Check in iaxxx_calc_i2s_div of iaxxx-codec.c Allows Local Privilege Escalation Arbitrary Activity Launch Vulnerability in handleAppLaunch of AppLaunchActivity.java Integer Overflow Vulnerability in Memory Management Driver Possible Memory Corruption Vulnerability in m4u with Use After Free Possible Memory Corruption Vulnerability in m4u with Use After Free ASF Extractor Out of Bounds Read Vulnerability ASF Extractor Out of Bounds Read Vulnerability Integer Overflow Vulnerability in FLV Extractor Allows for Local Information Disclosure Heap Buffer Overflow in Ape Extractor: Local Information Disclosure Vulnerability Heap Buffer Overflow in Ape Extractor: Local Information Disclosure Vulnerability Heap Buffer Overflow in Ape Extractor: Local Information Disclosure Vulnerability Possible Out of Bounds Read Vulnerability in Ape Extractor Heap Buffer Overflow in ASF Extractor: Local Information Disclosure without User Interaction Integer Overflow Vulnerability in ASF Extractor Allows Local Information Disclosure Heap Buffer Overflow in ASF Extractor: Local Information Disclosure without User Interaction Integer Overflow Vulnerability in ASF Extractor Allows Local Information Disclosure Heap Buffer Overflow in FLV Extractor: Local Information Disclosure Vulnerability Possible Memory Corruption Vulnerability in CCU with Improper Locking Potential Out of Bounds Write Vulnerability in ged (Patch ID: ALPS05687510; Issue ID: ALPS05687510) Integer Overflow Vulnerability in OMA DRM Allows Local Privilege Escalation Memory Corruption Vulnerability in OMA DRM Allows Local Privilege Escalation Use-after-free vulnerability in mdlactl driver allows for local privilege escalation Critical Vulnerability in WiFi Driver Allows Remote Denial of Service Attack Critical Vulnerability in WiFi Driver Allows Remote Denial of Service Attack Remote Information Disclosure Vulnerability in WiFi Driver Out of Bounds Write Vulnerability in Display Driver Uninitialized Data Memory Corruption Vulnerability in Display Driver Memory Corruption Vulnerability in Android-10 FLV File Extraction Memory Corruption Vulnerability in Android-10 (A-189392423) Local Information Disclosure Vulnerability in libl3oemcrypto.cpp Out-of-bounds Write Vulnerability in StatsdStats.cpp Missing Permission Check in getAvailableSubscriptionInfoList of SubscriptionController.java Allows Local Information Disclosure Missing Permission Check in onResume of VoicemailSettingsFragment.java Allows for Unauthorized Retrieval of Trackable Identifier Missing Permission Check in getAllSubInfoList of SubscriptionController.java Allows Unauthorized Retrieval of Long-Term Identifier Missing Permission Check in SubscriptionController.java Allows for Local Information Disclosure Possible Permissions Bypass in shouldBlockFromTree of ExternalStorageProvider.java Out-of-Bounds Write Vulnerability in sqlite3_str_vappendf of sqlite3.c Possible VPN Profile Reset Vulnerability in stopVpnProfile of Vpn.java Out-of-bounds Read Vulnerability in WT_InterpolateNoLoop of eas_wtengine.c Denial of Service Vulnerability in PackageItemInfo.java's loadLabel Method Memory Corruption Vulnerability in VectorDrawable::VectorDrawable Missing Permission Check in enqueueNotification of NetworkPolicyManagerService.java Allows for Local Information Disclosure Potential Local Information Disclosure Vulnerability in isRealSnapshot of TaskThumbnailView.java Memory Corruption Vulnerability in mdlactl Driver Use-after-free vulnerability in edma driver allows for local privilege escalation Stack-based Buffer Overflow in apusys: Local Privilege Escalation Vulnerability Possible Out of Bounds Write Vulnerability in apusys Possible Out of Bounds Read Vulnerability in apusys Possible Out of Bounds Read Vulnerability in CCU with Incorrect Error Handling Audio DSP Out of Bounds Write Vulnerability Audio DSP Out of Bounds Write Vulnerability Audio DSP Out of Bounds Write Vulnerability Possible Memory Corruption Vulnerability in CCU: Local Privilege Escalation without User Interaction Possible Out of Bounds Read Vulnerability in apusys Possible Out of Bounds Read Vulnerability in apusys Possible Memory Corruption Vulnerability in apusys: Local Privilege Escalation via Use After Free Possible Memory Corruption Vulnerability in apusys Possible Memory Corruption Vulnerability in apusys: Local Privilege Escalation via Use After Free Possible Memory Corruption Vulnerability in apusys: Local Privilege Escalation via Use After Free Possible Memory Corruption Vulnerability in apusys Missing Permission Check in Browser App Allows Local Information Disclosure Possible Permission Bypass in Audio Aurisys HAL Allows Local Privilege Escalation Out of Bounds Read Vulnerability in ALAC Decoder Allows Local Information Disclosure Out of Bounds Write Vulnerability in ALAC Decoder Allows Local Privilege Escalation Possible Out of Bounds Read Vulnerability in GenieZone Driver Integer Overflow Vulnerability in CCU Driver Allows for Local Information Disclosure Possible Out of Bounds Write Vulnerability in apusys Possible Memory Corruption Vulnerability in apusys Missing Permission Check in System Properties Leading to Local Information Disclosure Missing Permission Check in System Properties Leading to Local Information Disclosure in Android SoC (A-192535337) Missing Permission Check in sendAccessibilityEvent of NotificationManagerService.java Local Privilege Escalation via Confused Deputy in runTraceIpcStop of ActivityManagerShellCommand.java Out of Bounds Write Vulnerability in TouchInputMapper::sync of Android Parcel Serialization/Deserialization Mismatch in ParsedIntentInfo.java Allows Local Privilege Escalation Local Information Disclosure in getDefaultSmsPackage of RoleManagerService.java Improper Input Validation in Layout.java Leads to ANR Vulnerability Race condition vulnerability in lockNow function of PhoneWindowManager.java allows for lock screen bypass Out-of-bounds Read Vulnerability in RGB_to_BGR1_portable of SkSwizzler_opts.h Heap Buffer Overflow in ih264d_mark_err_slice_skip of ih264d_parse_pslice.c Potential Local Privilege Escalation in Android-11 SELinux Policy Unsafe PendingIntent in sendBroadcastToInstaller of FirstScreenBroadcast.java allows for local privilege escalation without additional execution privileges needed Unprotected Provider in HeapDumpProvider.java Allows Unauthorized Access to Heap Dumps Insufficient Background Restrictions Allow Background App to Regain Foreground Permissions in Android-11 (A-183147114) Possible Out of Bounds Read in get_sock_stat of xt_qtaguid.c with Use After Free Vulnerability Race condition vulnerability in dllist_remove_node in TBD allows for local privilege escalation without additional execution privileges. Race Condition User After Free Vulnerability in PVRSRVRGXSubmitTransferKM of rgxtransfer.c Uninitialized Data Leak in PVRSRVBridgeHeapCfgHeapDetails Out of Bounds Write Vulnerability in Android Kernel (CVE-2021-XXXX) Integer Overflow Vulnerability in PVRSRVBridgeSyncPrimOpCreate of PowerVR Kernel Driver MediaStore Downgrade Vulnerability in RevertActiveSessions of apexd.cpp Possible Use After Free Vulnerability in SecondStageMain of init.cpp Account Information Disclosure Vulnerability in AccountManagerService Bypass of Background Service Restrictions in sanitizeSbn of NotificationManagerService.java Arbitrary App Component Disabling Vulnerability in PluginManagerImpl.java Use-after-free vulnerability in dma_buf_release in dma-buf.c allows local users to gain privileges via a crafted application. Possible Local Escalation of Privilege in runDumpHeap of ActivityManagerShellCommand.java Information Disclosure Vulnerability in Android Settings Allows Unauthorized App Detection Unauthenticated Local Information Disclosure in PackageManager Possible Bypass of User Interaction Requirements in AllowBindAppWidgetActivity.java leading to Local Privilege Escalation Content Provider Authority Collision Vulnerability in Android-12 (CVE-2021-197647956) Out-of-bounds Write Vulnerability in GetTimeStampAndPkt of DumpstateDevice.cpp Race Condition Vulnerability in RW_SetActivatedTagType of Android Integer Overflow Vulnerability in PVRSRVBridgePMRPDumpSymbolicAddr of PowerVR Kernel Driver Integer Overflow Vulnerability in PowerVR Kernel Driver Allows Local Privilege Escalation Integer Overflow Vulnerability in PowerVR Kernel Driver Allows Local Privilege Escalation Integer Overflow Vulnerability in PVRSRVBridgeDevicememHistorySparseChange Integer Overflow Vulnerability in PVRSRVBridgeChangeSparseMem of PowerVR Kernel Driver Integer Overflow Vulnerability in PVRSRVBridgePhysmemNewRamBackedLockedPMR Title: Android SoC Vulnerability (A-273754094) Integer Overflow Vulnerability in PVRSRVBridgeServerSyncGetStatus of PowerVR Kernel Driver Integer Overflow Vulnerability in PVRSRVBridgeRGXTDMSubmitTransfer Integer Overflow Vulnerability in PowerVR Kernel Driver Allows Local Privilege Escalation Integer Overflow Vulnerability in PVRSRVBridgeRGXKickCDM of PowerVR Kernel Driver Integer Overflow Vulnerability in PVRSRVBridgeRGXKickSync of PowerVR Kernel Driver Integer Overflow Vulnerability in PVRSRVBridgeCacheOpQueue of PowerVR Kernel Driver Integer Overflow Vulnerability in PVRSRVBridgePhysmemImportSparseDmaBuf Integer Overflow Vulnerability in PowerVR Kernel Driver Allows Local Privilege Escalation Uninitialized Data Leak in PVRSRVBridgeHeapCfgHeapConfigName Silent Pairing Vulnerability in Android TV Allows Remote Code Execution PowerVR Driver Information Disclosure Vulnerability Possible Memory Corruption Vulnerability in apusys: Local Privilege Escalation without User Interaction Possible Out of Bounds Write Vulnerability in apusys Possible Out of Bounds Write Vulnerability in apusys Possible Out of Bounds Write Vulnerability in apusys Possible Out of Bounds Write Vulnerability in apusys Possible Memory Corruption Vulnerability in apusys: Local Privilege Escalation via Use After Free Possible Memory Corruption Vulnerability in apusys: Local Privilege Escalation without User Interaction Possible Out of Bounds Read Vulnerability in apusys Possible Memory Corruption Vulnerability in apusys Possible Out of Bounds Read Vulnerability in apusys Possible Out of Bounds Write Vulnerability in apusys Insecure Permission Setting in SRAMROM Allows Local Privilege Escalation Out-of-Bounds Write Vulnerability in gatt_process_notification of gatt_cl.cc Integer Overflow Vulnerability in getService of IServiceManager.cpp Race condition vulnerability in unix_scm_to_skb in af_unix.c allows local attackers to escalate privileges via a use-after-free bug. Improper Input Validation in ParsingPackageImpl.java Allows for Local Privilege Escalation Bypass of INTERACT_ACROSS_PROFILES Permission in PackageManagerService.java Missing Permission Check in createOrUpdate Method of Permission.java Allows for Local Escalation of Privilege in Android-12 Out of Bounds Read Vulnerability in xhci_vendor_get_ops of xhci.c Out of Bounds Read Vulnerability in rw_t4t_sm_detect_ndef of rw_t4t.cc Potential Local Privilege Escalation in NfcImportVCardActivity due to Missing Permission Check Possible Permission Bypass in requestChannelBrowsable of TvInputManagerService.java Parcel Serialization/Deserialization Mismatch in createFromParcel of OutputConfiguration.java Allows Local Privilege Escalation Use-after-free vulnerability in ion_dma_buf_end_cpu_access in ion.c allows local attackers to gain privileges via a crafted application. Out-of-Bounds Write Vulnerability in phNxpNciHal_process_ext_rsp of phNxpNciHal_ext.cc Misleading Permission Dialog Vulnerability in BluetoothDevice.getAlias() Method Unsafe PendingIntent in showNotification of NavigationModeController.java allows for local escalation of privilege Improper Input Validation in CompanionDeviceActivity and DeviceChooserActivity Allows for Remote Privilege Escalation Possible Denial of Service Vulnerability in findAllDeAccounts of AccountsDb.java Out of Bounds Write Vulnerability in ip6_xmit of Android Kernel Possible Use After Free Vulnerability in acc_read of f_accessory.c in Android Kernel Uninitialized Data Vulnerability in memzero_explicit of compiler-clang.h Out-of-bounds Read Vulnerability in set_default_passthru_cfg of passthru.c Out of Bounds Write Vulnerability in Android Kernel Out-of-Bounds Read Vulnerability in bpf_skb_change_head of Android Kernel Kernel Vulnerability: Untrusted App Control of ui32PageIndex Offset via ioctl Out of Bounds Write Vulnerability in MMU_MapPages of TBD Heap Memory Overwrite Vulnerability in PMRCreate of PowerVR Kernel Driver Kernel Heap Data Leak in PVRSRVBridgePMRPDumpSymbolicAddr Kernel Heap Data Leak in PVRSRVBridgeTLDiscoverStreams Uninitialized Kernel Memory Disclosure in PowerVR Kernel Driver Arbitrary Code Execution via Integer Overflow in DevmemIntHeapAcquire Possible Permission Bypass and Local Information Disclosure in doCropPhoto of PhotoSelectionHandler.java Unsafe PendingIntent in setOnClickActivityIntent of SearchWidgetProvider.java allows unauthorized access to contacts and history bookmarks Tapjacking/Overlay Attack Vulnerability in ResolverActivity Race condition in pf_write_buf of FuseDaemon.cpp allows for local privilege escalation without additional execution privileges (Android-11) Out of Bounds Write Vulnerability in NfcTag::discoverTechnologies (activation) of NfcTag.cpp Bypassing Factory Reset Protections in NotificationStackScrollLayout of Android Potential Local Denial of Service Vulnerability in Android Possible bypass of memory restrictions in jit_memory_region.cc leading to local privilege escalation Uninitialized Data Vulnerability in xt_quota2.c Allows Local Information Disclosure Tapjacking/Overlay Attack Vulnerability in KeyChainActivity.java Heap Buffer Overflow in C2SoftMP3::process() of C2SoftMp3Dec.cpp Unauthenticated Bluetooth Pairing Vulnerability in Android Settings Uninitialized Memory Disclosure Vulnerability in BuildParcelFields of generate_cpp.cpp Out-of-bounds Write Vulnerability in vorbis_book_decodev_set of codebook.c Integer Overflow Vulnerability in osi_malloc and osi_calloc of allocator.cc Possible Denial of Service Vulnerability in AccessPoint.java Parcel Serialization/Deserialization Mismatch in GpsNavigationMessage.java Allows Local Privilege Escalation Out-of-bounds Write Vulnerability in MPEG4Source::read of MPEG4Extractor.cpp Improper Case Sensitivity Handling in isFileUri of UriUtil.java Allows Local Information Disclosure Side Channel Information Disclosure in USB Manager Allows Determination of Installed Apps Out of Bounds Read Vulnerability in toBARK of floor0.c Out-of-bounds Write Vulnerability in phNxpNHal_DtaUpdate of phNxpNciHal_dta.cc Side Channel Information Disclosure in getSerialForPackage of DeviceIdentifiersPolicyService.java Cross-User Package Leak in ShortcutService.java Allows for Local Information Disclosure Improper Input Validation in enqueueNotificationInternal Allows Privilege Escalation without User Interaction Potential Organization Name Disclosure in getOrganizationNameForUser of DevicePolicyManagerService.java Information Disclosure Vulnerability in createAdminSupportIntent of DevicePolicyManagerService.java Possible Permission Bypass and Privilege Escalation in onNullBinding of ManagedServices.java Potential Local Privilege Escalation in AlertReceiver.java Information Disclosure in hasGrantedPolicy of DevicePolicyManagerService.java Information Disclosure Vulnerability in getNeighboringCellInfo of PhoneInterfaceManager.java Information Disclosure Vulnerability in getLaunchedFromUid and getLaunchedFromPackage of ActivityClientController.java Side Channel Information Disclosure in hasManageOngoingCallsPermission of TelecomServiceImpl.java Information Disclosure Vulnerability in getDeviceId of PhoneSubInfoController.java Possible Bluetooth MAC Address Leak in OnMetadataChangedListener of AdvancedBluetoothDetailsHeaderController.java Tapjack Overlay Vulnerability in PaymentDefaultDialog.java Allows Unauthorized Default Payment App Change Possible Denial of Service Vulnerability in getOffsetBeforeAfter of TextLine.java Unauthenticated App Presence Disclosure in ConnectivityService.java Potential Information Disclosure Vulnerability in registerSuggestionConnectionStatusListener of WifiServiceImpl.java Out-of-bounds Read Vulnerability in nfaHciCallback of HciEventManager.cpp APN Disclosure Vulnerability in GnssNetworkConnectivityHandler Heap Buffer Overflow in ih264e_find_bskip_params() in Android-12 Unauthenticated A2DP Bluetooth Device Connection State Manipulation Vulnerability in Android Possible Permission Bypass in createBluetoothDeviceSlice of ConnectedDevicesSliceProvider.java Heap Buffer Overflow in PVInitVideoEncoder of mp4enc_api.cpp Out-of-Bounds Read Vulnerability in WT_Interpolate of eas_wtengine.c Unprivileged App Privilege Escalation via Confused Deputy in AudioService's adjustStreamVolume Unauthenticated App Presence Disclosure in Android-12's WifiServiceImpl.java Information Disclosure Vulnerability in getDeviceIdWithFeature of PhoneInterfaceManager.java Bluetooth MAC Address Information Disclosure Vulnerability in DatabaseManager.java Out of Bounds Read Vulnerability in btu_hcif_process_event of btu_hcif.cc Possible Denial of Service Vulnerability in SubscriptionController.addSubInfo Information Disclosure Vulnerability in setApplicationCategoryHint of PackageManagerService.java Missing Permission Check in getSigningKeySet of PackageManagerService.java Allows Local Information Disclosure Missing Permission Check in setPackageStoppedState of PackageManagerService.java Allows Local Information Disclosure Side Channel Information Disclosure in NotificationAccessDetails.java Allows Determining App Installation Status Side Channel Information Disclosure in checkExistsAndEnforceCannotModifyImmutablyRestrictedPermission of PermissionManagerService.java Information Disclosure Vulnerability in getNetworkTypeForSubscriber of PhoneInterfaceManager.java Information Disclosure Vulnerability in getMeidForSlot of PhoneInterfaceManager.java Possible USB Permission Granting Vulnerability in UsbPermissionActivity.java Missing Permission Check in AdapterService and GattService Definition in AndroidManifest.xml Allows for Bluetooth Connection Disabling and Local Privilege Escalation Side Channel Information Disclosure in adjustStreamVolume of AudioService.java Misleading User Consent Dialog in snoozeNotification of NotificationListenerService.java Allows Local Privilege Escalation Arbitrary User Notification Disabling Vulnerability in Android-12 (A-195111725) Arbitrary User Notification Disabling Vulnerability in Android-12 (A-195031703) Bluetooth Service Crash Vulnerability in btif_in_hf_client_generic_evt of btif_hf_client.cc Side Channel Information Disclosure in RequestIgnoreBatteryOptimizations.java Allows Unprivileged App Detection Possible Intent Redirection Vulnerability in EventResultPersister.java Unauthenticated App Presence Disclosure in WallpaperManagerService Side Channel Information Disclosure in startRanging of RttServiceImpl.java Allows App Installation Detection without Permissions Arbitrary Code Execution Vulnerability in SurfaceFlinger's setTransactionState Out of Bounds Write Vulnerability in setClientStateLocked of SurfaceFlinger.cpp Out of Bounds Write Vulnerability in setClientStateLocked of SurfaceFlinger.cpp Side Channel Information Disclosure in setNotificationsShownFromListener of NotificationManagerService.java Side Channel Information Disclosure in cancelNotificationsFromListener of NotificationManagerService.java Information Disclosure Vulnerability in PackageManagerService.getMimeGroup Possible Permission Bypass in createGeneralSlice of ConnectedDevicesSliceProvider.java Missing Permission Check in getLine1NumberForDisplay of PhoneInterfaceManager.java Allows App Installation Detection and Local Information Disclosure Arbitrary Broadcast Receiver Invocation Vulnerability in BluetoothDevicePickerPreferenceController Possible EoP Vulnerability in LocationSettingsActivity of AndroidManifest.xml Unauthenticated Device Pairing Broadcast Vulnerability Possible DoS Vulnerability in UserDetailsActivity of AndroidManifest.xml Tapjacking/Overlay Attack Vulnerability in NotificationAccessActivity Possible EoP Vulnerability in Bluetooth Pairing Selection Fragment Possible Out of Bounds Read Vulnerability in Android Kernel Use-after-free vulnerability in dsi_panel_debugfs_read_cmdset of dsi_panel.c allows local information disclosure Possible Downgrade Attack Exploiting Underutilized Anti-Rollback Protections in Android Kernel Out-of-bounds Write Vulnerability in eicOpsDecryptAes128Gcm of acropora/app/identity/identity_support.c Android Kernel Vulnerability: A-195580473 Out-of-bounds Read Vulnerability in lwis_dpm_update_clock of lwis_device_dpm.c Out-of-Bounds Read Vulnerability in cm_access_control.c Use After Free Vulnerability in Android Kernel's ep_loop_check_proc Function Android SoC Vulnerability: A-204256722 Out of Bounds Write Vulnerability in PowerVR Kernel Driver Allows Local Privilege Escalation Elevated Privileges Vulnerability in NVIDIA GPU Display Driver for Windows NVIDIA GPU Display Driver Privilege Escalation Vulnerability Improper Validation of User Pointer in NVIDIA GPU Display Driver for Windows and Linux Leads to Denial of Service NVIDIA GPU Display Driver for Windows Denial of Service Vulnerability NVIDIA GPU Display Driver for Windows: Kernel Mode Access Control Vulnerability NVIDIA GPU Display Driver for Linux Kernel Mode Layer Vulnerability Unauthorized Resource Allocation Vulnerability in NVIDIA Virtual GPU Manager NVIDIA vGPU Software Input Data Size Validation Vulnerability NVIDIA vGPU Manager Integer Overflow Vulnerability NVIDIA vGPU Software Input Index Validation Vulnerability Race Condition Vulnerability in NVIDIA vGPU Manager Plugin Unvalidated Input Length Vulnerability in NVIDIA vGPU Manager Plugin NVIDIA vGPU Manager Input Offset Validation Vulnerability NVIDIA vGPU Manager vulnerability: Untrusted Source Pointer Dereference NVIDIA vGPU Manager Plugin Input Data Validation Vulnerability NVIDIA vGPU Manager Input Data Validation Vulnerability Vulnerability in NVIDIA SHIELD TV RPMB Command Status Implementation Memory Boundary Overflow Vulnerability in NVIDIA SHIELD TV (Versions Prior to 8.2.2) Null Pointer Reference Vulnerability in NVIDIA SHIELD TV (Versions Prior to 8.2.2) Improper Access Control in NVIDIA Jetson Devices: Denial of Service Vulnerability Unauthorized Access to System Power Usage Data in NVIDIA Tegra Kernel Arbitrary File Deletion Vulnerability in NVIDIA GeForce Experience GameStream (rxdiag.dll) NVIDIA GeForce Experience Browser Login Vulnerability Vulnerability: Local Privilege Escalation via NVIDIA GPU Display Driver Installer NVIDIA Windows GPU Display Driver Kernel Mode Vulnerability Improper Access Control in NVIDIA GPU Display Driver for Windows and Linux Denial of Service Vulnerability in NVIDIA GPU Display Driver for Windows and Linux (R450 and R460) Critical Vulnerability in NVIDIA Windows GPU Display Driver: System Crash via NULL Pointer Dereference Vulnerability in NVIDIA GeForce Experience GameStream Plugins Allows Code Execution and Local Privilege Escalation NVIDIA vGPU Software Input Validation Vulnerability NVIDIA vGPU Software Input Length Validation Vulnerability NVIDIA vGPU Software Input Length Validation Vulnerability NVIDIA vGPU Software Input Length Validation Vulnerability NVIDIA vGPU Driver Input Length Validation Vulnerability NVIDIA vGPU Driver Vulnerability: Memory Manipulation and Privilege Escalation Unauthorized Resource Control Vulnerability in NVIDIA vGPU Driver NVIDIA vGPU Driver ASLR Bypass Vulnerability Vulnerability in NVIDIA GPU and Tegra Hardware Allows Unauthorized Debug Access and Information Disclosure Uncontrolled DLL Loading Path Vulnerability in NVIDIA GPU Display Driver for Windows Buffer Overflow Vulnerability in NVIDIA GPU Display Driver for Windows and Linux NVIDIA GPU Display Driver for Windows Privilege Escalation Vulnerability NVIDIA GPU Display Driver for Windows: Privilege Escalation via Symbolic Link Attack NVIDIA GPU Display Driver Firmware Vulnerability: Denial of Service and System Crash Out of Bounds Array Access Vulnerability in NVIDIA GPU Display Driver for Windows and Linux NVIDIA GPU Display Driver Kernel Mode Vulnerability NVIDIA Windows GPU Display Driver Vulnerability: NULL Pointer Dereference in DxgkDdiEscape Handler NVIDIA vGPU Software Length Validation Vulnerability Resource Leakage Vulnerability in NVIDIA vGPU Software Stack-based Buffer Overflow in NVIDIA vGPU Software NVIDIA vGPU Software Kernel Mode Driver Pointer Validation Vulnerability NVIDIA vGPU Software Null Pointer Dereference Vulnerability NVIDIA vGPU Software Denial of Service Vulnerability NVIDIA vGPU Software Denial of Service Vulnerability Unspecified Initial State of MTVEC Register in RISC-V Instruction Set Manual: A Potential Vulnerability for Information Disclosure and Data Tampering Vulnerability in NVIDIA GPU and Tegra Hardware Allows Unauthorized Access to Debug Registers Critical Privilege Escalation and Data Tampering Vulnerability in NVIDIA Linux Kernel Distributions NVIDIA Linux Kernel Vulnerability: Code Execution, Denial of Service, and System Integrity Compromise in nvmap NVMAP_IOC_WRITE* Paths Critical Vulnerability in NVIDIA Linux Kernel Distributions: FuSa Capture (VI/ISP) Integer Underflow Timing-Related Vulnerability in NVIDIA Camera Firmware: Potential Data Integrity Loss and Denial of Service Critical Vulnerability in NVIDIA Jetson Xavier Camera Firmware Allows Denial of Service and Data Corruption USB-triggered Buffer Overflow Vulnerability in NV3P Bootloader NVIDIA Linux Kernel nvmap Vulnerability: Complete Denial of Service Exploit Critical Vulnerability in NVIDIA Camera Firmware Allows Unauthorized Modification and Denial of Service Critical Vulnerability in NVIDIA Linux Kernel Distributions: Complete Denial of Service Exploit NVIDIA GPU Display Driver for Windows: Local Privilege Escalation via NULL Pointer Dereference NVIDIA GPU Display Driver for Windows Kernel Mode NULL Pointer Dereference Vulnerability Windows Kernel Mode Vulnerability: Denial of Service via DxgkDdiEscape in nvlddmkm.sys Privilege Escalation and Denial of Service Vulnerability in NVIDIA vGPU Software Double-Free Pointer Vulnerability in NVIDIA vGPU Software NVIDIA vGPU Software Virtual GPU Manager Null Termination Vulnerability Resource Starvation Vulnerability in NVIDIA vGPU Software NVIDIA vGPU Software Vulnerability: Denial of Service via NULL Pointer Dereference NVIDIA vGPU Software Denial of Service Vulnerability Vulnerability in NVIDIA GPU and Tegra Hardware Allows Privilege Escalation and Program Data Corruption Clear-text Storage of Proxy Server Credentials in Cisco Firepower Management Center (FMC) Cross-Site Scripting (XSS) Vulnerability in Cisco Enterprise NFV Infrastructure Software (NFVIS) Web Interface Insufficient Privilege Restriction in Cisco IOS XR Software CLI Parser Unauthenticated Information Disclosure Vulnerability in Cisco Email Security Appliance, Content Security Management Appliance, and Web Security Appliance Cisco DNA Center Software: Cross-Site Scripting (XSS) Vulnerability in Web-Based Management Interface Cisco Video Surveillance 8000 Series IP Cameras Reload Vulnerability Unauthorized Access and Data Manipulation in Cisco Data Center Network Manager (DCNM) REST API Incomplete Validation of X.509 Certificate in Cisco DNA Center Software Integration with Cisco ISE: Unauthorized Access to Sensitive Data Unauthorized Access and Data Manipulation in Cisco Data Center Network Manager (DCNM) REST API Vulnerability: Execution of Unsigned Code during Boot Process in Cisco NCS 540 Series Routers Cisco SD-WAN vManage Software Multiple Vulnerabilities Arbitrary Command Execution Vulnerabilities in Cisco Smart Software Manager Satellite Arbitrary Command Execution Vulnerabilities in Cisco Smart Software Manager Satellite Web UI Arbitrary Command Execution Vulnerabilities in Cisco Smart Software Manager Satellite Arbitrary Command Execution Vulnerabilities in Cisco Smart Software Manager Satellite Arbitrary Command Execution Vulnerabilities in Cisco Smart Software Manager Satellite Cisco CMX API Authorization Bypass Vulnerability Password Alteration Vulnerability in Cisco Connected Mobile Experiences (CMX) Vulnerability: Insecure Handling of Symbolic Links in Cisco StarOS SFTP Arbitrary Command Injection Vulnerabilities in Cisco Small Business RV Routers Arbitrary Command Injection Vulnerabilities in Cisco Small Business RV Routers Arbitrary Command Injection Vulnerabilities in Cisco Small Business RV Routers Arbitrary Command Injection Vulnerabilities in Cisco Small Business RV Routers Arbitrary Command Injection Vulnerabilities in Cisco Small Business RV Routers Cross-Site Scripting (XSS) Vulnerabilities in Cisco Small Business RV Routers Cross-Site Scripting (XSS) Vulnerabilities in Cisco Small Business RV Routers Cross-Site Scripting (XSS) Vulnerabilities in Cisco Small Business RV Routers Cross-Site Scripting (XSS) Vulnerabilities in Cisco Small Business RV Routers Cross-Site Scripting (XSS) Vulnerabilities in Cisco Small Business RV Routers Cross-Site Scripting (XSS) Vulnerabilities in Cisco Small Business RV Routers Cross-Site Scripting (XSS) Vulnerabilities in Cisco Small Business RV Routers Cross-Site Scripting (XSS) Vulnerabilities in Cisco Small Business RV Routers Multiple Remote Code Execution and Denial of Service Vulnerabilities in Cisco Small Business RV110W, RV130, RV130W, and RV215W Routers Multiple Remote Code Execution and Denial of Service Vulnerabilities in Cisco Small Business RV110W, RV130, RV130W, and RV215W Routers Multiple Remote Code Execution and Denial of Service Vulnerabilities in Cisco Small Business RV110W, RV130, RV130W, and RV215W Routers Multiple Remote Code Execution and Denial of Service Vulnerabilities in Cisco Small Business RV110W, RV130, RV130W, and RV215W Routers Multiple Remote Code Execution and Denial of Service Vulnerabilities in Cisco Small Business RV110W, RV130, RV130W, and RV215W Routers Multiple Remote Code Execution and Denial of Service Vulnerabilities in Cisco Small Business RV110W, RV130, RV130W, and RV215W Routers Multiple Remote Code Execution and Denial of Service Vulnerabilities in Cisco Small Business RV110W, RV130, RV130W, and RV215W Routers Multiple Remote Code Execution and Denial of Service Vulnerabilities in Cisco Small Business RV110W, RV130, RV130W, and RV215W Routers Multiple Remote Code Execution and Denial of Service Vulnerabilities in Cisco Small Business RV110W, RV130, RV130W, and RV215W Routers Multiple Remote Code Execution and Denial of Service Vulnerabilities in Cisco Small Business RV110W, RV130, RV130W, and RV215W Routers Multiple Remote Code Execution and Denial of Service Vulnerabilities in Cisco Small Business RV110W, RV130, RV130W, and RV215W Routers Multiple Remote Code Execution and Denial of Service Vulnerabilities in Cisco Small Business RV110W, RV130, RV130W, and RV215W Routers Multiple Remote Code Execution and Denial of Service Vulnerabilities in Cisco Small Business RV110W, RV130, RV130W, and RV215W Routers Multiple Remote Code Execution and Denial of Service Vulnerabilities in Cisco Small Business RV110W, RV130, RV130W, and RV215W Routers Multiple Remote Code Execution and Denial of Service Vulnerabilities in Cisco Small Business RV110W, RV130, RV130W, and RV215W Routers Multiple Remote Code Execution and Denial of Service Vulnerabilities in Cisco Small Business RV110W, RV130, RV130W, and RV215W Routers Multiple Remote Code Execution and Denial of Service Vulnerabilities in Cisco Small Business RV110W, RV130, RV130W, and RV215W Routers Multiple Remote Code Execution and Denial of Service Vulnerabilities in Cisco Small Business RV110W, RV130, RV130W, and RV215W Routers Multiple Remote Code Execution and Denial of Service Vulnerabilities in Cisco Small Business RV110W, RV130, RV130W, and RV215W Routers Multiple Remote Code Execution and Denial of Service Vulnerabilities in Cisco Small Business RV110W, RV130, RV130W, and RV215W Routers Multiple Remote Code Execution and Denial of Service Vulnerabilities in Cisco Small Business RV110W, RV130, RV130W, and RV215W Routers Multiple Remote Code Execution and Denial of Service Vulnerabilities in Cisco Small Business RV110W, RV130, RV130W, and RV215W Routers Multiple Remote Code Execution and Denial of Service Vulnerabilities in Cisco Small Business RV110W, RV130, RV130W, and RV215W Routers Multiple Remote Code Execution and Denial of Service Vulnerabilities in Cisco Small Business RV110W, RV130, RV130W, and RV215W Routers Multiple Remote Code Execution and Denial of Service Vulnerabilities in Cisco Small Business RV110W, RV130, RV130W, and RV215W Routers Multiple Remote Code Execution and Denial of Service Vulnerabilities in Cisco Small Business RV110W, RV130, RV130W, and RV215W Routers Multiple Remote Code Execution and Denial of Service Vulnerabilities in Cisco Small Business RV110W, RV130, RV130W, and RV215W Routers Multiple Remote Code Execution and Denial of Service Vulnerabilities in Cisco Small Business RV110W, RV130, RV130W, and RV215W Routers Multiple Remote Code Execution and Denial of Service Vulnerabilities in Cisco Small Business RV110W, RV130, RV130W, and RV215W Routers Multiple Remote Code Execution and Denial of Service Vulnerabilities in Cisco Small Business RV110W, RV130, RV130W, and RV215W Routers Multiple Remote Code Execution and Denial of Service Vulnerabilities in Cisco Small Business RV110W, RV130, RV130W, and RV215W Routers Multiple Remote Code Execution and Denial of Service Vulnerabilities in Cisco Small Business RV110W, RV130, RV130W, and RV215W Routers Multiple Remote Code Execution and Denial of Service Vulnerabilities in Cisco Small Business RV110W, RV130, RV130W, and RV215W Routers Multiple Remote Code Execution and Denial of Service Vulnerabilities in Cisco Small Business RV110W, RV130, RV130W, and RV215W Routers Multiple Remote Code Execution and Denial of Service Vulnerabilities in Cisco Small Business RV110W, RV130, RV130W, and RV215W Routers Multiple Remote Code Execution and Denial of Service Vulnerabilities in Cisco Small Business RV110W, RV130, RV130W, and RV215W Routers Multiple Remote Code Execution and Denial of Service Vulnerabilities in Cisco Small Business RV110W, RV130, RV130W, and RV215W Routers Multiple Remote Code Execution and Denial of Service Vulnerabilities in Cisco Small Business RV110W, RV130, RV130W, and RV215W Routers Multiple Remote Code Execution and Denial of Service Vulnerabilities in Cisco Small Business RV110W, RV130, RV130W, and RV215W Routers Multiple Remote Code Execution and Denial of Service Vulnerabilities in Cisco Small Business RV110W, RV130, RV130W, and RV215W Routers Multiple Remote Code Execution and Denial of Service Vulnerabilities in Cisco Small Business RV110W, RV130, RV130W, and RV215W Routers Multiple Remote Code Execution and Denial of Service Vulnerabilities in Cisco Small Business RV110W, RV130, RV130W, and RV215W Routers Multiple Remote Code Execution and Denial of Service Vulnerabilities in Cisco Small Business RV110W, RV130, RV130W, and RV215W Routers Multiple Remote Code Execution and Denial of Service Vulnerabilities in Cisco Small Business RV110W, RV130, RV130W, and RV215W Routers Multiple Remote Code Execution and Denial of Service Vulnerabilities in Cisco Small Business RV110W, RV130, RV130W, and RV215W Routers Multiple Remote Code Execution and Denial of Service Vulnerabilities in Cisco Small Business RV110W, RV130, RV130W, and RV215W Routers Multiple Remote Code Execution and Denial of Service Vulnerabilities in Cisco Small Business RV110W, RV130, RV130W, and RV215W Routers Multiple Remote Code Execution and Denial of Service Vulnerabilities in Cisco Small Business RV110W, RV130, RV130W, and RV215W Routers Multiple Remote Code Execution and Denial of Service Vulnerabilities in Cisco Small Business RV110W, RV130, RV130W, and RV215W Routers Multiple Remote Code Execution and Denial of Service Vulnerabilities in Cisco Small Business RV110W, RV130, RV130W, and RV215W Routers Multiple Remote Code Execution and Denial of Service Vulnerabilities in Cisco Small Business RV110W, RV130, RV130W, and RV215W Routers Multiple Remote Code Execution and Denial of Service Vulnerabilities in Cisco Small Business RV110W, RV130, RV130W, and RV215W Routers Multiple Remote Code Execution and Denial of Service Vulnerabilities in Cisco Small Business RV110W, RV130, RV130W, and RV215W Routers Multiple Remote Code Execution and Denial of Service Vulnerabilities in Cisco Small Business RV110W, RV130, RV130W, and RV215W Routers Multiple Remote Code Execution and Denial of Service Vulnerabilities in Cisco Small Business RV110W, RV130, RV130W, and RV215W Routers Multiple Remote Code Execution and Denial of Service Vulnerabilities in Cisco Small Business RV110W, RV130, RV130W, and RV215W Routers Multiple Remote Code Execution and Denial of Service Vulnerabilities in Cisco Small Business RV110W, RV130, RV130W, and RV215W Routers Multiple Remote Code Execution and Denial of Service Vulnerabilities in Cisco Small Business RV110W, RV130, RV130W, and RV215W Routers Multiple Remote Code Execution and Denial of Service Vulnerabilities in Cisco Small Business RV110W, RV130, RV130W, and RV215W Routers Cisco Smart Software Manager Satellite Web Management Interface URL Redirection Vulnerability Insufficient Protection of Static Credentials in Cisco Smart Software Manager Satellite Denial of Service Vulnerabilities in Cisco IOS XE Software Web UI Injection of Hyperlink in Cisco Webex Meetings Invitation Emails SQL Injection Vulnerability in Cisco Smart Software Manager Satellite Cisco Snort Detection Engine HTTP Range Header Bypass Vulnerability Cisco Products Vulnerable to TCP Fast Open (TFO) Bypass for HTTP File Policy SQL Injection Vulnerabilities in Cisco SD-WAN vManage Software Clear text storage of sensitive credentials in Cisco Unified Communications Manager and related services Cross-Site Request Forgery (CSRF) Vulnerability in Cisco NX-OS Software's NX-API Feature Vulnerability: Unauthorized Server Connection in Cisco Nexus 9000 Series Fabric Switches Cisco NX-OS Software ICMPv6 Memory Leak Vulnerability Denial of Service Vulnerability in Cisco Nexus 9000 Series Fabric Switches Vulnerability: Unauthenticated Adjacent Attackers Can Disable Switching on Nexus 9000 Series Fabric Switches in ACI Mode via LLDP Cisco SD-WAN Software CLI Local Information Disclosure Vulnerability Unauthorized Access to Sensitive Database Files in Cisco SD-WAN vManage Software Vulnerability in Snort Application Detection Engine Allows Bypass of Configured Policies Arbitrary Code Execution Vulnerability in Cisco AnyConnect Secure Mobility Client for Windows Stored Cross-Site Scripting (XSS) Vulnerabilities in Cisco Firepower Management Center (FMC) Web Interface Stored Cross-Site Scripting (XSS) Vulnerabilities in Cisco Firepower Management Center (FMC) Web Interface DLL Loading Vulnerability in Cisco Proximity Desktop for Windows Cisco SD-WAN Products Denial of Service Vulnerabilities File Name Manipulation Vulnerability in Cisco Webex Teams LPTS Programming Vulnerability in SNMP with Management Plane Protection in Cisco IOS XR Software Vulnerability: Execution of Unsigned Code during Boot Process in Cisco NCS 540 Series Routers Cross-Site Scripting and Authentication Bypass Vulnerabilities in Cisco Finesse Web Management Interface Cross-Site Scripting and Authentication Bypass Vulnerabilities in Cisco Finesse Web Management Interface Arbitrary SQL Command Execution Vulnerability in Cisco Data Center Network Manager (DCNM) REST API Endpoints Arbitrary SQL Command Execution Vulnerability in Cisco Data Center Network Manager (DCNM) REST API Endpoints Multiple Cross-Site Scripting and Reflected File Download Vulnerabilities in Cisco Data Center Network Manager Multiple Cross-Site Scripting and Reflected File Download Vulnerabilities in Cisco Data Center Network Manager Vulnerabilities in Cisco Small Business RV Series Routers' LLDP Implementation Denial of Service Vulnerability in ClamAV's Excel XLM Macro Parsing Module Multiple Cross-Site Scripting and Reflected File Download Vulnerabilities in Cisco Data Center Network Manager Cross-Site Scripting (XSS) Vulnerabilities in Cisco Finesse Web-Based Management Interface Unauthorized Access and Data Manipulation in Cisco Data Center Network Manager (DCNM) REST API Title: Cisco Firepower Threat Defense (FTD) Software CLI Directory Traversal Vulnerability Title: Cisco DNA Center Software Vulnerability: Unauthenticated Remote Attackers Can Manipulate Authenticated Users via CSRF Insufficient File Permission Restrictions in Cisco AnyConnect Secure Mobility Client Upgrade Component Path Traversal Vulnerability in Cisco SD-WAN vManage Software Allows Unauthorized File Write Access Command Injection Vulnerabilities in Cisco SD-WAN Products Command Injection Vulnerabilities in Cisco SD-WAN Products Command Injection Vulnerabilities in Cisco SD-WAN Products Command Injection Vulnerabilities in Cisco SD-WAN Products Command Injection Vulnerability in Cisco DNA Center's Command Runner Tool Cisco DNA Center Configuration Archive Vulnerability: Unauthorized Access to Running Configurations Cisco Managed Services Accelerator (MSX) REST API Denial of Service Vulnerability XML Entity Denial of Service Vulnerability in Cisco Firepower Management Center (FMC) Software Cisco IOS XR Software IPv6 Flood Vulnerability Authentication Bypass and Unauthorized Data Manipulation in Cisco Data Center Network Manager (DCNM) Authentication Bypass and Unauthorized Data Access in Cisco Data Center Network Manager (DCNM) Stored XSS Vulnerability in Cisco AsyncOS for Cisco Web Security Appliance (WSA) Web Management Interface Session Validation Bypass and SSRF Vulnerability in Cisco Data Center Network Manager Cisco SD-WAN Products Denial of Service Vulnerabilities Cisco SD-WAN Products Denial of Service Vulnerabilities Multiple Critical Vulnerabilities in Cisco SD-WAN vManage Software Insufficient Certificate Validation Vulnerabilities in Cisco Data Center Network Manager (DCNM) Insufficient Certificate Validation Vulnerabilities in Cisco Data Center Network Manager (DCNM) Cisco SD-WAN Products Denial of Service Vulnerabilities Cisco SD-WAN Products Denial of Service Vulnerabilities DLL Hijacking Vulnerability in Cisco Advanced Malware Protection (AMP) and Immunet for Windows Root-level Access Vulnerability in Cisco IOS XE SD-WAN Software Path Traversal and SQL Injection Vulnerabilities in Cisco Unified Communications Manager IM & Presence Service Cisco Data Center Network Manager (DCNM) Log File Information Disclosure Vulnerability Unauthenticated Access and Configuration Modification Vulnerability in Cisco SD-WAN vManage Software Vulnerabilities in Cisco Data Center Network Manager (DCNM) Web Interface: XSS and RFD Attacks Arbitrary Code Execution and Denial of Service Vulnerability in Cisco RV132W and RV134W Routers Denial of Service Vulnerabilities in Cisco IOS XR Software Ingress Packet Processing Function Arbitrary Code Execution Vulnerabilities in Cisco Small Business VPN Routers Arbitrary Code Execution Vulnerabilities in Cisco Small Business VPN Routers Arbitrary Code Execution Vulnerabilities in Cisco Small Business VPN Routers Arbitrary Code Execution Vulnerabilities in Cisco Small Business VPN Routers Arbitrary Code Execution Vulnerabilities in Cisco Small Business VPN Routers Arbitrary Code Execution Vulnerabilities in Cisco Small Business VPN Routers Arbitrary Code Execution Vulnerabilities in Cisco Small Business VPN Routers Directory Traversal and File Overwrite Vulnerabilities in Cisco Small Business VPN Routers Directory Traversal and File Overwrite Vulnerabilities in Cisco Small Business VPN Routers Command Injection Vulnerabilities in Cisco SD-WAN Products Command Injection Vulnerabilities in Cisco SD-WAN Products Cisco SD-WAN Products Multiple Remote Execution Vulnerabilities Cisco SD-WAN Products Multiple Remote Execution Vulnerabilities Cisco SD-WAN vManage Software: Multiple Authorization Bypass and Information Disclosure Vulnerabilities Improper Enforcement of User Roles in Cisco DNA Center Allows Unauthorized Command Execution Cisco SD-WAN vManage Software: Multiple Authorization Bypass and Information Disclosure Vulnerabilities Cisco SD-WAN vManage Software: Multiple Authorization Bypass and Information Disclosure Vulnerabilities Arbitrary File Write Vulnerability in Cisco EPN Manager, ISE, and Prime Infrastructure Multiple Remote Code Execution and Denial of Service Vulnerabilities in Cisco Small Business RV110W, RV130, RV130W, and RV215W Routers Vulnerabilities in Cisco Small Business RV Series Routers' LLDP Implementation Vulnerabilities in Cisco Small Business RV Series Routers' LLDP Implementation Cisco Webex Meetings Open Redirect Vulnerability Vulnerability: Host Role Takeover in Cisco Webex Meetings and Webex Meetings Server Denial of Service (DoS) Vulnerability in Cisco Elastic Services Controller (ESC) Health Monitor API Denial of Service Vulnerabilities in Cisco IOS XR Software Ingress Packet Processing Function Arbitrary Command Injection Vulnerabilities in Cisco Small Business Routers Arbitrary Command Injection Vulnerabilities in Cisco Small Business Routers Arbitrary Command Injection Vulnerabilities in Cisco Small Business Routers Arbitrary Command Injection Vulnerabilities in Cisco Small Business Routers Arbitrary Command Injection Vulnerabilities in Cisco Small Business Routers Multiple Remote Code Execution and Denial of Service Vulnerabilities in Cisco Small Business RV016, RV042, RV042G, RV082, RV320, and RV325 Routers Multiple Remote Code Execution and Denial of Service Vulnerabilities in Cisco Small Business RV016, RV042, RV042G, RV082, RV320, and RV325 Routers Multiple Remote Code Execution and Denial of Service Vulnerabilities in Cisco Small Business RV016, RV042, RV042G, RV082, RV320, and RV325 Routers Multiple Remote Code Execution and Denial of Service Vulnerabilities in Cisco Small Business RV Routers Multiple Remote Code Execution and Denial of Service Vulnerabilities in Cisco Small Business RV016, RV042, RV042G, RV082, RV320, and RV325 Routers Multiple Remote Code Execution and Denial of Service Vulnerabilities in Cisco Small Business RV016, RV042, RV042G, RV082, RV320, and RV325 Routers Multiple Remote Code Execution and Denial of Service Vulnerabilities in Cisco Small Business RV016, RV042, RV042G, RV082, RV320, and RV325 Routers Multiple Remote Code Execution and Denial of Service Vulnerabilities in Cisco Small Business RV016, RV042, RV042G, RV082, RV320, and RV325 Routers Multiple Remote Code Execution and Denial of Service Vulnerabilities in Cisco Small Business RV016, RV042, RV042G, RV082, RV320, and RV325 Routers Multiple Remote Code Execution and Denial of Service Vulnerabilities in Cisco Small Business RV016, RV042, RV042G, RV082, RV320, and RV325 Routers Multiple Remote Code Execution and Denial of Service Vulnerabilities in Cisco Small Business RV016, RV042, RV042G, RV082, RV320, and RV325 Routers Multiple Remote Code Execution and Denial of Service Vulnerabilities in Cisco Small Business RV016, RV042, RV042G, RV082, RV320, and RV325 Routers Multiple Remote Code Execution and Denial of Service Vulnerabilities in Cisco Small Business RV016, RV042, RV042G, RV082, RV320, and RV325 Routers Multiple Remote Code Execution and Denial of Service Vulnerabilities in Cisco Small Business RV Routers Multiple Remote Code Execution and Denial of Service Vulnerabilities in Cisco Small Business RV016, RV042, RV042G, RV082, RV320, and RV325 Routers Multiple Remote Code Execution and Denial of Service Vulnerabilities in Cisco Small Business RV016, RV042, RV042G, RV082, RV320, and RV325 Routers Multiple Remote Code Execution and Denial of Service Vulnerabilities in Cisco Small Business RV016, RV042, RV042G, RV082, RV320, and RV325 Routers Multiple Remote Code Execution and Denial of Service Vulnerabilities in Cisco Small Business RV Routers Multiple Remote Code Execution and Denial of Service Vulnerabilities in Cisco Small Business RV016, RV042, RV042G, RV082, RV320, and RV325 Routers Multiple Remote Code Execution and Denial of Service Vulnerabilities in Cisco Small Business RV016, RV042, RV042G, RV082, RV320, and RV325 Routers Multiple Remote Code Execution and Denial of Service Vulnerabilities in Cisco Small Business RV016, RV042, RV042G, RV082, RV320, and RV325 Routers Multiple Remote Code Execution and Denial of Service Vulnerabilities in Cisco Small Business RV016, RV042, RV042G, RV082, RV320, and RV325 Routers Multiple Remote Code Execution and Denial of Service Vulnerabilities in Cisco Small Business RV Routers Multiple Remote Code Execution and Denial of Service Vulnerabilities in Cisco Small Business RV016, RV042, RV042G, RV082, RV320, and RV325 Routers Multiple Remote Code Execution and Denial of Service Vulnerabilities in Cisco Small Business RV016, RV042, RV042G, RV082, RV320, and RV325 Routers Multiple Remote Code Execution and Denial of Service Vulnerabilities in Cisco Small Business RV016, RV042, RV042G, RV082, RV320, and RV325 Routers Multiple Remote Code Execution and Denial of Service Vulnerabilities in Cisco Small Business RV Routers Multiple Remote Code Execution and Denial of Service Vulnerabilities in Cisco Small Business RV016, RV042, RV042G, RV082, RV320, and RV325 Routers Multiple Remote Code Execution and Denial of Service Vulnerabilities in Cisco Small Business RV016, RV042, RV042G, RV082, RV320, and RV325 Routers Multiple Remote Code Execution and Denial of Service Vulnerabilities in Cisco Small Business RV016, RV042, RV042G, RV082, RV320, and RV325 Routers Title: Cisco SD-WAN vManage Software Vulnerability: Cypher Query Language Injection via Web-based Management Interface Insufficient Rate Limiting Controls in Cisco Umbrella Web UI Cross-Site Scripting (XSS) Vulnerability in Cisco Webex Meetings Web Interface Cisco IOS XE Software DECnet Protocol Processing Denial of Service Vulnerability Cisco StarOS IPv4 Protocol Handling Memory Leak Vulnerability Vulnerability: Rogue Cisco UCSM Registration in Cisco UCS Central Software Path Traversal and SQL Injection Vulnerabilities in Cisco Unified Communications Manager IM & Presence Service Denial of Service Vulnerabilities in Cisco IOS XE Software Web UI Path Traversal and SQL Injection Vulnerabilities in Cisco Unified Communications Manager IM & Presence Service Cisco Finesse Web Interface Open Redirect Vulnerability Command Injection and Privilege Escalation in Cisco AsyncOS for Cisco Web Security Appliance Multiple Remote Code Execution and Denial of Service Vulnerabilities in Cisco Small Business RV110W, RV130, RV130W, and RV215W Routers Vulnerability: Arbitrary File Manipulation with Root Privileges on Cisco Nexus Switches Arbitrary Code Execution Vulnerability in Cisco Unified Communications Manager and Related Services SQL Injection Vulnerabilities in Cisco Unified Communications Manager IM & Presence Service Path Traversal and SQL Injection Vulnerabilities in Cisco Unified Communications Manager IM & Presence Service SQL Injection Vulnerabilities in Cisco Unified Communications Manager IM & Presence Service DLL Hijacking Vulnerability in Cisco AnyConnect Secure Mobility Client for Windows Insufficient Input Validation in Cisco NX-OS Software PIM Feature Leads to Denial of Service Vulnerability Vulnerability in Cisco UDLD Feature Allows Arbitrary Code Execution and DoS XML External Entity (XXE) Vulnerability in Cisco Firepower Device Manager (FDM) On-Box Software Privilege Escalation Vulnerability in Cisco IOS XR Software for Cisco 8000 Series Routers and NCS 540 Series Routers Privilege Escalation Vulnerability in Cisco IOS XE SD-WAN Software Shared Memory Information Disclosure Vulnerability in Cisco Webex Meetings Desktop App and Webex Productivity Tools for Windows Denial of Service Vulnerability in Cisco Catalyst 9000 Family Wireless Controllers Cross-Site Scripting (XSS) Vulnerability in Cisco IOS XE Wireless Controller Software for Catalyst 9000 Family Switches Vulnerabilities in Fast Reload Feature of Cisco IOS XE Software on Catalyst Switches Multiple Vulnerabilities in Fast Reload Feature of Cisco IOS XE Software on Cisco Catalyst Switches ARP Mismanagement Vulnerability in Cisco IOS and IOS XE Software Cisco StarOS SSH Service Denial of Service Vulnerability Cross-Site Scripting (XSS) Vulnerabilities in Cisco Unified Communications Manager and Unity Connection Unauthorized Debugging Console Access Vulnerability in Cisco IOS XE Software Arbitrary Command Injection Vulnerability in Cisco IOS XE SD-WAN Software Privilege Escalation in Cisco IOS XE SD-WAN Software CLI Command Injection Vulnerability in Cisco IOx Application Hosting Environment Cisco IOx Application Hosting Environment Directory Traversal Vulnerability DLL Hijacking Vulnerability in Cisco AMP for Endpoints Windows Connector, ClamAV for Windows, and Immunet Denial of Service Vulnerability in Cisco NX-OS Software Network Stack Authentication Bypass Vulnerability in Cisco ACI Multi-Site Orchestrator (MSO) API Endpoint IPv6 ACL Bypass Vulnerability in Cisco IOS XR and NX-OS Software Cisco IOS XE Software Local Privilege Escalation Vulnerability Privilege Escalation Vulnerability in Cisco IOS XE Software's Dragonite Debugger Cisco IOS and IOS XE Software CLI Command Permissions Vulnerability Privilege Escalation and Information Disclosure Vulnerabilities in Cisco Application Services Engine Denial of Service Vulnerability in Cisco IOS XE Software for Cisco NCS 520 Routers Cross-Site Scripting (XSS) Vulnerability in Cisco Unified Intelligence Center Web Interface Privilege Escalation and Information Disclosure Vulnerabilities in Cisco Application Services Engine Cisco IMC Software Open Redirect Vulnerability Vulnerability in Cisco IOS XE Software Allows Arbitrary Code Execution at Boot Time Insufficient Validation of User-Supplied Data in Cisco Unified Communications Manager Self Care Portal Cisco Small Business Wireless Access Points: Multiple Vulnerabilities in Web Management Interface Cisco Small Business Wireless Access Points: Multiple Vulnerabilities in Web Management Interface Denial of Service Vulnerability in Cisco Firepower Threat Defense (FTD) Software Cisco IOS XE Software Web UI Cross-Site WebSocket Hijacking Vulnerability ClamAV PDF Parsing Module Denial of Service Vulnerability Denial of Service Vulnerability in ClamAV Email Parsing Module Improper Inclusion of Sensitive Information in Downloadable Files Vulnerability in Cisco Unified Communications Manager Cross-Site Scripting (XSS) Vulnerabilities in Cisco Unified Communications Manager and Unity Connection Cross-Site Scripting (XSS) Vulnerabilities in Cisco Unified Communications Manager and Unity Connection Cross-Site Scripting (XSS) Vulnerabilities in Cisco Unified Communications Manager and Unity Connection Multiple Critical Vulnerabilities in Cisco Jabber Software Improper Privilege Enforcement in Cisco Identity Services Engine (ISE) Admin Portal Allows Information Disclosure Arbitrary Code Execution Vulnerabilities in Cisco RV340, RV340W, RV345, and RV345P Routers Arbitrary Code Execution Vulnerabilities in Cisco RV340, RV340W, RV345, and RV345P Routers Arbitrary Code Execution Vulnerabilities in Cisco RV340, RV340W, RV345, and RV345P Routers Improper Privilege Enforcement in Cisco Identity Services Engine (ISE) Admin Portal Allows Information Disclosure Multiple Critical Vulnerabilities in Cisco Jabber Software Multiple Critical Vulnerabilities in Cisco Jabber Software Privilege Escalation via SSH Management in Cisco Access Points Remote Code Execution Vulnerability in Cisco Webex Meetings Command Injection Vulnerability in Cisco Enterprise NFV Infrastructure Software (NFVIS) Cisco ASA and FTD Software Cryptography Module Denial of Service Vulnerability Cisco Aironet Access Points (AP) Local File Overwrite Vulnerability Vulnerabilities in Cisco AnyConnect Secure Mobility Client for Windows Allow Local Privilege Escalation Vulnerabilities in Cisco AnyConnect Secure Mobility Client for Windows Allow Local Privilege Escalation Vulnerabilities in Cisco AnyConnect Secure Mobility Client for Windows Allow Local Privilege Escalation Vulnerabilities in Cisco AnyConnect Secure Mobility Client for Windows Allow Local Privilege Escalation Vulnerabilities in Cisco AnyConnect Secure Mobility Client for Windows Allow Local Privilege Escalation Cisco IOS XE SD-WAN Software vDaemon Process Denial of Service Vulnerability Arbitrary Command Execution Vulnerability in Cisco IOS XE SD-WAN Software Buffer Overflow Vulnerability in Cisco IOS XE SD-WAN Software Arbitrary File Overwrite Vulnerability in Cisco IOS XE SD-WAN Software Arbitrary Command Injection Vulnerability in Cisco IOS XE Software Path Traversal Vulnerability in Cisco IOS XE SD-WAN Software Allows Unauthorized File Access Unrestricted TFTP Configuration Vulnerability in Cisco Aironet Series Access Points Software Cisco WAAS Software Local File Disclosure Vulnerability Denial of Service Vulnerability in Cisco Aironet Series Access Points Software Vulnerability in Hardware Initialization Routines of Cisco IOS XE Software for Cisco 1100 Series Industrial Integrated Services Routers and Cisco ESR6300 Embedded Series Routers Allows Execution of Unsigned Code at System Boot Time Privilege Escalation Vulnerability in Cisco IOS XE Software Arbitrary Code Execution with Root Privileges in Cisco IOS XE Software Web UI Denial of Service Vulnerabilities in Cisco ASA and FTD Software DNS Application Layer Gateway Vulnerability in Cisco IOS XE Software Privilege Escalation Vulnerability in Cisco AsyncOS for Cisco Content Security Management Appliance Command Injection Vulnerability in Cisco Firepower Threat Defense (FTD) Software Unsigned Code Execution Vulnerability in Cisco Access Points Software Denial of Service Vulnerability in Cisco AnyConnect Secure Mobility Client IPC Channel Buffer Overflow Vulnerability in Easy Virtual Switching System (VSS) Feature of Cisco Catalyst Switches Unsigned Code Execution Vulnerability in Cisco Catalyst IE and Embedded Services Switches Cisco Catalyst 9000 Family Switches: Unsigned Code Execution at System Boot Time Vulnerability Privilege Escalation in Cisco IOS XE SD-WAN Software CLI Cross-Site Scripting (XSS) Vulnerabilities in Cisco Firepower Management Center (FMC) Software Cross-Site Scripting (XSS) Vulnerabilities in Cisco Firepower Management Center (FMC) Software Cross-Site Scripting (XSS) Vulnerabilities in Cisco Firepower Management Center (FMC) Software Cross-Site Scripting (XSS) Vulnerabilities in Cisco Firepower Management Center (FMC) Software Arbitrary Code Execution Vulnerability in Cisco Small Business RV Series Routers Cisco IOx Application Framework Denial of Service Vulnerability Cross-Site Scripting (XSS) Vulnerability in Cisco Unified Intelligence Center Software Improper Authorization Checks in Cisco Webex Meetings for Android Allow Remote Avatar Modification Multiple Critical Vulnerabilities in Cisco SD-WAN vManage Software Multiple Critical Vulnerabilities in Cisco Jabber Software Multiple Critical Vulnerabilities in Cisco Jabber Software Multiple Remote Code Execution and Authentication Bypass Vulnerabilities in Cisco Small Business RV Series Routers Multiple Remote Code Execution and Authentication Bypass Vulnerabilities in Cisco Small Business RV Series Routers Formula and Link Injection Vulnerabilities in Cisco Umbrella Admin Audit Log Export and Scheduled Reports Features Formula and Link Injection Vulnerabilities in Cisco Umbrella Admin Audit Log Export and Scheduled Reports Features Arbitrary Command Execution Vulnerability in Cisco ASA and FTD Software Insufficient Access Control in Cisco Firepower Management Center Software Allows Unauthorized Service Access Unsecured TCP/IP Port Vulnerability in Cisco Unified Communications Manager and Session Management Edition Cisco SD-WAN vManage Software Multiple Vulnerabilities Cisco SD-WAN vManage Software Multiple Vulnerabilities Arbitrary Command Injection Vulnerability in Cisco IOS XR Software Title: Cisco SD-WAN vManage Software User Account Enumeration Vulnerability Arbitrary Command Execution Vulnerability in Cisco Prime Infrastructure and EPN Manager Command Injection Vulnerability in Cisco ASA and FTD Software Upgrade Process Insufficient Filesystem Resource Management Vulnerability in Cisco Firepower Device Manager (FDM) Software Cross-Site Scripting (XSS) Vulnerability in Cisco Web Security Appliance (WSA) Web Interface Arbitrary File Write Vulnerability in Duo Authentication Proxy Installer Buffer Overflow Vulnerability in Cisco ASA and FTD Software Cisco Snort Detection Engine HTTP Header Bypass Vulnerability Vulnerabilities in Cisco AnyConnect Secure Mobility Client for Windows Allow Local Privilege Escalation Command Injection Vulnerabilities in Cisco HyperFlex HX Web Management Interface Command Injection Vulnerabilities in Cisco HyperFlex HX Web Management Interface Unauthenticated File Upload Vulnerability in Cisco HyperFlex HX Data Platform Open Redirect Vulnerability in Cisco Webex Video Mesh Cisco ASA and FTD Software SIP Inspection Engine Crash Vulnerability Arbitrary Code Execution Vulnerability in Cisco Webex Network Recording Player and Cisco Webex Player Arbitrary Code Execution Vulnerability in Cisco Webex Network Recording Player and Cisco Webex Player Denial of Service Vulnerabilities in Cisco ASA and FTD Software Multiple Critical Vulnerabilities in Cisco SD-WAN vManage Software Multiple Critical Vulnerabilities in Cisco SD-WAN vManage Software Stored Cross-Site Scripting (XSS) Vulnerability in Cisco SD-WAN vManage Software API Multiple Critical Vulnerabilities in Cisco SD-WAN vManage Software Arbitrary Code Execution and DoS Vulnerabilities in Cisco SD-WAN vEdge Software Arbitrary Code Execution and DoS Vulnerabilities in Cisco SD-WAN vEdge Software Arbitrary Code Execution and DoS Vulnerabilities in Cisco SD-WAN vEdge Software Arbitrary File Overwrite Vulnerability in Cisco SD-WAN Software Cisco SD-WAN Software vDaemon Process Denial of Service Vulnerability Arbitrary Command Injection Vulnerability in Cisco SD-WAN Software Improper Access Controls in Cisco SD-WAN vManage Software: Unauthorized Access to Sensitive Information Confidential Information Exposure Vulnerability in Cisco Content Security Management Appliance, Email Security Appliance, and Web Security Appliance Security Bypass Vulnerability in Cisco Webex Meetings Multimedia Viewer Feature Arbitrary Code Execution Vulnerability in Cisco Firepower Device Manager (FDM) REST API Vulnerability: Local Privilege Escalation in Cisco AnyConnect Secure Mobility Client Software Arbitrary Command Execution Vulnerability in Cisco RV340, RV340W, RV345, and RV345P Routers Cisco Video Surveillance 8000 Series IP Cameras Reload Vulnerability Incomplete Password Policy Check in Cisco CMX Change Password API Cisco Nexus 9000 Series Fabric Switches ACI Mode Queue Wedge Vulnerability Denial of Service Vulnerability in Cisco Meeting Server API Remote File Inclusion Vulnerability in Cisco Webex Meetings and Cisco Webex Meetings Server Arbitrary Code Execution Vulnerability in Cisco Webex Player for Windows and MacOS Memory State Information Disclosure Vulnerability in Cisco Webex Player for Windows and MacOS Privilege Escalation Vulnerability in Cisco SD-WAN Software Arbitrary Command Execution Vulnerability in Cisco IOS XE SD-WAN Software Cisco BroadWorks Messaging Server Software XXE Vulnerability Arbitrary Command Execution Vulnerability in Cisco Modeling Labs Web UI Arbitrary File Reading Vulnerability in Cisco TelePresence Collaboration Endpoint Software and Cisco RoomOS Software Bypassing URL Reputation Filters in Cisco Email Security Appliance Unauthenticated Remote Access to Sensitive Information in Cisco SD-WAN vManage Software Cluster Management Interface DLL Injection Vulnerability in Cisco Webex Applications for Windows Sensitive Information Exposure Vulnerability in Cisco ThousandEyes Recorder Installer Arbitrary Code Execution Vulnerability in Cisco Common Services Platform Collector (CSPC) Configuration Dashboard Authorization Bypass Vulnerabilities in Cisco ASR 5000 Series Software (StarOS) Authorization Bypass Vulnerabilities in Cisco ASR 5000 Series Software (StarOS) Multiple Vulnerabilities in Cisco Small Business 220 Series Smart Switches Web Management Interface Multiple Vulnerabilities in Cisco Small Business 220 Series Smart Switches Web Management Interface Multiple Vulnerabilities in Cisco Small Business 220 Series Smart Switches Web Management Interface Unsafe Logging Vulnerability in Cisco Webex Meetings Client Software Information Disclosure Vulnerability in Cisco SD-WAN Software CLI Command Injection Vulnerabilities in Cisco Small Business Wireless Access Points Command Injection Vulnerabilities in Cisco Small Business Wireless Access Points Command Injection Vulnerabilities in Cisco Small Business Wireless Access Points Command Injection Vulnerabilities in Cisco Small Business Wireless Access Points Command Injection Vulnerabilities in Cisco Small Business Wireless Access Points Command Injection Vulnerabilities in Cisco Small Business Wireless Access Points Command Injection Vulnerabilities in Cisco Small Business Wireless Access Points Command Injection Vulnerabilities in Cisco Small Business Wireless Access Points Command Injection Vulnerabilities in Cisco Small Business Wireless Access Points Privilege Escalation and Arbitrary Command Execution in Cisco DNA Spaces Connector Privilege Escalation and Arbitrary Command Execution in Cisco DNA Spaces Connector Command Injection Vulnerabilities in Cisco DNA Spaces Connector Command Injection Vulnerabilities in Cisco DNA Spaces Connector Unauthorized Access and Modification Vulnerability in Cisco Secure Email and Web Manager Unauthorized Access Vulnerability in Cisco BroadWorks Application Server Memory Leak Vulnerabilities in Cisco Video Surveillance 7000 Series IP Cameras Memory Leak Vulnerabilities in Cisco Video Surveillance 7000 Series IP Cameras Denial of Service Vulnerabilities in Cisco Catalyst 9000 Family Wireless Controllers Improper Certificate Validation in Cisco AMP Integration: Man-in-the-Middle Attack Vulnerability DLL Hijacking Vulnerability in Cisco AnyConnect Secure Mobility Client for Windows Denial of Service Vulnerability in Cisco AnyConnect Secure Mobility Client for Windows Multiple Vulnerabilities in Cisco Jabber: Information Disclosure and DoS Multiple Vulnerabilities in Cisco Jabber: Information Disclosure and DoS Multiple Vulnerabilities in Cisco Small Business 220 Series Smart Switches Web Management Interface Privilege Escalation Vulnerability in ConfD Denial of Service Vulnerability in Cisco ASA and FTD Software via Malicious HTTPS Requests Privilege Escalation Vulnerabilities in Cisco Business Process Automation (BPA) Web Interface Cross-Site Scripting (XSS) Vulnerability in Cisco Virtualized Voice Browser Web Interface Privilege Escalation Vulnerabilities in Cisco Business Process Automation (BPA) Web Interface Improper Access Control in Cisco APIC and Cloud APIC API Endpoint Allows Arbitrary File Read/Write Privilege Escalation Vulnerability in Cisco APIC and Cloud APIC Insufficient Role-Based Access Control in Cisco APIC and Cloud APIC Allows Privilege Escalation Command Injection and File Upload Vulnerabilities in Cisco APIC and Cloud APIC Command Injection and File Upload Vulnerabilities in Cisco APIC and Cloud APIC Stored Cross-Site Scripting Vulnerability in Cisco APIC Web UI Fabric Infrastructure File System Access Control Vulnerability in Cisco Nexus 9000 Series Fabric Switches Privilege Escalation Vulnerability in Cisco Nexus 9000 Series Fabric Switches Title: Remote Code Execution Vulnerability in Cisco ASDM Launcher Denial of Service Vulnerability in Cisco Nexus 9000 Series Fabric Switches in Multi-Pod or Multi-Site Configurations Vulnerability in Cisco NX-OS Software's VXLAN OAM Feature Allows DoS Attacks Cisco NX-OS Software MPLS OAM Denial of Service Vulnerability Unauthorized Access to User Credentials in Cisco SD-WAN vManage Software Denial of Service Vulnerability in Cisco NX-OS Software Login Process EtherChannel Port Subscription Logic Vulnerability in Cisco Nexus 9500 Series Switches Cisco UCS Manager Software SSH Session DoS Vulnerability Title: Cisco Packet Tracer for Windows DLL Injection Vulnerability Command Injection Vulnerability in Cisco ISE REST API Allows Privilege Escalation Memory Leak Vulnerability in Cisco Video Surveillance 7000 Series IP Cameras Memory Leak Vulnerability in Cisco Video Surveillance 7000 Series IP Cameras Memory Leak Vulnerability in Cisco Video Surveillance 7000 Series IP Cameras Memory Leak Vulnerability in Cisco Video Surveillance 7000 Series IP Cameras Cross-Site Scripting (XSS) Vulnerability in Cisco Unified Customer Voice Portal (CVP) Web Interface Unauthenticated Access to Sensitive Internal Services in Cisco Intersight Virtual Appliance Unauthenticated Access to Sensitive Internal Services in Cisco Intersight Virtual Appliance Arbitrary Command Execution Vulnerability in Cisco Small Business VPN Routers Stored Cross-Site Scripting (XSS) Vulnerabilities in Cisco Identity Services Engine (ISE) Web Interface Stored Cross-Site Scripting (XSS) Vulnerabilities in Cisco Identity Services Engine (ISE) Web Interface Stored Cross-Site Scripting (XSS) Vulnerabilities in Cisco Identity Services Engine (ISE) Web Interface Stored Cross-Site Scripting (XSS) Vulnerabilities in Cisco Identity Services Engine (ISE) Web Interface Stored Cross-Site Scripting (XSS) Vulnerabilities in Cisco Identity Services Engine (ISE) Web Interface Multiple Remote Code Execution and Command Injection Vulnerabilities in Cisco Small Business RV340, RV340W, RV345, and RV345P Routers Multiple Remote Code Execution and Command Injection Vulnerabilities in Cisco Small Business RV340, RV340W, RV345, and RV345P Routers Denial of Service (DoS) Vulnerability in Cisco IOS XE Wireless Controller Software for Catalyst 9800 Family Wireless Controller Arbitrary File Overwrite Vulnerability in Cisco IOS XE SD-WAN Software CLI Insufficient Handling of Malformed MPLS Packets in Cisco SD-WAN Software Allows Unauthorized Access to Sensitive Information Insufficient Buffer Allocation Vulnerability in Cisco Embedded Wireless Controller Software for Catalyst Access Points NAT Slipstreaming: Bypassing H.323 ALG Vulnerability Vulnerabilities in Cisco Intersight Virtual Appliance Web Management Interface Vulnerabilities in Cisco Intersight Virtual Appliance Web Management Interface Unauthenticated Remote Attack on Cisco IOS XE Software: Bypassing AAA and Manipulating Device Configuration IKEv2 AutoReconnect Feature Vulnerability: Exhaustion of IP Addresses in Cisco IOS Software and Cisco IOS XE Software Cisco IOS XE Software Layer 2 Punt Code Denial of Service Vulnerability Cisco IOS XE Software COPS Resource Exhaustion Vulnerability Cisco cBR-8 Converged Broadband Routers SNMP Punt Path Overload Vulnerability Cisco IOS XE Software Rate Limiting NAT DoS Vulnerability Zone-Based Policy Firewall Bypass Vulnerability Remote Code Execution Vulnerability in MuleSoft Runtime Components Server Side Request Forgery Vulnerability in MuleSoft Runtime Components XML External Entity (XXE) Vulnerability in MuleSoft Runtime Components URL Validation Bypass in Tableau Server Email Links Critical XXE Vulnerability in Mule Runtime Component: Impact on CloudHub, GovCloud, and More Unauthenticated Elevation of Privilege Vulnerability in Microsoft SQL Server Windows DNS Query Information Leakage Vulnerability BlueBypass: Exploiting Windows Bluetooth Security Feature Bypass Vulnerability Code Execution Vulnerability in Visual Studio Code Remote Access Print Spooler Privilege Escalation Vulnerability in Windows Unauthenticated Spoofing Vulnerability in Microsoft SharePoint Server AppX Deployment Extensions Privilege Escalation Vulnerability Critical Remote Code Execution Vulnerability in HEVC Video Extensions Critical Remote Code Execution Vulnerability in HEVC Video Extensions Windows Docker Information Leakage Vulnerability Windows WLAN Service Privilege Escalation Vulnerability DefenderShield: Microsoft Defender Remote Code Execution Vulnerability Microsoft splwow64 Elevation of Privilege Vulnerability: Exploiting Windows Printer Spooler for Unauthorized Access ATL Elevation of Privilege Vulnerability Windows Runtime C++ Template Library Privilege Escalation Vulnerability Elevated Privilege Vulnerability in Diagnostics Hub Standard Collector CSC Service Privilege Escalation Vulnerability in Windows CSC Service Privilege Escalation Vulnerability in Windows CSC Service Privilege Escalation Vulnerability in Windows CSC Service Privilege Escalation Vulnerability in Windows TPM Device Driver Information Leakage Vulnerability Windows Fax Compose Form RCE Vulnerability RPC Runtime RCE Vulnerability CSC Service Privilege Escalation Vulnerability in Windows RPC Runtime RCE Vulnerability Windows Installer Privilege Escalation Vulnerability Windows Event Tracing Privilege Escalation Vulnerability Windows Projected File System FS Filter Driver Information Disclosure Vulnerability RPC Runtime RCE Vulnerability GDI+ Remote Code Execution Vulnerability: Exploiting Graphics Processing for Unauthorized Access RPC Runtime RCE Vulnerability RPC Runtime RCE Vulnerability Exploiting the Microsoft DTV-DVD Video Decoder for Remote Code Execution Windows Remote Desktop Security Bypass Vulnerability Windows Projected File System FS Filter Driver Information Disclosure Vulnerability RPC Runtime RCE Vulnerability Windows Projected File System FS Filter Driver Information Disclosure Vulnerability RPC Runtime RCE Vulnerability Windows Remote Desktop Protocol Security Bypass Vulnerability PrintNightmare: Windows Print Spooler Remote Code Execution Vulnerability Windows NT Lan Manager Datagram Receiver Driver Information Disclosure Vulnerability Azure Active Directory Pod Identity Spoofing Vulnerability Print Spooler Spoofing: A Critical Windows Vulnerability Windows CryptoAPI Denial of Service Vulnerability: Exploiting Weaknesses in Cryptographic Services Elevated Privilege Vulnerability in Diagnostics Hub Standard Collector Windows WalletService Privilege Escalation Vulnerability Windows Kernel Privilege Escalation Vulnerability BlueBypass: Exploiting Windows Bluetooth Security Feature Bypass Vulnerability BlueBypass: Exploiting Windows Bluetooth Security Feature Bypass Vulnerability AppX Deployment Extensions Privilege Escalation Vulnerability Windows WalletService Privilege Escalation Vulnerability Windows WalletService Privilege Escalation Vulnerability CSC Service Privilege Escalation Vulnerability in Windows Windows Multipoint Management Privilege Escalation Vulnerability Windows WalletService Privilege Escalation Vulnerability Hyper-V DoS Vulnerability: Disrupting Windows Virtualization Hyper-V DoS Vulnerability: Disrupting Windows Virtualization CSC Service Privilege Escalation Vulnerability in Windows Windows Update Stack Privilege Escalation Vulnerability Print Spooler Privilege Escalation Vulnerability in Windows Windows Graphics Component Information Disclosure Vulnerability Exposes Sensitive Data Windows InstallService Privilege Escalation Vulnerability Windows Win32k Privilege Escalation Vulnerability Windows Modem.sys Information Disclosure Vulnerability RPC Runtime RCE Vulnerability RPC Runtime RCE Vulnerability Windows RPC Runtime Elevation of Privilege Vulnerability Windows Event Logging Service Privilege Escalation Vulnerability Hyper-V Privilege Escalation Vulnerability in Windows Edge of Insecurity: Memory Corruption Vulnerability in Microsoft Edge (HTML-based) Windows LUAFV Privilege Escalation Vulnerability SharePoint Server Remote Code Execution Vulnerability Windows GDI+ Information Disclosure Vulnerability Exposes Sensitive Data Windows Win32k Privilege Escalation Vulnerability Windows Media Foundation Remote Code Execution Vulnerability Exploiting the Microsoft Office Remote Code Execution Vulnerability SharePoint Privilege Escalation Vulnerability Excel Remote Code Execution Vulnerability: A Critical Security Flaw in Microsoft Excel Excel Remote Code Execution Vulnerability: A Critical Security Flaw in Microsoft Excel Word RCE Vulnerability: A Remote Code Execution Risk in Microsoft Word Word RCE Vulnerability: A Remote Code Execution Risk in Microsoft Word Unauthenticated Spoofing Vulnerability in Microsoft SharePoint Server SharePoint Server Tampering Vulnerability: A Potential Breach in Microsoft's Collaboration Platform SharePoint Privilege Escalation Vulnerability .NET Core and Visual Studio Denial of Service Vulnerability: Exploiting Software to Overwhelm and Disable Systems Faxploit: Remote Code Execution Vulnerability in Windows Fax Service ASP.NET Core and Visual Studio DoS Vulnerability Exploiting Cross-site Scripting Vulnerability in Microsoft Dynamics Business Central Bot Framework SDK Information Leakage Vulnerability Unauthenticated Spoofing Vulnerability in Microsoft SharePoint Server Windows Installer Privilege Escalation Vulnerability System Center Operations Manager Privilege Escalation Vulnerability Windows Update Stack Setup Privilege Escalation Vulnerability Microsoft Exchange Server Spoofing Vulnerability PFX Encryption Security Bypass Vulnerability Windows Win32k Privilege Escalation Vulnerability PsExec Elevation of Privilege Vulnerability Windows RPC Information Disclosure Vulnerability Vulnerability: Out-of-Bounds Read in Image Processing Leading to Arbitrary Code Execution Vulnerability Title: Arbitrary Code Execution via Maliciously Crafted Image in macOS Big Sur 11.2 and Earlier Versions Vulnerability Patched: Arbitrary Code Execution via Maliciously Crafted Image Vulnerability: Local User Privilege Escalation through Directory Path Parsing Issue Improper Path Validation Allows Local User to Modify Protected File System Improper Bounds Checking in Image Processing Leading to Arbitrary Code Execution Arbitrary Code Execution Vulnerability in Image Processing Improper Bounds Checking in Image Processing Leading to Arbitrary Code Execution Vulnerability: Out-of-Bounds Write in Image Processing Leading to Arbitrary Code Execution Vulnerability: Out-of-Bounds Read in USD File Processing Arbitrary Code Execution Vulnerability in Image Processing Vulnerability: Out-of-Bounds Write Leading to Code Execution Arbitrary JavaScript Code Execution via Maliciously Crafted URL Arbitrary Code Execution Vulnerability in macOS and iOS Vulnerability: Arbitrary Code Execution via Malicious Samba Network Share Improper Bounds Checking in Image Processing Leading to Arbitrary Code Execution Arbitrary Code Execution Vulnerability in Image Processing Lock Screen Vulnerability: Unauthorized Access to Contacts on Locked iOS Devices Lock Screen Contact Access Vulnerability Privilege Escalation Vulnerability Patched in macOS Big Sur 11.2 and Other Apple Updates Improper Bounds Checking Leading to Arbitrary Code Execution Improper Input Validation in Image Processing Leading to Arbitrary Code Execution Memory Corruption Vulnerability Patched in macOS Big Sur 11.2 and Other Apple Updates Title: Remote Denial of Service Vulnerability Patched in macOS Big Sur 11.2 and Other Apple Operating Systems Vulnerability: Out-of-Bounds Write in USD File Processing Buffer Overflow Vulnerability Patched in macOS Big Sur 11.2 and iOS 14.4 Use After Free Vulnerability Patched in Multiple Apple Operating Systems Improved iframe sandbox enforcement in macOS Big Sur 11.2 and Security Updates 2021-001 Catalina/Mojave mitigates violation of iframe sandboxing policy Denial of Service Vulnerability in Image Processing Heap Corruption Vulnerability Fixed in macOS Big Sur 11.2 and iOS 14.4 Vulnerability: Out-of-Bounds Read in USD File Processing Pointer Authentication Bypass Vulnerability Patched in Apple Operating Systems Buffer Overflow Vulnerability Patched in macOS Big Sur 11.3 and iOS 14.5 Vulnerability: Unauthorized Rejoining of iMessage Group Title: Critical Stack Overflow Vulnerability Patched in macOS and iOS Updates Improper Image Processing Vulnerability Patched in Multiple Apple Operating Systems Arbitrary Code Execution Vulnerability in Image Processing Font Processing Arbitrary Code Execution Vulnerability Fixed in macOS Big Sur 11.2 and Security Updates Arbitrary Code Execution Vulnerability in Font File Processing Arbitrary Code Execution Vulnerability in Image Processing Curl Out-of-Bounds Read Vulnerability Vulnerability: Logic Error in Kext Loading Allows Arbitrary Code Execution Memory Initialization Vulnerability in iOS 14.4 and iPadOS 14.4 Allows for Denial of Service Attack Contact Card Privacy Vulnerability Privilege Escalation Vulnerability in macOS and iOS Memory Management Vulnerability in macOS and iOS: Arbitrary Code Execution through Malicious Image Processing DiskArbitration Permissions Vulnerability Vulnerability: Out-of-Bounds Read Leading to Arbitrary Code Execution in Image Processing Improved State Management Fixes Logic Issue Allowing Local User to Modify System Files Privilege Escalation Vulnerability Patched in macOS Big Sur 11.2 and Other Apple Updates Use After Free Vulnerability Patched in Multiple Apple Products Type Confusion Vulnerability Patched in Multiple Apple Products Font Processing Vulnerability in macOS Big Sur 11.2 and Earlier Versions Kernel Memory Disclosure Vulnerability Improper Bounds Checking Leading to Arbitrary Code Execution Arbitrary Code Execution Vulnerability in Image Processing Improper Input Validation Leads to Arbitrary Code Execution in iOS 14.4 and iPadOS 14.4 iOS and iPadOS 14.4 Patch Out-of-Bounds Write Vulnerability Allowing Arbitrary Code Execution Improper Input Validation Leads to Arbitrary Code Execution in iOS 14.4 and iPadOS 14.4 Improved Permissions Logic Fixes Arbitrary File Read Vulnerability Port Redirection Vulnerability Patched in macOS Big Sur 11.2 and Other Apple Updates Arbitrary File Access Vulnerability in Xcode 12.4 Improved iframe sandbox enforcement in macOS and iOS Privilege Escalation Vulnerability in macOS Big Sur 11.2 and Earlier Versions Improved Permissions Logic Fixes iCloud Document Enumeration Vulnerability Vulnerability: Out-of-Bounds Write Allows Arbitrary Code Execution with Kernel Privileges Kernel Privilege Escalation Vulnerability in macOS Improved Input Sanitization Fixes Arbitrary File Write Vulnerability in iOS 14.5 and iPadOS 14.5, watchOS 7.4 Memory Corruption Vulnerability Patched in Multiple Apple Operating Systems Memory Corruption Vulnerability Patched in Multiple Apple Operating Systems Gatekeeper Bypass Vulnerability in macOS Big Sur 11.3 and Security Update 2021-002 Catalina Font Processing Logic Issue Leading to Memory Disclosure Arbitrary Code Execution Vulnerability in iOS 14.5 and iPadOS 14.5 Root Privilege Escalation Vulnerability Patched in Multiple Apple Operating Systems Arbitrary Code Execution Vulnerability in macOS Big Sur 11.3 and watchOS 7.4 Improper Path Validation Allows Local User to Modify Protected File System Areas Improved Bounds Checking Fixes Buffer Overflow Vulnerability in iOS 14.5 and iPadOS 14.5, watchOS 7.4, tvOS 14.5 Memory Corruption Vulnerability in Apple Operating Systems Improper State Management Leading to Remote Code Execution in macOS and iOS Memory Disclosure Vulnerability in macOS Big Sur 11.3, iOS 14.5, iPadOS 14.5, watchOS 7.4, and tvOS 14.5 Improper State Management in watchOS and macOS: Denial of Service Vulnerability Improved Restrictions for File System Modification Vulnerability Privilege Escalation Vulnerability in macOS Big Sur 11.3 and Security Update 2021-002 Catalina Cross-Site Scripting Vulnerability Patched in Apple Software Updates Universal Cross-Site Scripting Vulnerability Patched in macOS Big Sur 11.3 and iOS 14.5 Memory Corruption Vulnerability in macOS Big Sur 11.3 and Earlier Versions Type Confusion Vulnerability in macOS Big Sur 11.3 Allows Arbitrary Code Execution with Kernel Privileges Improved Input Validation Fixes Out-of-Bounds Read Vulnerability in iOS 14.5 and iPadOS 14.5 Enhanced Permissions Logic Resolves File Access Vulnerability in iOS 14.5 and iPadOS 14.5 Improper File Permissions in Copied Files Elevated Privileges Vulnerability Patched in iOS 14.5 and iPadOS 14.5 Kernel Privilege Escalation via Out-of-Bounds Write Vulnerability Lock Screen Note Access Vulnerability Privilege Escalation Vulnerability in iOS 14.5 and iPadOS 14.5, tvOS 14.5 Certificate Validation Vulnerability in iOS 14.5 and iPadOS 14.5 Allows Network Traffic Manipulation Arbitrary Code Execution Vulnerability in iOS 14.4 and iPadOS 14.4 Privilege Escalation Vulnerability in macOS Big Sur 11.3 and Earlier Versions Privilege Escalation Vulnerability in macOS Big Sur 11.3 and Earlier Versions Kernel Privilege Escalation Vulnerability in macOS Big Sur 11.3 and Security Update 2021-002 Catalina Arbitrary Code Execution Vulnerability in Image Processing Arbitrary Code Execution Vulnerability in iOS, iPadOS, Safari, watchOS, and macOS Memory Disclosure Vulnerability in Audio File Processing Memory Corruption Vulnerability in macOS Big Sur 11.3 and Earlier Versions Sensitive Information Exposure in App Switcher on iOS 14.5 and iPadOS 14.5 Code Signature Validation Vulnerability Allows Bypass of Privacy Preferences Kernel Privilege Escalation Vulnerability Improved Input Validation Fixes Out-of-Bounds Read Vulnerability in iOS 14.5 and iPadOS 14.5 Privilege Escalation Vulnerability in macOS Big Sur 11.3 Improved Logic for Call Termination Issue in iOS 14.5 and iPadOS 14.5 Vulnerability: Logic Issue in Favicon Fetching Leading to Unnecessary Network Connections Memory Initialization Vulnerability in iTunes and Apple Operating Systems Arbitrary Code Execution via Maliciously Crafted Image macOS Big Sur 11.3 Fixes Logic Issue Allowing Unexpected Unlocking of Locked Notes Memory Disclosure Vulnerability in Multiple Apple Operating Systems Cache Occupancy Tracking Vulnerability Physical Access Vulnerability: Unauthorized Contact Access via Siri Search (Fixed in iOS 14.5 and iPadOS 14.5) NFC Tag Authentication Vulnerability in iOS 14.5 and iPadOS 14.5 Use After Free Vulnerability in iOS, iPadOS, watchOS, and tvOS 14.5 Improved Logic Fixes Password Visibility Issue in iOS 14.5 and iPadOS 14.5 Arbitrary Code Execution Vulnerability in iOS, iPadOS, and macOS Privilege Escalation Vulnerability Patched in Multiple Apple Operating Systems Title: Logic Issue in macOS and iOS Allows Remote Code Execution Title: Logic Issue in macOS and iOS Allows Remote Code Execution CallKit Call Muting Logic Issue in iOS 14.5 and iPadOS 14.5, watchOS 7.4, macOS Big Sur 11.3 Vulnerability: Credential Leakage from Secure Text Fields in Accessibility TCC Permissions Arbitrary Code Execution Vulnerability in iOS 14.5 and iPadOS 14.5 Heap Corruption Vulnerability Fixed in Multiple Apple Updates Use After Free Vulnerability Patched in macOS Big Sur 11.3 and Security Updates Improved Input Validation Fixes Out-of-Bounds Read Vulnerability in iOS 14.5 and iPadOS 14.5 Integer Overflow Vulnerability in macOS Big Sur 11.3 and Earlier Universal Cross-Site Scripting Vulnerability in iOS, iPadOS, and watchOS Arbitrary Code Execution Vulnerability in macOS Big Sur 11.3 and watchOS 7.4 Font File Out-of-Bounds Read Vulnerability Patched in Multiple Operating Systems Elevated Privileges Vulnerability Patched in Multiple Apple Operating Systems Heap Corruption Vulnerability in Apple Operating Systems Improved Locking to Address Race Condition Vulnerability Improper Bounds Checking in Image Processing Leading to Arbitrary Code Execution Memory Corruption Vulnerability in Snapdragon Platforms Vulnerability in Snapdragon Wi-Fi Fine Timing Measurement Protocol Allows Assertion in WLAN Subsystem Double Free Vulnerability in Snapdragon Platforms Critical Buffer Overflow Vulnerability in Snapdragon Platforms Vulnerability: Improper Length Check of Public Exponent in RSA Import Key Function Use-After-Free Vulnerability in Snapdragon Audio Driver Memory Corruption Vulnerability in Snapdragon Compute, Connectivity, Consumer Electronics Connectivity, Wired Infrastructure, and Networking due to Improper Input Validation in Nonstandard IO Control Processing Improper Access Control Vulnerability in Snapdragon Platforms Critical Vulnerability: Integer Overflow in Image Flashing Process in Snapdragon IOT Devices Unencrypted Packet Forwarding Vulnerability in Snapdragon Compute and Connectivity Unvalidated Boundary Checks in Splash Image Loading: A Potential Buffer Over-read Vulnerability Buffer Over-read Vulnerability in Snapdragon Consumer IOT, Industrial IOT, Mobile, Voice & Music, and Wearables: Incorrect Overflow Check in Splash Image Loading Unbounded Buffer Read Vulnerability in Snapdragon Devices Race condition vulnerability in Display creation leading to use after free in Snapdragon Auto, Snapdragon Compute, Snapdragon Connectivity, Snapdragon Consumer IOT, Snapdragon Industrial IOT, Snapdragon Mobile, Snapdragon Voice & Music, Snapdragon Wearables Unbounded Buffer Read Vulnerability in Snapdragon Devices Lack of Length Check on Channel Switch Announcement IE in Snapdragon Devices: A Potential Denial of Service Vulnerability PID Reuse Vulnerability in Snapdragon Platforms Memory Mapping Vulnerability in Multiple Snapdragon Platforms Address Deregistration Vulnerability in Snapdragon Platforms Critical Buffer Overflow Vulnerability in Snapdragon Platforms Critical Buffer Overflow Vulnerability Found in Multiple Snapdragon Platforms Double Free Vulnerability in Multiple Snapdragon Platforms Integer Overflow Vulnerability in Snapdragon Platforms Improper Length Check Vulnerability in Snapdragon Platforms Unreachable Exit Condition Vulnerability in Snapdragon Platforms Improper Validation of NDP Application Information Length in Multiple Snapdragon Platforms Critical Buffer Underflow Vulnerability in Snapdragon Platforms Memory Allocation Failure in DIAG: A Null Pointer Dereference Vulnerability in Snapdragon Auto, Compute, Connectivity, Industrial IOT, and Wearables Information Exposure Vulnerability in Snapdragon Consumer IOT, Snapdragon Industrial IOT, Snapdragon Mobile due to Improper Resource Allocation in Virtual Machines Integer Underflow Vulnerability in Snapdragon Platforms RTCP Packet Integer Underflow Vulnerability in Snapdragon Platforms Concurrent Memory Operations Vulnerability in Snapdragon Platforms Pointer Argument Vulnerability in Snapdragon Auto, Compute, Connectivity, and Industrial IOT Timing and Power Side-Channel Vulnerability in RSA-CRT Implementation on Snapdragon Platforms Critical Denial of Service Vulnerability in Snapdragon Platforms: Improper Handling of Group Management Action Frame Use After Free Vulnerability in FastRPC Driver in Snapdragon Platforms Buffer Over Read Vulnerability in Snapdragon Connectivity, Consumer IOT, Industrial IOT, Mobile, Voice & Music, Wearables, Wired Infrastructure, and Networking Bootmode Validation Vulnerability: Information Disclosure in Snapdragon Platforms Critical Out of Bounds Read Vulnerability in Snapdragon Platforms Critical Buffer Overflow Vulnerability in Snapdragon Platforms Vulnerability: Unauthorized Access to VM Memory in Snapdragon Platforms Improper Validation of Invite Message with SDP Body Vulnerability in Snapdragon Platforms Improper Check in Application Loader Object Destruction Leads to Memory Corruption in Snapdragon Platforms Null Pointer Dereference Vulnerability in Snapdragon Platforms Null Pointer Dereference Vulnerability in Snapdragon Platforms Vulnerability: Reachable Assertion in Snapdragon Platforms Improper Verification Vulnerability in Snapdragon Platforms Improper Validation Leads to Null Pointer Dereference in Snapdragon Platforms Vulnerability in Snapdragon Platforms: Use After Free Exploit in Firmware Response Handling Improper Length Check Vulnerability in Snapdragon Platforms Shared Memory Region Permission Vulnerability Buffer Out of Bound Read Vulnerability in Snapdragon Platforms Critical Out-of-Bound Read Vulnerability in Snapdragon Platforms Improper Validation in SDP Processing Leads to Null Pointer Dereference in Snapdragon Platforms Critical Use-After-Free Vulnerability in Snapdragon Kernel Graphics Driver Unbounded Data Parsing Vulnerability in Multiple Snapdragon Platforms Critical Vulnerability: Integer Overflow in Snapdragon Platforms with Enabled Sanitizer Secure Memory Cleaning Vulnerability in Snapdragon Platforms Critical Buffer Over Read Vulnerability in Snapdragon Platforms Vulnerability: Reachable Assertion in Snapdragon Platforms Improper Validation of Data Pointer Leads to Buffer Over-read in Snapdragon Platforms Improper Connection Handling Vulnerability in Snapdragon Platforms ASB-U Packet Interference Vulnerability in Snapdragon Devices Insecure ACL Link Reconnection in Snapdragon Devices Race Condition in FastRPC Kernel Driver: Exploiting Use After Free in Snapdragon Platforms Unbounded Input Index Vulnerability in Snapdragon Platforms Vulnerability: Uncontrolled Resource Consumption in Snapdragon Platforms Buffer Overflow Vulnerability in Snapdragon Platforms Buffer Overflow Vulnerability in Snapdragon Devices: Insufficient Validation in IOCTL Endpoint Information Retrieval Critical Use-After-Free Vulnerability in Snapdragon Platforms' IPA Driver Improper Validation of IE Size in Snapdragon Devices: Buffer Over Read Vulnerability Buffer Overflow Vulnerability in Snapdragon Platforms: Unchecked Parameter Length in MBSSID Scan IE Parse Critical Buffer Overflow Vulnerability in Snapdragon Platforms Critical Stack Buffer Overflow Vulnerability in Snapdragon Platforms Kernel Memory Information Exposure Vulnerability in Snapdragon Platforms Kernel Memory Information Exposure Vulnerability in Snapdragon Platforms Critical Out-of-Bound Read Vulnerability in Snapdragon Platforms Critical Vulnerability: Lack of Physical Layer State Validation in Snapdragon Platforms Improper Device Type Validation Vulnerability in Multiple Snapdragon Platforms Arbitrary Write Vulnerability in Snapdragon Platforms Buffer Over Read Vulnerability in Snapdragon Platforms Heap Overflow Vulnerability in Snapdragon Platforms: Improper Length Check in DNS Response Parsing Use After Free Vulnerability in Snapdragon Auto, Compute, Connectivity, Consumer IOT, Industrial IOT, Voice & Music, Wearables, Wired Infrastructure, and Networking Improper Validation of Frame Length in AEAD Decryption: Vulnerability in Snapdragon Platforms Critical Buffer Overflow Vulnerability in Snapdragon Platforms Buffer Over Read Vulnerability in Snapdragon Platforms Improper Size Check Vulnerability in Bearer Capability IE of MT Setup Request in Snapdragon Platforms Critical Denial of Service Vulnerability in Snapdragon Platforms: Improper Input Validation of NAS OTA Messages Critical Buffer Overflow Vulnerability in Snapdragon Services Buffer Overflow Vulnerability in Snapdragon Platforms Buffer Over Read Vulnerability in QVR Service Configuration in Snapdragon Platforms Java VM Component Vulnerability in Oracle Database Server (Versions 12.1.0.2, 12.2.0.1, 18c, and 19c) Oracle WebLogic Server Remote Code Execution Vulnerability Oracle WebLogic Server Web Services Unauthorized Data Access Vulnerability Oracle WebLogic Server Unauthorized Read Access Vulnerability Vulnerability in Oracle Hospitality Reporting and Analytics: Unauthorized Data Access and Modification Vulnerability in Oracle MySQL Server: Unauthorized Data Manipulation and Partial Denial of Service Vulnerability in Oracle ZFS Storage Appliance Kit Allows Unauthorized Data Manipulation Oracle Database Server Unified Audit Component Vulnerability Insecure Permissions in debian-edu-config Lead to Privilege Escalation MySQL Server Denial of Service Vulnerability Critical SQL-Injection Vulnerability in SonicWall SSLVPN SMA100 (Build Version 10.x) Title: SonicWall SMA100 Post-Authenticated Command Injection Vulnerability SonicWall SMA100 Post-Authentication Configuration File Export Vulnerability Memory Leakage Vulnerability in SonicOS HTTP Server: Potential Internal Data Disclosure MySQL Server Replication Vulnerability Remote Privilege Escalation Vulnerability in SonicWall GMS 9.3 Remote Account Creation Vulnerability in SonicWall Email Security 10.0.9.x Arbitrary File Upload Vulnerability in SonicWall Email Security Version 10.0.9.x Arbitrary File Read Vulnerability in SonicWall Email Security Version 10.0.9.x Out-of-Bound Read Vulnerability in SonicWall Switch Handling LLDP Protocol Default Username and Password Vulnerability in SonicWall Email Security Virtual Appliance OS Command Injection Vulnerability in SonicWall NSM On-Prem 2.2.0-R10 and Earlier Versions SonicOS Buffer Overflow Vulnerability: Remote DoS Exploit SQL Injection Vulnerability in End-of-Life Secure Remote Access (SRA) Products Vulnerability in Oracle Fusion Middleware's Business Intelligence Enterprise Edition: Unauthorized Data Access and Manipulation SonicWall GMS File Path Manipulation Vulnerability SonicOS Host Header Redirection Vulnerability SonicWall Analytics 2.5 On-Prem Java Debug Wire Protocol (JDWP) Interface Security Misconfiguration Vulnerability Path Traversal Vulnerability in SMA100 Allows Remote Attackers to Delete Files and Trigger Factory Reset Command Injection Vulnerability in SMA100 Management Interface SonicWall Global VPN Client 4.10.5 Installer Privilege Escalation Vulnerability Stack-based Buffer Overflow Vulnerability in SMA100 Apache httpd Server's mod_cgi Module Arbitrary Command Injection in SMA100 Management Interface Siebel Core - Server BizLogic Script Unauthorized Read Access Vulnerability Relative Path Traversal Vulnerability in SMA100 Upload Function CPU Consumption Vulnerability in SMA Appliances Unauthenticated Remote Proxy Bypass Vulnerability in SMA Appliances Heap-based Buffer Overflow Vulnerability in SonicWall SMA100 getBookmarks Method SonicWall SMA100 Post-Authentication Remote Command Injection Vulnerability Buffer Overflow Vulnerability in SMA100 SonicFiles RAC_COPY_TO Method SonicOS HTTP Content-Length Response Header Stack-based Buffer Overflow Vulnerability DLL Search Order Hijacking Vulnerability in SonicWall Global VPN Client Stack-based Buffer Overflow in SonicOS SessionID HTTP Response Header SonicWall SMA100 Password Change API Username Enumeration Vulnerability Oracle Business Intelligence Enterprise Edition Vulnerability: Unauthorized Data Access Unauthenticated Access to Restricted Management APIs in SMA100 Series: Exposing Configuration Meta-data DLL Search Order Hijacking Vulnerability in SonicWall Global VPN Client Installer Vulnerability in Oracle MySQL Client: Unauthorized Denial of Service (DoS) Local Resource Manipulation Vulnerability in JSDom Unauthenticated Access to Sensitive Syslog Events in Racom's MIDGE Firmware 4.4.40.105 Cross-Site Scripting Vulnerability in Racom's MIDGE Firmware 4.4.40.105 Cross-Site Scripting Vulnerability in Racom's MIDGE Firmware 4.4.40.105 Unauthenticated Unauthorized Read Access Vulnerability in Oracle MySQL Client Cross-Site Scripting Vulnerability in Racom's MIDGE Firmware 4.4.40.105 Cross-Site Scripting Vulnerability in Racom's MIDGE Firmware 4.4.40.105 Arbitrary File Access and Deletion Vulnerability in Racom's MIDGE Firmware 4.4.40.105 Cross-Site Request Forgery Vulnerability in Racom's MIDGE Firmware 4.4.40.105 Arbitrary OS Command Execution Vulnerability in Racom's MIDGE Firmware 4.4.40.105 Privilege Escalation Vulnerability in Racom's MIDGE Firmware 4.4.40.105 via configd Remote Code Execution (RCE) via Hypertext Preprocessor Unserialization in Tenable.sc and Tenable.sc Core versions 5.13.0 - 5.17.0 IAM Role Security Token Leakage in Nessus Agent Remote Denial of Service Vulnerability in Manage Engine OpManager Builds Below 125346 Privilege Escalation Vulnerability in Nessus Versions 8.13.2 and Earlier Vulnerability in Oracle Enterprise Manager for Fusion Middleware: Unauthorized Access and Data Manipulation Persistent Cross-Site Scripting (XSS) Vulnerability in ManageEngine ServiceDesk Plus and AssetExplorer Arbitrary Command Execution Vulnerability in ManageEngine ServiceDesk Plus before version 11205 Prototype Pollution Vulnerability in jquery-plugin-query-object 2.2.3 Prototype Pollution Vulnerability in jquery-sparkle 1.5.2-beta Prototype Pollution Vulnerability in backbone-query-parameters 0.4.0 Prototype Pollution Vulnerability in jquery-bbq 1.2.1 Prototype Pollution in jquery-deparam 0.5.1: Unauthorized Modification of Object Prototype Attributes Prototype Pollution in mootools-more 1.6.0: Unauthorized Modification of Object Prototype Attributes Prototype Pollution Vulnerability in purl 2.3.2 MySQL Server Vulnerability: Unauthorized Hang and Crash Path Traversal Vulnerability in Buffalo WSR-2533DHPL2 and WSR-2533DHP3 Web Interfaces Allows Authentication Bypass Unsanitized User Input in Buffalo WSR-2533DHPL2 and WSR-2533DHP3 Firmware Allows Remote Code Execution Unrestricted Access to Sensitive Information in Buffalo WSR-2533DHPL2 and WSR-2533DHP3 Firmware Buffer Over-read Vulnerability in Wibu-Systems CodeMeter Versions < 7.21a Denial of Service Vulnerability in Wibu-Systems CodeMeter Runtime Server OpenOversight 0.6.4 Cross-Site Request Forgery Vulnerability Multiple Local Privilege Escalation Vulnerabilities in Nessus Agent 8.2.4 and Earlier for Windows Vulnerability in Oracle MySQL Client: Unauthorized Data Access and Partial Denial of Service Local Privilege Escalation Vulnerabilities in Nessus Agent 8.2.4 and Earlier for Windows HTTP Host Header Injection Vulnerability in Machform Prior to Version 16 Cross-Site Request Forgery Vulnerability in Machform Prior to Version 16 Stored Cross-Site Scripting Vulnerability in Machform (prior to version 16) Unauthenticated Remote Code Execution in Machform Prior to Version 16 Open Redirect Vulnerability in Machform prior to version 16 Privilege Escalation Vulnerability in Nessus Agent Versions 8.2.5 and Earlier Unauthenticated BLE Interface Vulnerability in Sloan SmartFaucets and Flushometers Memory Leak Vulnerability in Manage Engine Asset Explorer Agent 1.0.34 Heap Overflow Vulnerability in AEAgent.cpp MySQL Client Denial of Service Vulnerability Vulnerability: Heap Overflow in Manage Engine Asset Explorer Agent 1.0.34 Stored Cross-Site Scripting Vulnerability in TCExam <= 14.8.1 via tce_filemanager.php Stored Cross-Site Scripting Vulnerability in TCExam <= 14.8.1 via tce_select_mediafile.php TCExam users. Unauthenticated Access to Sensitive Database Backup Files in TCExam <= 14.8.1 Reflected Cross-Site Scripting Vulnerability in TCExam <= 14.8.3 via Unsantized Path Parameters in tce_filemanager.php Reflected Cross-Site Scripting Vulnerability in TCExam <= 14.8.4 via tce_select_mediafile.php Local Privilege Escalation Vulnerability in Nessus Agent 8.3.0 and Earlier Local Privilege Escalation Vulnerability in Nessus Agent 8.3.0 and Earlier Vulnerability: Bypassing Safety Measures in Arris SurfBoard SB8200 Password Change Utility Vulnerability in Oracle MySQL Server: Unauthorized Hang or Crash Vulnerability: Lack of Cross-Site Request Forgery (CSRF) Protection in Arris Surfboard SB8200 Administration Web Interface Authenticated Arbitrary File Read Vulnerability in Telus Wi-Fi Hub (PRV65B444A-S-TS) Firmware 3.00.20 Authenticated Command Injection Vulnerability in Telus Wi-Fi Hub (PRV65B444A-S-TS) Firmware 3.00.20 Draytek VigorConnect 1.6.0-B3 Local File Inclusion Vulnerability Local File Inclusion Vulnerability in Draytek VigorConnect 1.6.0-B3 Allows Unauthorized File Downloads Arbitrary File Upload and Directory Traversal Vulnerability in Draytek VigorConnect 1.6.0-B3 Cross-Site Request Forgery (CSRF) Vulnerability in Draytek VigorConnect 1.6.0-B3 Arbitrary File Deletion Vulnerability in Draytek VigorConnect 1.6.0-B3 Stored XSS Vulnerability in Draytek VigorConnect 1.6.0-B3's Profile Name Field Information Disclosure Vulnerability in Draytek VigorConnect 1.6.0-B3: Unauthorized System Log Export Oracle BI Publisher Product Vulnerability: Unauthorized Access and Data Compromise Post-Authentication Remote Code Execution Vulnerability in ManageEngine ADManager Plus Build 7111 Post-Authentication Remote Code Execution Vulnerability in ManageEngine ADManager Plus Build 7111 Default Hard-Coded Credentials Vulnerability in Quagga Services on D-Link DIR-2640 (<= 1.11B02) Absolute Path Traversal and Denial of Service Vulnerability in Quagga Services on D-Link DIR-2640 (<=1.11B02) Absolute Path Traversal Vulnerability in Quagga Services on D-Link DIR-2640 (<=v1.11B02): Remote Code Execution and Unauthenticated Root Shell Access Local Privilege Escalation Vulnerability in Nessus Versions 8.15.2 and Earlier Improper Access Control Vulnerability in ManageEngine Log360 Builds < 5235: Remote Code Execution Reflected Cross-Site Scripting Vulnerability in Gryphon Tower Router's Web Interface Unauthenticated Command Injection Vulnerability in Gryphon Tower Router's Web Interface Unauthenticated Command Injection Vulnerability in Gryphon Tower Routers Title: High-Privilege Remote Attack Vulnerability in Oracle MySQL Server (PAM Auth Plugin) Unauthenticated Command Injection Vulnerability in Gryphon Tower Routers Unauthenticated Command Injection Vulnerability in Gryphon Tower Routers Unauthenticated Command Injection Vulnerability in Gryphon Tower Routers Unauthenticated Command Injection Vulnerability in Gryphon Tower Routers Unauthenticated Command Injection Vulnerability in Gryphon Tower Routers Unprotected OpenVPN Configuration File in Gryphon Tower Routers Exposes LAN Interfaces and Enables Unauthorized Access Unprotected SSH Private Key Vulnerability on Gryphon Devices Observable Response Discrepancy in ManageEngine ADSelfService Plus Allows User Existence Enumeration Predictable Filename Vulnerability in ManageEngine ADSelfService Plus Insufficient Access Controls for WAN Interface on Trendnet AC2600 TEW-827DRU Version 2.08B01 Oracle E-Business Suite Worklist Unauthenticated Remote Code Execution Vulnerability Improper Information Disclosure and Authentication Bypass in Trendnet AC2600 TEW-827DRU Version 2.08B01 Setup Wizard Session Hijacking Vulnerability in Trendnet AC2600 TEW-827DRU Router Trendnet AC2600 TEW-827DRU Version 2.08B01 Bittorrent Web Client Authentication Bypass Symlink Vulnerability in Trendnet AC2600 TEW-827DRU v2.08B01 Bittorrent Functionality Cleartext Transmission of Sensitive Information in Trendnet AC2600 TEW-827DRU v2.08B01 Hardcoded Credentials in Trendnet AC2600 TEW-827DRU Version 2.08B01 Improper Access Control Configuration in Trendnet AC2600 TEW-827DRU v2.08B01 Allows for Malicious Firmware Updates Hidden Administrative Command Vulnerability Allows Unauthenticated Reboot Attacks Authentication Bypass Vulnerability in Trendnet AC2600 TEW-827DRU Version 2.08B01 Command Injection Vulnerability in Trendnet AC2600 TEW-827DRU Version 2.08B01 MySQL Server Denial of Service Vulnerability Command Injection Vulnerability in Trendnet AC2600 TEW-827DRU Version 2.08B01 Unauthenticated UART Access Vulnerability in Trendnet AC2600 TEW-827DRU v2.08B01 Plaintext Storage of Credentials in Trendnet AC2600 TEW-827DRU v2.08B01 FTP Server Information Disclosure Vulnerability Trendnet AC2600 TEW-827DRU Version 2.08B01 SMB Credentials Disclosure Vulnerability CSRF Vulnerability in Trendnet AC2600 TEW-827DRU Version 2.08B01 Buffer Overrun Vulnerability in Netgear RAX43 Router (Version 1.0.3.96) Command Injection Vulnerability in Netgear RAX43 Version 1.0.3.96: Exploiting the ReadyCloud CGI Application Vulnerability: Unprotected UART Interface Allows Unauthorized Access to Netgear RAX43 (Version 1.0.3.96) Cleartext Transmission of Sensitive Information in Netgear RAX43 Version 1.0.3.96 Oracle User Management Proxy User Delegation Unauthorized Read Access Vulnerability Hardcoded Credentials and Unauthorized Configuration Manipulation in Netgear RAX43 Version 1.0.3.96 Plaintext Storage of Sensitive Information in Netgear RAX43 Version 1.0.3.96 Local Privilege Escalation Vulnerability in Netgear Genie Installer for macOS Command Injection Vulnerability in Netgear Nighthawk R6700 Version 1.0.4.120 Cleartext Transmission of Sensitive Information in Netgear Nighthawk R6700 Version 1.0.4.120 Insecure Communication in Netgear Nighthawk R6700: Cleartext Transmission of Sensitive Information ImageMagick Divide-by-Zero Vulnerability Linux Kernel String Matching Vulnerability: Privileged User Panic Exploit Vulnerability: Disclosure of Bitbucket Pipeline Credentials in Ansible Console Log Vulnerability: Key Compromise Allows Unauthorized Certificate Renewal Vulnerability in Oracle Database Server's Advanced Networking Option (CVE-2021-2018) Vulnerability: Disclosure of Bitbucket Pipeline Credentials in Ansible Console Log Race Condition Vulnerability in QEMU 9pfs Server Implementation Allows Privilege Escalation Privilege Escalation Vulnerability in openshift4/ose-docker-builder Reflected XSS Vulnerability in Moodle Search Inputs Insufficient Capability Checks in Moodle Grade Web Services Allow Unauthorized Grade Access Unrestricted Character Limit in Moodle Messaging Leads to Denial of Service Vulnerability Stored XSS Vulnerability in Moodle TeX Notation Filter Arbitrary PHP Script Execution via Shibboleth Authentication in Moodle Privileged Container File Permissions Vulnerability MySQL Server Privilege Escalation Vulnerability Jackson-databind Deserialization Vulnerability Vulnerability in Ansible: Credentials Disclosure in Console Log Memory Consumption Vulnerability in tar 1.33 and Earlier Heap Overflow Vulnerability in Linux Kernel Versions 5.2 and Higher Keycloak Vulnerability: Self-Stored XSS Leading to Account Takeover QEMU Floppy Disk Emulator NULL Pointer Dereference Vulnerability Privilege Escalation Vulnerability in GNU Binutils Utilities OpenShift Installer Vulnerability: Unauthenticated Remote Command Execution Rootless Containers in Podman Vulnerability: Remote Hosts Can Bypass Authentication via 127.0.0.1 MySQL Server Denial of Service Vulnerability Denial of Service Vulnerability in spice before 0.14.92 Keycloak Directory Creation Vulnerability Integer Overflow Vulnerability in QEMU's vmxnet3 NIC Emulator Heap Memory Corruption Vulnerability in libgetdata v0.10.0 Divide by Zero Denial of Service Vulnerability in Libjpeg-turbo Improper Path Name Limitation Allows Execution of Arbitrary Binaries Kerberos Credential Leakage in cifs-utils Memory Leak Vulnerability in Privoxy's show-status CGI Handler MySQL Server Denial of Service Vulnerability Memory Leak in Privoxy's show-status CGI Handler Can Cause System Crash Memory Leak Vulnerability in Privoxy Versions Before 3.0.29 Memory Leak and System Crash Vulnerability in Privoxy NULL-pointer Dereference Vulnerability in Privoxy Memory Leak Vulnerability in Privoxy Versions Before 3.0.29 Memory Leak Vulnerability in Privoxy Versions Before 3.0.29 Memory Leak Vulnerability in Privoxy Versions before 3.0.31 Denial of Service Vulnerability in Privoxy Versions Before 3.0.31 Vulnerability in fabric8 kubernetes-client allows unauthorized file extraction Denial of Service Vulnerability in n_tty_receive_char_special in Linux Kernel MySQL Server Denial of Service Vulnerability Undertow HTTP Request Smuggling Vulnerability Heap Buffer Overflow in ARM Generic Interrupt Controller Emulator of QEMU Referrer URL-based Code Execution Vulnerability in Keycloak Integer Overflow in ImageMagick's ExportIndexQuantum() Function Heap Buffer Overflow in grub2 Option Parser Use-After-Free Vulnerability in Linux Kernel's io_uring Leads to Denial of Service SQLite SELECT Query Use-After-Free Vulnerability Sensitive Information Exposure in Ansible Engine 2.9.18 PostgreSQL Confidentiality Vulnerability: Unauthorized Access to Table Columns Oracle Installed Base API Unauthenticated Remote Compromise Vulnerability Improper Validation of Client Certificates in stunnel Allows Unauthorized Access Use After Free Vulnerability in gnutls Key_Share Extension Use After Free Vulnerability in gnutls' client_send_params Function Grub2 Vulnerability: Memory Corruption via Quoted Single Quotes ZeroMQ Client Memory Leak Vulnerability Buffer Overflow Vulnerability in zeromq Server (Versions < 4.3.3) in src/decoder_allocators.hpp ZeroMQ Server Stack Buffer Overflow Vulnerability ZeroMQ Memory Leak Vulnerability Unauthenticated Access to Ignition Config in OpenShift Container Platform 4 BPF Protocol Information Leakage Vulnerability MySQL Server Denial of Service Vulnerability Integer Wraparound Vulnerability in gdk-pixbuf: Potential Code Execution and System Crash ImageMagick jp2.c Division by Zero Vulnerability ImageMagick Vulnerability: Math Division by Zero in Resize Function ImageMagick Vulnerability: Math Division by Zero in visual-effects.c ImageMagick Vulnerability: Math Division by Zero in coders/webp.c ImageMagick Vulnerability: Math Division by Zero in resample.c Vulnerability: Unvalidated Mailbox Names in mbsync Vulnerability in Oracle Business Intelligence Enterprise Edition: Unauthorized Access and Data Compromise Wildfly EJB Client Privileged Actions Vulnerability: Threat to Data Confidentiality Race Condition in Samba Password Lockout Code Increases Brute Force Attack Risk Denial of Service Vulnerability in Red Hat 3scale API Management Platform 2 Job Isolation Escape Vulnerability in Ansible Tower: Privilege Escalation and Data Compromise Samba Vulnerability: Information Disclosure and Data Integrity Flaw Stack Overflow Vulnerability in QEMU's eepro100 i8255x Device Emulator Vulnerability in Red Hat Satellite: Exposed Password in BMC Interface API Denial of Service Vulnerability in QEMU e1000 NIC Emulator Vulnerability in Foreman Project: Exposed Password in Proxmox Compute Resource API Oracle Marketing Product Vulnerability: Unauthorized Access and Data Compromise Vulnerability: Password Exposure in Foreman Datacenter Plugin Race Condition Vulnerability in Linux Kernel's Floppy Disk Drive Controller Driver Keycloak 12.0.0 Vulnerability: Password Update Without Re-authentication Privilege Escalation Vulnerability in virtio-fs Shared File System Daemon Insecure Modification Flaw in openjdk-1.8 and openjdk-11 Containers Allows Privilege Escalation Linux Kernel Memory Exhaustion Vulnerability Out-of-Bounds Read Vulnerability in RPM's hdrblobInit() Function OpenStack Neutron Open vSwitch Firewall Rules Impersonation Vulnerability Linux Kernel eBPF Code Verifier Out-of-Bounds Access Vulnerability Local Unprivileged User Can Read Kernel Internal Information via Log File in kexec-tools Oracle Marketing Product Vulnerability: Unauthorized Access and Data Compromise Denial of Service Vulnerability in Pygments SMLLexer RPM Signature Check Bypass Vulnerability Privoxy CGI Request Assertion Failure Vulnerability Privoxy Denial of Service Vulnerability Privoxy Null-Pointer Dereference Vulnerability Denial of Service Vulnerability in Privoxy before 3.0.32 Denial of Service Vulnerability in Privoxy before 3.0.32 LDAP Attribute Out-of-Bounds Memory Write Vulnerability in Samba's libldb Authentication Bypass Vulnerability in Kiali with OpenID Implicit Flow Stored XSS Vulnerability in Moodle User Profile Field (CVE-2021-12345) Title: High-Privilege Network Access Vulnerability in Oracle MySQL Server (InnoDB Component) Stored XSS and Blind SSRF Vulnerabilities in Moodle User Privacy Breach: Unauthorized Access to Full Names in Moodle Account Verification Bypass in Moodle Versions 3.10.2, 3.9.5, 3.8.8, 3.5.17 Unrestricted Access to Enrolled Courses in Moodle Heap-based Buffer Overflow in GNU Binutils 2.35.1: Threat to System Availability Denial of Service Vulnerability in UPX 3.96 Assertion Failure in libnbd 1.7.3: Denial of Service Vulnerability Authentication Flaw in Ceph Allows Key Reuse and User Impersonation Exposure of Endpoint Class and Method Names in RESTEasy Exception Response Oracle Scripting Product Vulnerability in Oracle E-Business Suite Improper Authorization Handling in Foreman OpenSCAP Plugin: Local Access and Denial of Service Deadlock Vulnerability in 'github.com/containers/storage' Allows DoS Attacks Privilege Escalation Vulnerability in Linux Kernel's Nouveau DRM Subsystem Reflected XSS Vulnerability in RESTEasy up to 4.6.0.Final Stack Buffer Overflow in binutils readelf 2.35: Confidentiality, Integrity, and Availability Impact Red Hat Enterprise Linux 8.3 Update Vulnerability: Failure to Include Fix for CVE-2020-10756 OpenEXR Dwa Decompression NULL Pointer Dereference Vulnerability NetworkManager Vulnerability: Profile Activation Crash via match.path OpenEXR B44Compressor Memory Exhaustion Vulnerability OpenEXR Multipart Input File NULL Pointer Dereference Vulnerability MySQL Server Vulnerability: Unauthorized Hang and Crash Integer Overflow Vulnerability in OpenEXR's hufUncompress Functionality OpenEXR TiledInputFile Floating-Point Exception Vulnerability Integer Overflow Vulnerability in dataWindowForTile() Function of OpenEXR OpenEXR hufDecode Right Shift Error Vulnerability Vulnerability in Nettle Signature Verification Functions Allows for Invalid Signatures Unauthorized Access to Ruleflow Groups in jBPM 7.51.0.Final Format String Vulnerability in panoFileOutputNamesCreate() in libpano13 2.9.20~rc2+dfsg-3 and earlier Integer Overflow Vulnerability in htmldoc 1.9.11 and Earlier Versions Division by Zero Vulnerability in ImageMagick MySQL Server Denial of Service Vulnerability ImageMagick Division by Zero Vulnerability Division by Zero Vulnerability in ImageMagick Integer Overflow in WriteTHUMBNAILImage of ImageMagick: A System Availability Vulnerability Cipher Leak Vulnerability in ImageMagick (Versions < 7.0.11) Stack Buffer Overflow in libspf2: A Potential Denial of Service and Code Execution Vulnerability Vulnerability: Locking Protection Bypass in GNOME Shell with Enabled Extensions Samba File/Directory Metadata Leakage Vulnerability Linux Kernel Denial of Service Vulnerability: Corrupted Timer Tree in timerqueue_add Function Unpatched HornetQ Component in EAP 7 Allows Remote Code Execution via JMS ObjectMessage Improper Signature Verification Vulnerability in coreos-installer Allows Installation of Unsigned Content Unauthorized Read Access Vulnerability in Oracle MySQL Server Vulnerability: Local Privilege Escalation in s390 eBPF JIT Race Condition Vulnerability in Linux Kernel OverlayFS Subsystem Allows Local Users to Crash System Vulnerability: ICMP Error Processing Flaw in Linux Kernel Allows UDP Port Scanning Keycloak Vulnerability: Reflected Cross Site Scripting via POST Request Red Hat Enterprise Linux 8.5.0 Security Regression: Missing Fixes for CVE-2021-40438 and CVE-2021-26691 Denial of Service Vulnerability in MongoDB Server v4.4.4 Insecure Certificate Validation in Node.js mongodb-client-encryption Module Insecure Host Name Verification in Java Driver for Client-Side Field Level Encryption Potential Injection of Additional Fields in MongoDB Go Driver Oracle WebLogic Server Denial of Service Vulnerability Denial of Service Vulnerability in MongoDB Server Versions Prior to 4.4.9 MongoDB C# Driver Authentication Data Exposure Vulnerability Credentials Leakage in MongoDB Rust Driver MongoDB Server Log Entry Manipulation Vulnerability Arbitrary Code Execution Vulnerability in MongoDB Compass on Windows SSL Disabling Bug during MongoDB Ops Manager Upgrade Stored Cross-Site Scripting Vulnerability in IBM Tivoli Netcool/OMNIbus_GUI 8.1.0 Weak Cryptographic Algorithms in IBM QRadar SIEM 7.3.0 to 7.3.3 Patch 8 and 7.4.0 to 7.4.3 GA Cross-Site Scripting Vulnerability in IBM Jazz Foundation and IBM Engineering Products (IBM X-Force ID: 194449) Vulnerability in Oracle Common Applications Calendar of Oracle E-Business Suite: Unauthorized Access and Data Compromise Cross-Site Scripting Vulnerability in IBM Engineering Products: Potential Credentials Disclosure Information Disclosure Vulnerability in IBM Cloud Pak for Multicloud Management Monitoring 2.2 IBM Jazz Foundation and IBM Engineering Products Vulnerable to Server-Side Request Forgery (SSRF) IBM Jazz Foundation and IBM Engineering Products Vulnerable to Server-Side Request Forgery (SSRF) IBM Jazz Foundation and IBM Engineering Products Vulnerable to Server-Side Request Forgery (SSRF) IBM Jazz Foundation and IBM Engineering Products Vulnerable to Server-Side Request Forgery (SSRF) Vulnerability: Server-Side Request Forgery (SSRF) in IBM Jazz Foundation and IBM Engineering Products Stack-based Buffer Overflow in IBM Tivoli Workload Scheduler 9.4 and 9.5 Oracle Database Server RDBMS Scheduler Component Takeover Vulnerability Cross-Site Scripting Vulnerability in IBM Engineering Products (X-Force ID: 194707) Cross-Site Scripting Vulnerability in IBM Engineering Products (X-Force ID: 194708) Cross-Site Scripting Vulnerability in IBM Jazz Foundation Products (X-Force ID: 194710) XML External Entity Injection (XXE) Vulnerability in IBM WebSphere Application Server 7.0, 8.0, 8.5, and 9.0 Directory Traversal Vulnerability in IBM WebSphere Application Server 8.0, 8.5, and 9.0 IBM Jazz Team Server Information Disclosure Vulnerability Cross-Site Scripting Vulnerability in IBM Jazz Foundation Products (IBM X-Force ID: 194963) Clear Text Storage of Sensitive Information in IBM Cloud Pak for Automation API Connection Log Files Information Disclosure Vulnerability in IBM Cloud Pak for Automation MySQL Server Denial of Service Vulnerability Weak Cryptographic Algorithms in IBM Cloud Pak for Applications 4.3: A Potential Decryption Vulnerability Cross-Site Scripting (XSS) Vulnerability in IBM Cloud Pak for Applications 4.3 Cross-Site Scripting (XSS) Vulnerability in IBM Cloud Pak for Applications 4.3 Cross-Site Scripting (XSS) Vulnerability in IBM Cloud Pak for Applications 4.3 Cross-Site Scripting (XSS) Vulnerability in IBM Cloud Pak for Applications 4.3 Cross-Site Scripting (XSS) Vulnerability in IBM Cloud Pak for Applications 4.3 Cross-Site Scripting (XSS) Vulnerability in IBM Cloud Pak for Applications 4.3 Cross-Site Scripting (XSS) Vulnerability in IBM Cloud Pak for Applications 4.3 Weak Cryptographic Algorithms in IBM Cloud Pak for Applications 4.3: A Potential Threat to Sensitive Data Information Disclosure Vulnerability in IBM Jazz Foundation and IBM Engineering Products Insufficient Permission Checking in IBM Sterling File Gateway 2.2.0.0 through 6.1.1.0 Information Disclosure Vulnerability in IBM Db2 LOAD Utility Stored Cross-Site Scripting Vulnerability in IBM Maximo Asset Management 7.6.0 and 7.6.1 Improper Access Controls in IBM Sterling File Gateway Allow Message Interception and Replacement User Enumeration Vulnerability in IBM Sterling File Gateway Remote Information Disclosure Vulnerability in IBM Security Guardium 11.3 Session Invalidation Vulnerability in IBM Guardium Data Encryption (GDE) 3.0.0.2 and 4.0.0.4 Weak Cryptographic Algorithms in IBM Guardium Data Encryption (GDE) 3.0.0.3 and 4.0.0.4: Vulnerability to Information Decryption Vulnerability in Oracle MySQL Server: Unauthorized Server Crash Remote Information Disclosure Vulnerability in IBM QRadar Advisor With Watson App Arbitrary Command Execution Vulnerability in IBM Security Guardium 11.2 Cross-Site Scripting (XSS) Vulnerability in IBM Security Guardium 11.2 IBM Security Guardium 11.2 Local User Credential Exposure Vulnerability Vulnerability in Oracle Siebel CRM: Unauthorized Access and Data Compromise Local File Inclusion Vulnerability in IBM QRadar User Behavior Analytics Cross-Site Scripting (XSS) Vulnerability in IBM QRadar User Behavior Analytics Sensitive Information Disclosure in IBM QRadar User Behavior Analytics Local File Disclosure Vulnerability in IBM QRadar Analyst Workflow App Cross-Site Scripting (XSS) Vulnerability in IBM QRadar SIEM 7.3 and 7.4 XML External Entity Injection (XXE) Vulnerability in IBM Qradar SIEM 7.3.0 to 7.3.3 Patch 8 and 7.4.0 to 7.4.3 GA Oracle Argus Safety Product Vulnerability: Unauthorized Data Access and Manipulation Weak Cryptographic Algorithms in IBM QRadar SIEM 7.3 and 7.4: Vulnerability to Information Decryption Hard-coded Credentials Vulnerability in IBM QRadar SIEM 7.3 and 7.4 Sensitive Information Disclosure in IBM Security Verify Information Queue 1.0.6 and 1.0.7 Cross-Site Request Forgery Vulnerability in IBM Security Verify Information Queue 1.0.6 and 1.0.7 Denial of Service Vulnerability in IBM Security Verify Information Queue 1.0.6 and 1.0.7 Improper Output Encoding in IBM Security Verify Information Queue 1.0.6 and 1.0.7 Weak Cryptographic Algorithms in IBM Security Verify Information Queue 1.0.6 and 1.0.7 Sensitive Information Disclosure in IBM Security Verify Information Queue 1.0.6 and 1.0.7 Improper Storage of Plaintext Cryptographic Key in IBM Security Verify Information Queue 1.0.6 and 1.0.7 HTTP Strict Transport Security Bypass in IBM Security Verify Information Queue 1.0.6 and 1.0.7 Oracle Business Intelligence Enterprise Edition Remote Code Execution Vulnerability Clear Text Transmission of User Credentials in IBM Security Verify Information Queue 1.0.6 and 1.0.7 Session Impersonation Vulnerability in IBM Security Verify Information Queue 1.0.6 and 1.0.7 Hard-coded Credentials in IBM Security Verify Information Queue 1.0.6 and 1.0.7 Sensitive Information Disclosure in IBM Guardium Data Encryption (GDE) 4.0.0.4 Unrestricted Interaction Vulnerability in IBM Guardium Data Encryption (GDE) 3.0.0.2 Inadequate Account Lockout Setting in IBM Guardium Data Encryption (GDE) 4.0.0.4 Failure to Set HTTPOnly Flag in IBM Guardium Data Encryption (GDE) 3.0.0.3 and 4.0.0.4 Allows Remote Information Disclosure Sensitive Information Disclosure in IBM Guardium Data Encryption (GDE) 4.0.0.4 Weak Password Policy in IBM Security Guardium 11.2 Puts User Accounts at Risk Weak Cryptographic Algorithms in IBM Security Guardium 11.2: A Potential Decryption Vulnerability MySQL Server Vulnerability: Unauthorized Data Access Untrusted Inputs in IBM Security Guardium 11.2 Could Lead to Disclosure of Sensitive Information IBM Jazz Team Server 6.0.6, 6.0.6.1, 7.0, 7.0.1, and 7.0.2 SSRF Vulnerability Memory Disclosure Vulnerability in IBM Cloud Pak for Applications 4.3 (IBM X-Force ID: 196304) Improper Application Permissions in IBM Cloud Pak for Applications 4.3 Allows Escalation of Privileges Sensitive Information Disclosure in IBM Cloud Pak for Applications 4.3 Hard-coded Credentials Vulnerability in IBM Security Guardium 11.2 Inadequate Account Lockout Setting in IBM Security Guardium 11.2 Allows Remote Brute Force Attack Remote Information Disclosure Vulnerability in IBM Security Guardium 11.2 Overly Permissive Cross-Domain Policy in IBM QRadar User Behavior Analytics 1.0.0 through 4.1.0 Allows Disclosure of Sensitive Information Vulnerability in Oracle PeopleSoft Enterprise PeopleTools: Unauthorized Data Access and Manipulation Sensitive Information Disclosure in IBM i2 Analyst's Notebook Premium Session Invalidation Vulnerability in IBM i2 Analyst's Notebook Premium 9.2.0, 9.2.1, and 9.2.2 Cross-Origin Resource Sharing (CORS) Misconfiguration in IBM Spectrum Protect Plus 10.1.0 through 10.1.7 IBM Security Guardium 11.3 Authenticated User Information Disclosure Vulnerability Clear Text Storage of User Credentials in IBM Security Verify Bridge 1.0.5.0 Certificate Validation Vulnerability in IBM Security Verify Bridge 1.0.5.0 Clear Text Storage of User Credentials in IBM Security Access Manager 9.0 and IBM Security Verify Access Docker 10.0.0 Critical Data Access Vulnerability in Oracle PeopleSoft Enterprise FIN Payables (9.2) Unrestricted Member Registration in IBM API Connect 10.0.0.0 and 2018.4.1.0 through 2018.4.1.13 Weak Cryptographic Algorithms in IBM Security Verify Bridge: A Gateway to Decryption Vulnerability Hard-coded Credentials in IBM Security Verify Bridge Inclusion of Executable Functionality from Untrusted Source in IBM Maximo for Civil Infrastructure 7.6.2 Cross-Site Scripting (XSS) Vulnerability in IBM Maximo for Civil Infrastructure 7.6.2 Insecure Storage of Authentication Credentials in IBM Maximo for Civil Infrastructure 7.6.2 Cross-Site Scripting (XSS) Vulnerability in IBM Maximo for Civil Infrastructure 7.6.2 Cross-Site Scripting Vulnerability in IBM Jazz Foundation Products (IBM X-Force ID: 196623) Cross-Site Scripting (XSS) Vulnerability in IBM Content Navigator 3.0.CD Oracle Text Component Denial of Service Vulnerability Insecure Cookie Handling in IBM Cognos Controller 10.4.1, 10.4.2, and 11.0.0 SQL Injection Vulnerability in IBM Cognos Controller 10.4.1, 10.4.2, and 11.0.0 XML External Entity Injection (XXE) Vulnerability in IBM WebSphere Application Server 8.0, 8.5, and 9.0 XML External Entity Injection (XXE) Vulnerability in IBM WebSphere Application Server 7.0, 8.0, 8.5, and 9.0 Vulnerability in Oracle MySQL Server: Stored Procedure DOS System Appearance Configuration Bypass Vulnerability in IBM Cognos Analytics 10.0 and 11.1 XML Bomb Vulnerability in IBM Cognos Analytics PowerPlay Cross-Site Request Forgery Vulnerability in IBM Cognos Analytics 11.1.7, 11.2.0, and 11.2.1 Oracle WebLogic Server Remote Code Execution Vulnerability Weak Password Policy in IBM Cognos Analytics 11.1.7 and 11.2.0 Session Impersonation Vulnerability in IBM Sterling File Gateway User Interface Lack of Authentication in IBM Guardium Data Encryption (GDE) 3.0.0.2 and 4.0.0.4 Cross-Site Scripting (XSS) Vulnerability in IBM Planning Analytics 2.0 Local User Privilege Escalation in IBM Cloud Pak System 2.3 Weak Cryptographic Algorithms in IBM Cloud Pak System 2.3.0 through 2.3.3.3 Interim Fix 1 Vulnerability Vulnerability in Oracle MySQL Server: Unauthorized Data Access and Denial of Service IBM WebSphere Application Server 7.0, 8.0, and 8.5 Server-Side Request Forgery (SSRF) Vulnerability Cross-Site Scripting (XSS) Vulnerability in IBM Sterling File Gateway 2.2.0.0 through 6.1.1.0 XML External Entity Injection (XXE) Vulnerability in IBM Cloud Pak for Automation 20.0.2 and 20.0.3 IF002 IBM Security Identity Manager 6.0.2 SSRF Vulnerability Cross-Site Scripting (XSS) Vulnerability in IBM Sterling File Gateway 2.2.0.0 through 6.1.0.3 Sensitive Information Disclosure in IBM Sterling File Gateway Information Disclosure Vulnerability in IBM Cloud Pak for Data 3.0 with Additional Plugins IBM Power9 Self Boot Engine (SBE) Privilege Escalation and Firmware Integrity Compromise Vulnerability: Password Manipulation in IBM Security Identity Manager 6.0.2 Cross-Site Request Forgery Vulnerability in IBM Sterling File Gateway 2.2.0.0 through 6.1.1.0 Vulnerability in Oracle BI Publisher Allows Unauthorized Access and Data Manipulation Insecure File Permission Settings Vulnerability in IBM Spectrum Protect Plus 10.1.0 through 10.1.8 Stack-based Buffer Overflow in IBM Spectrum Protect Server 7.1 and 8.1 XML External Entity Injection (XXE) Vulnerability in IBM WebSphere Application Server 8.0, 8.5, 9.0, and Liberty Java Batch Cross-Site Scripting (XSS) Vulnerability in IBM Cognos Analytics 11.1.7 and 11.2.0 Heap Based Buffer Overflow in IBM Security Identity Manager Adapters 6.0 and 7.0 Improper Input Validation in IBM Security Verify Access Docker 10.0.0 Weak Cryptographic Algorithms in IBM Security Verify Access Docker 10.0.0: A Potential Decryption Vulnerability Information Disclosure Vulnerability in IBM Security Verify Access Docker 10.0.0 Sensitive Information Disclosure in IBM Security Verify Access Docker 10.0.0 Vulnerability in Oracle BI Publisher: Unauthorized Access and Data Compromise Local Privilege Escalation Vulnerability in IBM Security Verify Access Docker 10.0.0 SMTP Non-Existent Local-Domain Recipient Vulnerability XML External Entity Injection (XXE) Vulnerability in IBM Jazz Foundation Products Cross-Site Scripting Vulnerability in IBM Jazz Foundation Products Cross-Site Scripting Vulnerability in IBM Jazz Foundation Products Vulnerability: Compromised Encryption Key Exchange in PowerVM Logical Partition Mobility (LPM) Cross-Site Scripting Vulnerability in IBM Jazz Foundation Products Cross-Site Scripting Vulnerability in IBM Jazz Foundation and IBM Engineering Products (IBM X-Force ID: 198235) Sensitive Information Disclosure in IBM Security Secret Server CSV Injection Vulnerability in IBM Maximo Asset Management 7.6.0 and 7.6.1 Vulnerability in Oracle BI Publisher: Unauthorized Access and Data Compromise Clear Text Storage of User Credentials in IBM Security Verify Access Docker 10.0.0 Directory Traversal Vulnerability in IBM Security Verify Access Docker 10.0.0 Stack-Based Buffer Overflow in IBM Informix Dynamic Server 14.10 Directory Traversal Vulnerability in IBM WebSphere Application Server Network Deployment 8.5 and 9.0 Cross-Site Scripting Vulnerability in IBM Jazz Foundation Products Cross-Site Scripting (XSS) Vulnerability in IBM Jazz Team Server Products JD Edwards EnterpriseOne Orchestrator Unauthenticated Read Access Vulnerability Cross-Site Scripting Vulnerability in IBM Jazz Foundation Products Sensitive Information Disclosure in IBM Security Verify Access Docker 10.0.0 Cross-Site Scripting (XSS) Vulnerability in IBM Security Verify Access Docker 10.0.0 IBM Planning Analytics 2.0 HTTPOnly Flag Failure Vulnerability Privileged User Exploit in IBM Resilient SOAR V38.0: Execution of Malicious Scripts as Another User Cross-Site Scripting (XSS) Vulnerability in IBM Control Center 6.2.0.0 Information Disclosure Vulnerability in IBM Control Center 6.2.0.0 Vulnerability in Oracle Enterprise Manager Base Platform: Unauthorized Data Access and Manipulation Insecure Directory Permissions Vulnerability in IBM Spectrum Protect Client 8.1.0.0 through 8.1.11.0 Arbitrary Command Execution Vulnerability in IBM Security Verify Access Docker 10.0.0 Open Redirect Vulnerability in IBM Security Verify Access Docker 10.0.0 IBM Jazz Reporting Service 6.0.6.1, 7.0, 7.0.1, and 7.0.2 SSRF Vulnerability Local User Information Disclosure in IBM Spectrum Protect Plus File Systems Agent Hard-coded Credentials in IBM Security Verify Access Docker 10.0.0 Authorization Bypass Vulnerability in IBM Cloud Pak for Security (CP4S) 1.5.0.0 and 1.5.0.1 Information Disclosure Vulnerability in IBM Cloud Pak for Security (CP4S) Oracle Database Server RDBMS Sharding Component Privilege Escalation Vulnerability Information Disclosure Vulnerability in IBM Cloud Pak for Security (CP4S) Information Disclosure Vulnerability in IBM Cloud Pak for Security (CP4S) HTML Injection Vulnerability in IBM Jazz Team Server 6.0.6, 6.0.6.1, 7.0, 7.0.1, and 7.0.2 IBM Jazz Team Server 6.0.6, 6.0.6.1, 7.0, 7.0.1, and 7.0.2 SSRF Vulnerability Stack-Based Buffer Overflow in IBM Spectrum Protect Client 8.1.0.0 through 8.1.11.0 Cross-Site Scripting (XSS) Vulnerability in IBM Content Navigator 3.0.CD MySQL Server Denial of Service Vulnerability Cross-Site Scripting (XSS) Vulnerability in IBM Content Navigator 3.0.CD Local File Disclosure Vulnerability in IBM Jazz Team Server Sensitive Information Disclosure in IBM Sterling File Gateway Cross-Site Scripting (XSS) Vulnerability in IBM Sterling Order Management 9.4, 9.5, and 10.0 User Enumeration Vulnerability in IBM Cognos Controller 10.4.1, 10.4.2, and 11.0.0 Remote Code Execution Vulnerability in IBM Security Guardium 11.2 Cross-Site Scripting (XSS) Vulnerability in IBM Control Desk 7.6.1.2 and 7.6.1.3 MySQL Server Denial of Service Vulnerability Remote Click Hijacking Vulnerability in IBM Sterling Connect:Direct Browser User Interface Cross-Site Scripting (XSS) Vulnerability in IBM Sterling File Gateway 2.2.0.0 through 6.1.1.0 Cross-Site Scripting (XSS) Vulnerability in IBM Sterling B2B Integrator Information Disclosure Vulnerability in IBM Sterling File Gateway Improper HTTP Strict Transport Security Configuration in IBM Cloud Pak for Security (CP4S) Bypassing Protection Mechanism in IBM Cloud Pak for Security (CP4S) Weak Cryptographic Algorithms in IBM Resilient SOAR V38.0: A Potential Threat to Sensitive Data Improper Encryption in IBM Resilient SOAR V38.0 Allows Local Privileged Attacker to Obtain Sensitive Information Improper Input Validation in IBM Security Secret Server Allows User Enumeration Vulnerability in Oracle Retail Customer Management and Segmentation Foundation: Unauthorized Data Access and Partial Denial of Service Stored Cross-Site Scripting Vulnerability in IBM Sterling B2B Integrator Stack-Based Buffer Overflow in IBM Security Identity Manager Adapters 6.0 and 7.0 Heap-based Buffer Overflow in IBM Security Identity Manager Adapters 6.0 and 7.0 LDAP Injection Vulnerability in IBM Security Identity Manager Adapters 6.0 and 7.0 Local File Disclosure Vulnerability in IBM Security Verify Access 20.07 Remote Code Execution Vulnerability in IBM Security Verify Access 20.07 Cross-Site Scripting (XSS) Vulnerability in IBM Cloud Pak for Security (CP4S) 1.5.0.0 and 1.5.0.1 Improper or Missing Authentication Controls in IBM Cloud Pak for Security (CP4S) 1.7.0.0 - 1.8.0.0 Information Disclosure Vulnerability in IBM Db2 for Linux, UNIX and Windows MySQL Server Vulnerability: Unauthorized Hang and Crash Cross-Site Request Forgery (CSRF) Vulnerability in IBM Planning Analytics 2.0 Insufficient Session Expiration in IBM Security Verify Privilege On-Premises 11.5 Sensitive Information Disclosure in IBM Security Secret Server Improper Input Validation in IBM Security Verify Privilege Vault 10.9.66 Allows Disclosure of Sensitive Information Arbitrary File Upload Vulnerability in IBM Sterling File Gateway HTTP Server Header Information Disclosure Vulnerability in IBM Security Verify Access 20.07 Resource Management Errors Vulnerability in MELFA Robot Controllers Heap-based Buffer Overflow Vulnerability in Mitsubishi Electric FA Engineering Software Length parameter inconsistency vulnerability in Mitsubishi Electric FA Engineering Software Buffer Access with Incorrect Length Value Vulnerability in Mitsubishi Electric GOT2000 Series and GT SoftGOT2000 Communication Drivers Oracle iStore Unauthenticated Read Access Vulnerability Unauthenticated Remote Access Vulnerability in Mitsubishi Electric GOT Series VNC Servers Uncontrolled Resource Consumption Vulnerability in Mitsubishi Electric MELSEC iQ-R Series CPU Modules Unauthenticated Remote DoS Vulnerability in GOT2000 Series GT27, GT25, GT23, and GT SoftGOT2000 Communication Drivers Authentication Bypass and Information Disclosure Vulnerability in Mitsubishi Electric Air Conditioning System/Centralized Controllers and Air Conditioning System/Expansion Controllers Sensitive Information Exposure via Brute-Force Attack on User Names in Mitsubishi Electric MELSEC iQ-R Series Safety and SIL2 Process CPU Modules XML External Entity (XXE) Reference Vulnerability in Mitsubishi Electric Air Conditioning System/Centralized Controllers NULL Pointer Dereference Vulnerability in MELSEC-F Series FX3U-ENET Firmware Mitsubishi Electric MELSEC iQ-R Series Safety and SIL2 Process CPU Modules Insufficient Credential Protection Vulnerability Account Lockout Bypass Vulnerability in Mitsubishi Electric MELSEC iQ-R Series CPU Modules Cleartext Transmission of Sensitive Information Vulnerability in MELSEC iQ-R Series Safety and SIL2 Process CPU MySQL Server Denial of Service Vulnerability Uncontrolled Resource Consumption Vulnerability in Mitsubishi Electric MELSEC iQ-R Series C Controller Module R12CCPU-V Firmware Versions 16 and Prior Input Validation Bypass Vulnerability in Mitsubishi Electric GOT2000 and GT SoftGOT2000 Series DoS Vulnerability in Mitsubishi Electric Software via Malicious Project File DoS Vulnerability in Mitsubishi Electric Software through Malicious Project File Length Parameter Inconsistency DoS Vulnerability in Mitsubishi Electric GX Works2 Uncontrolled Resource Consumption Vulnerability in Mitsubishi Electric MELSEC iQ-R and Q Series CPUs and MELIPC Series High-Privilege Network Access Vulnerability in Oracle MySQL Server (CVE-2020-2819) Improper Handling of Length Parameter Inconsistency Vulnerability in Mitsubishi Electric MELSEC iQ-R and Q Series CPUs and MELIPC Series MI5122-VW Denial-of-Service (DoS) vulnerability in Mitsubishi Electric MELSEC iQ-R and Q Series CPUs and MELIPC Series MI5122-VW Unauthenticated Remote DoS Vulnerability in MELSEC-F Series FX3U-ENET Firmware Denial-of-Service Vulnerability in MELSEC-F Series FX3U-ENET Firmware Untrusted Search Path Vulnerability in SKYSEA Client View Installer Arbitrary OS Command Execution and Privilege Escalation Vulnerability in acmailer Privilege Escalation Vulnerability in acmailer and acmailer DB Arbitrary Script Injection Vulnerability in GROWI (v4.2 Series) versions prior to v4.2.3 Vulnerability in Oracle BI Publisher: Unauthorized Access and Data Compromise Arbitrary Script Injection Vulnerability in Aterm WF800HP Firmware Ver1.0.9 and Earlier CSRF Vulnerability in Aterm WG2600HP and WG2600HP2 Firmware Arbitrary Script Injection Vulnerability in Aterm WG2600HP and WG2600HP2 Firmware Arbitrary Code Execution Vulnerability in Video Insight VMS Versions Prior to 7.8 Access Control Bypass Vulnerability in Cybozu Office Scheduler Bulletin Board Access Control Bypass Vulnerability in Cybozu Office 10.0.0 to 10.8.4 Access Control Bypass Vulnerability in Cybozu Office Workflow Arbitrary Script Injection Vulnerability in Cybozu Office Address Book (10.0.0 to 10.8.4) Cross-site scripting vulnerability in Address Book of Cybozu Office 10.0.0 to 10.8.4 when using Mozilla Firefox Arbitrary Script Injection Vulnerability in Cybozu Office E-mail Vulnerability in Oracle PeopleSoft Enterprise PeopleTools: Unauthorized Takeover Phone Messages Access Control Bypass Vulnerability in Cybozu Office 10.0.0 to 10.8.4 Data Alteration Vulnerability in Cybozu Office Custom App Access Control Bypass Vulnerability in Cybozu Office Bulletin Board Cabinet of Cybozu Office 10.0.0 to 10.8.4 Access Control Bypass Vulnerability Access Control Bypass Vulnerability in Cybozu Office Custom App Wireless Range PIN Recovery Vulnerability in LOGITEC LAN-WH450N/GR CSRF Vulnerability in LOGITEC LAN-W300N/PR5B Allows Remote Authentication Hijacking Denial-of-Service (DoS) Vulnerability in LOGITEC LAN-W300N/PR5B Arbitrary OS Command Execution Vulnerability in LOGITEC LAN-W300N/PGRB Arbitrary OS Command Execution Vulnerability in LOGITEC LAN-W300N/PGRB Oracle WebLogic Server Vulnerability: Unauthenticated Takeover via IIOP, T3 Buffer Overflow Vulnerability in LOGITEC LAN-W300N/PGRB CSRF Vulnerability in LOGITEC LAN-W300N/RS Allows Remote Authentication Hijacking Denial-of-Service (DoS) Vulnerability in LOGITEC LAN-W300N/RS Remote Password Change Vulnerability in ELECOM LD-PS/U1 Arbitrary Script Execution Vulnerability in ELECOM WRC-1467GHBK-A Arbitrary Script Injection Vulnerability in ELECOM WRC-300FEBK-A CSRF Vulnerability in ELECOM WRC-300FEBK-A Allows Remote Authentication Hijacking and Arbitrary Request Execution CSRF Vulnerability in ELECOM WRC-300FEBK-S Allows Remote Authentication Hijacking and Arbitrary Request Execution Arbitrary OS Command Execution Vulnerability in ELECOM WRC-300FEBK-S Improper Certificate Validation Vulnerability in ELECOM WRC-300FEBK-S Allows for Arbitrary OS Command Execution MySQL Server Denial of Service Vulnerability CSRF Vulnerability in ELECOM NCC-EWF100RMWH2 Allows Remote Authentication Hijacking and Arbitrary Request Execution Arbitrary File Creation and Overwrite Vulnerability in ELECOM File Manager CSRF Vulnerability in Name Directory 1.17.4 and Earlier: Remote Authentication Hijacking Access Restriction Bypass Vulnerability in Calsos CSDJ Fieldbleed: Multiple Stored Cross-Site Scripting Vulnerabilities in Wekan Arbitrary OS Command Execution in FileZen (V3.0.0 to V4.2.7 and V5.0.0 to V5.0.2) Directory Listing Vulnerability in SolarView Compact SV-CPT-MC310 Improper Access Control Vulnerability in SolarView Compact SV-CPT-MC310 (Ver.6.5) Arbitrary OS Command Execution Vulnerability in SolarView Compact SV-CPT-MC310 (prior to Ver.6.5) Arbitrary File Upload and Remote Code Execution in SolarView Compact SV-CPT-MC310 Vulnerability in Oracle Outside In Technology: Unauthorized Data Access and Partial Denial of Service Arbitrary Script Injection Vulnerability in SolarView Compact SV-CPT-MC310 (Ver.6.5 and earlier) SolarView Compact SV-CPT-MC310 Directory Traversal Vulnerability Missing Authentication in SolarView Compact SV-CPT-MC310 Prior to Ver. 6.5 Allows Unauthorized Alteration of Setting Information Arbitrary Script Injection Vulnerability in Movable Type Versions 6.7.5 and Earlier Arbitrary Script Injection Vulnerability in Movable Type Asset Registration Screen Arbitrary Script Injection Vulnerability in Movable Type Content Field Stored Cross-Site Scripting (XSS) Vulnerability in GROWI v4.2.2 and Earlier Arbitrary Path Read Vulnerability in GROWI v4.2.2 and Earlier Path Traversal Vulnerability in GROWI v4.2.2 and Earlier: Arbitrary Path Read/Delete Vulnerability in Oracle Outside In Technology: Unauthorized Data Access and Partial Denial of Service Improper Access Control Vulnerability in GROWI v4.2.2 and Earlier: Unauthorized Information Disclosure Arbitrary Code Execution via File Overwrite in GROWI v4.2.2 Insufficient Verification of URL Query Parameters in GROWI (v4.2 Series) Allows Reflected Cross-Site Scripting Stored Cross-Site Scripting Vulnerability in GROWI Admin Page (v4.2 Series) Untrusted Search Path Vulnerability in MagicConnect Client Installer Allows Privilege Escalation and Remote Code Execution Denial of Service Vulnerability in M-System DL8 Series (prior to Ver3.0) Remote Access Bypass Vulnerability in M-System DL8 Series Remote Authenticated DoS Vulnerability in UNIVERGE Aspire, UX, SV9100, and SL2100 PBX Systems SQL Injection Vulnerability in Paid Memberships Pro Plugin Vulnerability: Denial of Service and Abnormal End (ABEND) in Fuji Xerox Multifunction Devices and Printers Vulnerability in Oracle Outside In Technology: Unauthorized Data Access and Partial Denial of Service Cross-site Scripting Vulnerability in NEC Aterm Devices Arbitrary Script Injection Vulnerability in baserCMS Versions Prior to 4.4.5 Arbitrary OS Command Execution in baserCMS versions prior to 4.4.5 Arbitrary Script Injection in baserCMS Blog Article Editing Function Cross-Site Scripting Vulnerability in MagazinegerZ v.1.01 Arbitrary Script Injection Vulnerability in Kagemai 0.8.8 Arbitrary Script Injection Vulnerability in Kagemai 0.8.8 CSRF Vulnerability in Kagemai 0.8.8 Allows Remote Authentication Hijacking Arbitrary Script Injection Vulnerability in Click Ranker Ver.3.5 Arbitrary Script Injection Vulnerability in Yomi-Search Ver4.22 Vulnerability in Oracle Outside In Technology: Unauthorized Data Access and Partial Denial of Service Arbitrary Script Injection Vulnerability in Yomi-Search Ver4.22 Arbitrary Script Injection Vulnerability in Yomi-Search Ver4.22 Directory Traversal Vulnerability in Archive Collectively Operation Utility Ver.2.10.1.0 and Earlier: File Manipulation via Malicious ZIP Archives Arbitrary Website Access Vulnerability in Gurunavi App for Android and iOS Improper Access Control Vulnerability in DAP-1880AC Firmware Version 1.21 and Earlier Chain of Trust Vulnerability in DAP-1880AC Firmware Version 1.21 and Earlier Arbitrary OS Command Execution in DAP-1880AC Firmware Version 1.21 and Earlier Unauthenticated Remote Login Vulnerability in DAP-1880AC Firmware Remote Code Execution Vulnerability in Sharp NEC Displays Buffer Overflow and Remote Code Execution Vulnerability in Sharp NEC Displays MySQL Server Denial of Service Vulnerability Remote Code Execution Vulnerability in Disk Agent CLUSTERPRO X 4.3 and EXPRESSCLUSTER X 4.3 for Windows Remote Code Execution Vulnerability in Disk Agent CLUSTERPRO X 4.3 and EXPRESSCLUSTER X 4.3 for Windows Remote Code Execution Vulnerability in CLUSTERPRO X 4.3 and EXPRESSCLUSTER X 4.3 for Windows Remote Code Execution Vulnerability in CLUSTERPRO X 4.3 and EXPRESSCLUSTER X 4.3 for Windows Remote Code Execution Vulnerability in CLUSTERPRO X 4.3 and EXPRESSCLUSTER X 4.3 for Windows Remote File Upload Vulnerability in WebManager CLUSTERPRO X 4.3 and EXPRESSCLUSTER X 4.3 for Windows Remote File Upload Vulnerability in WebManager CLUSTERPRO X 4.3 and EXPRESSCLUSTER X 4.3 for Windows File Disclosure Vulnerability in Transaction Server CLUSTERPRO X 4.3 and EXPRESSCLUSTER X 4.3 for Windows Arbitrary OS Command Execution in NEC Aterm Devices Arbitrary OS Command Execution Vulnerability in NEC Aterm WF1200CR, WG1200CR, and WG2600HS Firmware Elastic Search Vulnerability in Oracle PeopleSoft Enterprise PeopleTools Arbitrary Script Injection Vulnerability in Aterm WG2600HS Firmware Ver1.5.1 and Earlier Arbitrary OS Command Execution Vulnerability in Aterm WG2600HS Firmware Ver1.5.1 and Earlier LAN-to-WAN Access Control Vulnerability in NEC Aterm WG2600HS and Aterm WX3000HP Firmware Privilege Escalation Vulnerability in QND Advance/Premium/Standard Ver.11.0.4i and Earlier Arbitrary File Deletion Vulnerability in WP Fastest Cache Arbitrary Website Access Vulnerability in Hot Pepper Gourmet App for Android and iOS Hidden functionality vulnerability in multiple Buffalo network devices Arbitrary Script Execution Vulnerability in EC-CUBE 4.0.0 to 4.0.5 Denial-of-Service Vulnerability in mod_auth_openidc 2.4.0 to 2.4.7 Arbitrary OS Command Execution Vulnerability in RFNTPS Firmware Versions System_01000004 and Earlier, and Web_01000004 and Earlier MySQL Server Stored Procedure Denial of Service Vulnerability SQL Injection Vulnerability in KonaWiki2 versions prior to 2.2.4 Arbitrary File Upload and Remote Code Execution in KonaWiki2 versions prior to 2.2.4 Untrusted Search Path Vulnerability in ScanSnap Manager Installers Reflected Cross-Site Scripting Vulnerability in Outdated MailForm01 Free Edition Reflected Cross-Site Scripting Vulnerability in Telop01 Free Edition ver1.0.1 and Earlier Reflected Cross-Site Scripting Vulnerability in Admin Page of [Calendar01] Free Edition ver1.0.1 and Earlier Untrusted Search Path Vulnerability in Overwolf Installer Allows Privilege Escalation and Code Execution Arbitrary Script Execution Vulnerability in Zettlr (0.20.0 - 1.8.8) via Invalid Iframe Loading Arbitrary Website Access Vulnerability in goo blog App for Android and iOS Arbitrary Script Injection Vulnerability in pfSense CE and pfSense Plus Oracle VM VirtualBox Prior to 6.1.18 Denial of Service Vulnerability WSR-1166DHP3 and WSR-1166DHP4 Firmware Vulnerability: Unauthorized Access to Configuration Information Arbitrary OS Command Execution Vulnerability in WSR-1166DHP3 and WSR-1166DHP4 Firmware Insecure Certificate Verification in ATOM - Smart life App for Android and iOS Arbitrary Website Access Vulnerability in あすけんダイエット (asken diet) for Android Cross-Site Scripting Vulnerability in Welcart e-Commerce Versions Prior to 2.2.4 Arbitrary Script Injection Vulnerability in ETUNA EC-CUBE Plugins GROWI NoSQL Injection Vulnerability Unauthenticated Access Vulnerability in GROWI versions prior to v4.2.20 Unauthenticated Information Disclosure Vulnerability in WRC-1167FS-W, WRC-1167FS-B, and WRC-1167FSA Unauthenticated OS Command Execution Vulnerability in WRC and WRH Series Routers Oracle VM VirtualBox Prior to 6.1.18 Vulnerability: High Privileged Takeover Arbitrary OS Command Execution Vulnerability in Hitachi Virtual File Platform and NEC Storage M Series NAS Gateway Arbitrary Script Injection Vulnerability in Hitachi Application Server Help Arbitrary Script Injection Vulnerability in EC-CUBE Business Form Output Plugin Arbitrary Script Injection in EC-CUBE Email Newsletters Management Plugin Arbitrary Script Injection in EC-CUBE Category Contents Plugin (EC-CUBE 3.0 Series) Arbitrary OS Command Execution Vulnerability in Inkdrop Versions Prior to v5.3.1 Arbitrary Script Injection Vulnerability in WordPress Popular Posts Plugin Arbitrary Website Access via Custom URL Scheme in Retty App for Android and iOS Hard-coded API Key Vulnerability in Retty App for Android and iOS Arbitrary Script Injection Vulnerability in Fudousan Plugin ver5.7.0 and earlier Oracle WebLogic Server Samples Unauthenticated Takeover Vulnerability Arbitrary Script Injection Vulnerability in EC-CUBE eCommerce Platform Arbitrary Script Injection Vulnerability in EC-CUBE 4.0.0 to 4.0.5-p1 Arbitrary Script Injection Vulnerability in IkaIka RSS Reader Arbitrary Script Injection Vulnerability in Cybozu Garoon Scheduler 4.0.0 to 5.0.2 Unauthorized Data Alteration Vulnerability in Cybozu Garoon Workflow Portal of Cybozu Garoon: Viewing Restrictions Bypass Vulnerability Address Viewing Restrictions Bypass Vulnerability in Cybozu Garoon 4.0.0 to 5.0.2 E-mail Operational Restrictions Bypass Vulnerability in Cybozu Garoon 4.0.0 to 5.0.2 CSRF Vulnerability in Cybozu Garoon 4.0.0 to 5.0.2: Remote Authentication Hijacking Data Alteration Vulnerability in Cybozu Garoon 4.6.0 to 5.0.2 MySQL Server Denial of Service Vulnerability User Profile Data Alteration Vulnerability in Cybozu Garoon 4.0.0 to 5.0.2 Privilege Escalation Vulnerability in Cybozu Garoon E-mail E-mail Data Alteration Vulnerability in Cybozu Garoon 4.0.0 to 5.0.2 Data Leakage Vulnerability in Cybozu Garoon Portal 4.0.0 to 5.0.2 Remote File Alteration Vulnerability in Cybozu Garoon 4.0.0 to 5.0.2 Arbitrary Script Injection Vulnerability in Bulletin of Cybozu Garoon 4.0.0 to 5.0.2 Arbitrary Script Injection Vulnerability in Cybozu Garoon 4.0.0 to 5.0.2 Arbitrary Script Injection Vulnerability in Cybozu Garoon Full Text Search Data Deletion Vulnerability in Cybozu Garoon Scheduler and MultiReport Arbitrary Script Injection Vulnerability in Cybozu Garoon 4.6.0 to 5.0.2 Oracle iStore Product Vulnerability: Unauthorized Access and Data Compromise Arbitrary Script Injection Vulnerability in Cybozu Garoon 4.6.0 to 5.0.2 Arbitrary Script Injection Vulnerability in Cybozu Garoon E-Mail Functions Title: Bulletin of Cybozu Garoon Information Disclosure Vulnerability: Unauthorized Access to Bulletin Titles Remote Authenticated Route Deletion Vulnerability in Cybozu Garoon Workflow (4.0.0 - 5.5.0) Arbitrary Script Injection Vulnerability in Cybozu Garoon E-mail Functions Unauthenticated Access to Comment and Space Data in Bulletin of Cybozu Garoon 4.10.0 to 5.5.0 Authentication Bypass Vulnerability in SCT-40CM01SR and AT-40CM01SR Arbitrary Website Access Vulnerability in GU App for Android (4.8.0 - 5.0.2) Improper Access Control Vulnerability in EC-CUBE 4.0.6: Remote Information Disclosure CSRF Vulnerability in WordPress Email Template Designer - WP HTML Mail Oracle Configurator Vulnerability in UI Servlet (12.1 and 12.2) - Unauthorized Access and Data Compromise CSRF Vulnerability in WPCS - WordPress Currency Switcher 1.1.6 and Earlier CSRF Vulnerability in WordPress Meta Data Filter & Taxonomies Filter CSRF Vulnerability in Software License Manager Versions Prior to 4.4.6 CSRF Vulnerability in Optical BB Unit E-WMTA2.3 Allows Remote Authentication Hijacking HTTP Header Injection Vulnerability in Everything (All Versions except Lite) Arbitrary Script Injection Vulnerability in GroupSession CSRF Vulnerability in GroupSession Allows Remote Authentication Hijacking Arbitrary Script Injection Vulnerability in GroupSession Server-side Request Forgery (SSRF) Vulnerability in GroupSession: Remote Port Scanning and Information Disclosure Open Redirect Vulnerability in GroupSession Oracle Configurator Vulnerability in UI Servlet (12.1 and 12.2) - Unauthorized Access and Data Compromise Arbitrary Code Execution Vulnerability in RevoWorks Browser 2.1.230 and Earlier Improper Access Control Vulnerability in RevoWorks Browser 2.1.230 and Earlier Arbitrary Script Injection Vulnerability in Quiz And Survey Master Untrusted Search Path Vulnerability in Sony Audio USB Driver and HAP Music Transfer Installer CSRF Vulnerability in Cybozu Remote Service 3.1.8 to 3.1.9 Arbitrary File Upload Vulnerability in Cybozu Remote Service 3.1.8 Management Screen Cross-Site Script Inclusion Vulnerability in Cybozu Remote Service 3.1.8 Management Screen Arbitrary Script Injection Vulnerability in Cybozu Remote Service 3.1.8 to 3.1.9 Arbitrary Script Injection Vulnerability in Cybozu Remote Service 3.1.8 to 3.1.9 Oracle Configurator Vulnerability in UI Servlet (12.1 and 12.2) - Unauthorized Access and Data Compromise Arbitrary Script Injection Vulnerability in Cybozu Remote Service 3.1.8 Management Screen Cybozu Remote Service 3.1.8 to 3.1.9 XXE Vulnerability Cybozu Remote Service 3.1.8 to 3.1.9 HTTP Header Injection Vulnerability Operation Restriction Bypass in Cybozu Remote Service 3.1.8 to 3.1.9: Remote Data Alteration Vulnerability Cybozu Remote Service 3.1.8 to 3.1.9 Denial of Service Vulnerability Arbitrary Script Injection Vulnerability in Cybozu Remote Service 3.1.7 to 3.1.9 Open Redirect Vulnerability in Cybozu Remote Service 3.0.0 to 3.1.9: Phishing Attack Vector Arbitrary Script Injection Vulnerability in Cybozu Remote Service 3.0.0 to 3.1.9 Cross-site scripting vulnerability in Movable Type Search screen (Movable Type 7 r.4903 and earlier, Movable Type 6.8.0 and earlier, Movable Type Advanced 7 r.4903 and earlier, Movable Type Premium 1.44 and earlier, and Movable Type Premium Advanced 1.44 and earlier) Cross-site scripting vulnerability in Create screens of Movable Type allows remote code injection MySQL Server Stored Procedure Denial of Service Vulnerability Cross-site scripting vulnerability in Movable Type allows remote code injection via Website Management screen Cross-site scripting vulnerability in List of Assets screen of Movable Type Cross-Site Scripting Vulnerability in Movable Type Server Sync Setting Screen Arbitrary Script Injection Vulnerability in Movable Type Content Data Edit Screen Arbitrary Script Injection in Movable Type ContentType Information Widget Plugin Cross-site scripting vulnerability in Edit Boilerplate screen of Movable Type Oracle iStore Product Vulnerability: Unauthorized Access and Data Compromise Arbitrary Script Injection Vulnerability in List Item Change Plug-in for EC-CUBE 3.0 Series Ver.1.1 and Earlier Unprotected Transport of Credentials Vulnerability in IDEC PLCs Plaintext Storage of Passwords in IDEC PLCs: Web Server Hijacking Vulnerability Arbitrary Script Injection Vulnerability in Order Status Batch Change Plug-in (for EC-CUBE 3.0 series) Inadequate Tag Sanitization in GROWI v4.2.19 and Earlier: Cross-Site Scripting (XSS) Vulnerability Oracle iSupport User Responsibilities Unauthorized Access Vulnerability CSRF Vulnerability in OG Tags Prior to 2.0.2 Allows Remote Authentication Hijacking Information Disclosure Vulnerability in InBody App for iOS and Android Insecure Certificate Verification in SNKRDUNK Market Place App for iOS Arbitrary Website Access Vulnerability in Nike App for Android and iOS Arbitrary Activity Launch via Custom URL Scheme in Mercari (Merpay) Android App CX-Supervisor v4.0.0.13 and v4.0.0.16 Out-of-Bounds Read Vulnerability in SCS Project Files Arbitrary OS Command Execution Vulnerability in Movable Type XML External Entity (XXE) Attack in Office Server Document Converter XML External Entity (XXE) Attack in Office Server Document Converter Vulnerability in Oracle CRM Technical Foundation Allows Unauthorized Access and Data Manipulation Arbitrary Script Injection Vulnerability in Booking Package - Appointment Booking Calendar System Improper Access Control in EC-CUBE 2 Series 2.11.2 to 2.17.1 Management Screen CSRF Vulnerability in EC-CUBE 2 Series: Remote Authentication Hijacking and Administrator Deletion Cross-Site Script Inclusion Vulnerability in Web GUI of RTX830, NVR510, NVR700W, and RTX1210 HTTP Request Header Scripting Vulnerability in RTX830, NVR510, NVR700W, and RTX1210 CSRF Vulnerability in Unlimited Sitemap Generator Allows Remote Authentication Hijacking CSRF Vulnerability in Push Notifications for WordPress (Lite) Plugin Arbitrary script injection vulnerability in Wi-Fi STATION SH-52A (38JP_1_11G, 38JP_1_11J, 38JP_1_11K, 38JP_1_11L, 38JP_1_26F, 38JP_1_26G, 38JP_1_26J, 38JP_2_03B, and 38JP_2_03C) Arbitrary Script Injection Vulnerability in rwtxt Versions Prior to v1.8.6 Vulnerability in Oracle CRM Technical Foundation Allows Unauthorized Access and Data Manipulation Arbitrary OS Command Execution in PowerCMS XMLRPC API CSRF Vulnerability in Browser and Operating System Finder Versions Prior to 1.2 Buffer Overflow Vulnerability in ELECOM LAN Routers: Arbitrary OS Command Execution Arbitrary OS Command Execution Vulnerability in ELECOM LAN Routers (WRH-733GBK and WRH-733GWH) Arbitrary OS Command Execution Vulnerability in ELECOM LAN Routers (WRH-733GBK and WRH-733GWH) Arbitrary Script Injection Vulnerability in ELECOM LAN Routers (WRH-733GBK and WRH-733GWH) Arbitrary Script Injection Vulnerability in ELECOM LAN Routers (WRH-733GBK and WRH-733GWH) Arbitrary Script Injection Vulnerability in ELECOM LAN Router WRC-2533GHBK-I Firmware v1.20 and Prior Arbitrary Script Injection Vulnerability in ELECOM LAN Router WRC-2533GHBK-I Firmware v1.20 and Prior Arbitrary OS Command Execution Vulnerability in ELECOM LAN Routers Oracle VM VirtualBox Prior to 6.1.18 Denial of Service Vulnerability ELECOM LAN Routers CSRF Vulnerability Access Control Bypass Vulnerability in ELECOM LAN Routers Improper Access Control Vulnerability in ELECOM Routers OS Command Injection Vulnerability in ELECOM Routers: Remote Root Privilege Execution Improper Access Control Vulnerability in ELECOM Routers Missing Authorization Vulnerability in Advanced Custom Fields (ACF) and ACF Pro versions prior to 5.11 Missing Authorization Vulnerability in Advanced Custom Fields Plugin Missing Authorization Vulnerability in Advanced Custom Fields Incorrect Authorization Vulnerability in KONICA MINOLTA bizhub Series: Unauthorized User Credential Retrieval Sensitive Information Exposure Vulnerability in KONICA MINOLTA bizhub Series MySQL Server Vulnerability: Unauthorized Hang and Crash (CVE-XXXX-XXXX) Improper Handling of Exceptional Conditions Vulnerability in KONICA MINOLTA bizhub Series: Unauthorized Access to Unsent Scanned Image Data Sensitive Information Exposure Vulnerability in KONICA MINOLTA bizhub Series Firmware Integrity Bypass Vulnerability in KONICA MINOLTA bizhub Series Improper Authorization in Custom URL Scheme Handler in Yappli Application Development Platform Arbitrary File Access Vulnerability in GroupSession Free Edition, GroupSession byCloud, and GroupSession ZION ver5.1.1 and Earlier Open Redirect Vulnerability in GroupSession Free Edition ver5.1.1 and Earlier, GroupSession byCloud ver5.1.1 and Earlier, and GroupSession ZION ver5.1.1 and Earlier Path Traversal Vulnerability in GroupSession Free Edition ver5.1.1 and Earlier, GroupSession byCloud ver5.1.1 and Earlier, and GroupSession ZION ver5.1.1 and Earlier Cross-site scripting vulnerability in Canon laser printers and small office multifunctional printers MySQL Server Vulnerability: Unauthorized Hang and Crash (CVE-XXXX-XXXX) Oracle iStore Product Vulnerability: Unauthorized Access and Data Compromise Vulnerability in Oracle Email Center of Oracle E-Business Suite: Unauthorized Access and Data Compromise Oracle E-Business Suite Oracle Scripting Product Vulnerability Vulnerability in Oracle CRM Technical Foundation Allows Unauthorized Access and Data Manipulation Oracle Common Applications Vulnerability: Unauthorized Access and Data Compromise Oracle One-to-One Fulfillment Print Server Unauthenticated Remote Code Execution Vulnerability Oracle iStore Product Vulnerability: Unauthorized Access and Data Compromise Vulnerability in Oracle iSupport Allows Unauthorized Access and Data Manipulation Vulnerability in Oracle Email Center of Oracle E-Business Suite: Unauthorized Access and Data Compromise Hilscher PROFINET IO Device V3 Denial of Service Vulnerability Hilscher EtherNet/IP Core V2 Denial of Service and Memory Corruption Vulnerability UDP Packet Length Verification Vulnerability in Hilscher rcX RTOS Versions Prior to V2.1.14.1 Vulnerability: DNS Spoofing Attack Allows Unauthorized Access to Fibaro Home Center Devices Vulnerability in Oracle CRM Technical Foundation: Unauthorized Access and Data Compromise Unauthenticated Access to Management Service Allows Shutdown and Reboot in Fibaro Home Center 2 and Lite Devices Command Injection Vulnerability in Fibaro Home Center 2 and Lite Devices Unencrypted HTTP Protocol Vulnerability in Fibaro Home Center 2 and Lite Devices Directory Listing Vulnerability in WAGO Managed Switches WAGO Managed Switches: Web-Based Management Code Injection Vulnerability WAGO Managed Switches: Webserver Cookie Vulnerability Cookie Leakage Vulnerability in WAGO Managed Switches Password Hash Disclosure Vulnerability in WAGO Managed Switches Unauthorized User Creation Vulnerability in WAGO Managed Switches Accidental External Network Interface Access Vulnerability in Weidmüller u-controls and IoT-Gateways Oracle One-to-One Fulfillment Print Server Unauthenticated Remote Code Execution Vulnerability Denial of Service Vulnerability in WAGO PFC200 Login Service Privilege Escalation Vulnerability on WAGO PFC200 Devices Invalid Modbus Exception Response Vulnerability in Phoenix Contact FL COMSERVER UNI (Versions < 2.40) Fragmented TCP Packets Vulnerability in Phoenix Contact FL SWITCH SMCS Series Products LLDP Frame Injection Vulnerability in Phoenix Contact FL SWITCH SMCS Series Products TCP Urgent-Flag Crash Vulnerability in Phoenix Contact FL SWITCH SMCS Series Heap Buffer Overflow Vulnerability in Adobe Photoshop Version 22.1 and Earlier Uncontrolled Search Path Element Vulnerability in Adobe Illustrator 25.0 and Earlier Uncontrolled Search Path Element Vulnerability in Adobe Animate 21.0 and Earlier Adobe Campaign Classic Gold Standard Multiple Versions Server-Side Request Forgery (SSRF) Vulnerability Oracle One-to-One Fulfillment Print Server Unauthenticated Remote Code Execution Vulnerability Uncontrolled Search Path Vulnerability in InCopy for Windows (CVE-2020-12345) Uncontrolled Search Path Element Vulnerability in Adobe Captivate 2019 (CVE-2020-12345) Insecure Direct Object Vulnerability in Magento Checkout Module Leads to Sensitive Information Disclosure Insecure Direct Object Vulnerability in Magento Customer API Module Arbitrary Code Execution via File Upload Restriction Bypass in Magento Versions 2.4.1 and Earlier OS Command Injection Vulnerability in Magento Customer Attribute Save Controller OS Command Injection Vulnerability in Magento WebAPI Allows Remote Code Execution Heap-Based Buffer Overflow Vulnerability in Acrobat Reader DC OS Command Injection Vulnerability in Magento Scheduled Operation Module XML Injection Vulnerability in Magento Widgets Module Allows Arbitrary Code Execution Title: Oracle Complex Maintenance, Repair, and Overhaul Dialog Box Vulnerability Access Control Bypass Vulnerability in Magento's Login as Customer Module Use After Free Vulnerability in Acrobat Reader DC Allows Arbitrary Code Execution Insecure Direct Object Reference (IDOR) Vulnerability in Magento Product Module Stored Cross-Site Scripting Vulnerability in Magento Admin Console Blind SQL Injection Vulnerability in Magento Search Module Allows Unauthorized Access XML Injection Vulnerability in Magento Product Layout Updates Improper Authorization Vulnerability in Magento Integrations Module Allows Unauthorized Access Cross-Site Request Forgery (CSRF) Vulnerability in Magento GraphQL API Allows Unauthorized Modification of Customer Metadata Use After Free Vulnerability in Acrobat Reader DC Allows Arbitrary Code Execution Reflected Cross-site Scripting Vulnerability in Magento Versions 2.4.1 and Earlier Title: Oracle Complex Maintenance, Repair, and Overhaul Dialog Box Vulnerability Stored Cross-Site Scripting (XSS) in Magento Customer Address Upload Feature Session Invalidation Vulnerability in Magento Versions 2.4.1 and Earlier, 2.4.0-p1 and Earlier, and 2.3.6 and Earlier Inadequate User Session Invalidation in Magento Versions 2.4.1 and Earlier, 2.4.0-p1 and Earlier, and 2.3.6 and Earlier Use After Free Vulnerability in Acrobat Reader DC Allows Arbitrary Code Execution Out-of-bounds Read Vulnerability in Acrobat Reader DC Allows Local Privilege Escalation Use After Free Vulnerability in Acrobat Reader DC Allows Arbitrary Code Execution Integer Overflow Vulnerability in Acrobat Reader DC Versions Path Traversal Vulnerability in Acrobat Reader DC Allows Arbitrary Code Execution Out-of-bounds Write Vulnerability in Acrobat Reader DC Allows Arbitrary Code Execution Use After Free Vulnerability in Acrobat Reader DC Allows Arbitrary Code Execution Title: Oracle Complex Maintenance, Repair, and Overhaul Dialog Box Vulnerability Use After Free Vulnerability in Acrobat Reader DC Allows Arbitrary Code Execution Use-After-Free Vulnerability in Acrobat Reader DC Allows Arbitrary Code Execution Out-of-bounds Read Vulnerability in Acrobat Reader DC Versions 2020.013.20074 and Earlier Reflected Cross-site Scripting (XSS) Vulnerability in ACS Commons 4.9.2 and Earlier Out-of-bounds Write Vulnerability in Acrobat Reader DC Allows Arbitrary Code Execution Improper Access Control Vulnerability in Acrobat Reader DC Memory Corruption Vulnerability in Acrobat Reader DC Out-of-bounds Write Vulnerability in Adobe Photoshop Allows Arbitrary Code Execution Memory Corruption Vulnerability in Adobe Photoshop: Arbitrary Code Execution via Crafted File Out-of-bounds Read Vulnerability in Adobe Photoshop Allows Arbitrary Code Execution Vulnerability in Oracle Customer Interaction History Allows Unauthorized Access and Data Manipulation Out-of-bounds Read Vulnerability in Adobe Photoshop Allows Arbitrary Code Execution Buffer Overflow Vulnerability in Adobe Photoshop: Arbitrary Code Execution Out-of-bounds Write Vulnerability in Adobe Animate Allows Arbitrary Code Execution Out-of-bounds Write Vulnerability in Adobe Illustrator Allows Arbitrary Code Execution Out-of-bounds Write Vulnerability in Adobe Illustrator Allows Arbitrary Code Execution Untrusted Search Path Vulnerability in Adobe Dreamweaver: Information Disclosure Out-of-bounds Read Vulnerability in Adobe Framemaker 2020.0.1 and Earlier Null Pointer Dereference Vulnerability in Acrobat Reader DC Memory Corruption Vulnerability in Acrobat Reader DC Memory Corruption Vulnerability in Acrobat Reader DC Vulnerability in Oracle Customer Interaction History Allows Unauthorized Access and Data Manipulation Improper Input Validation Vulnerability in Adobe Acrobat Pro DC Use-after-free vulnerability in Acrobat Pro DC allows for sensitive information disclosure Memory Corruption Vulnerability in Acrobat Reader DC Memory Corruption Vulnerability in Acrobat Reader DC Path Traversal Vulnerability in Magento UPWARD Connector Allows Arbitrary File Reading Out-of-Bounds Write Vulnerability in Adobe Bridge 11.0 and Earlier Out-of-Bounds Write Vulnerability in Adobe Bridge 11.0 and Earlier Out-of-bounds Write Vulnerability in Adobe Photoshop's CoolType Library Allows Arbitrary Code Execution Arbitrary File Overwriting Vulnerability in Adobe Creative Cloud Desktop Application Local Privilege Escalation Vulnerability in Adobe Creative Cloud Desktop Application Vulnerability in Oracle Customer Interaction History Allows Unauthorized Access and Data Manipulation Uncontrolled Search Path Element Vulnerability in Adobe Robohelp 2020.0.3 and Earlier Memory Corruption Vulnerability in Adobe Animate Allows Arbitrary Code Execution Out-of-bounds Read Vulnerability in Adobe Animate 21.0.3 and Earlier Out-of-bounds Read Vulnerability in Adobe Animate 21.0.3 and Earlier Out-of-bounds Read Vulnerability in Adobe Animate 21.0.3 and Earlier Out-of-bounds Read Vulnerability in Adobe Animate 21.0.3 and Earlier Out-of-bounds Read Vulnerability in Adobe Animate 21.0.3 and Earlier Heap-based Buffer Overflow Vulnerability in Adobe Animate Allows Arbitrary Code Execution Unquoted Service Path Vulnerability in Adobe Creative Cloud Desktop Application 5.3 and Earlier Reflected Cross-Site Scripting (XSS) Vulnerability in Adobe Connect version 11.0.7 and Earlier Oracle WebLogic Server Vulnerability: Unauthenticated Takeover via IIOP, T3 Reflected Cross-Site Scripting (XSS) Vulnerability in Adobe Connect version 11.0.7 and Earlier Memory Corruption Vulnerability in Adobe Photoshop Allows Arbitrary Code Execution Improper Access Control Vulnerability in AEM Cloud Service and Earlier Versions Stored Cross-Site Scripting (XSS) Vulnerability in AEM Cloud Service and Versions 6.5.7.0 and below, 6.4.8.3 and below, and 6.3.3.8 and below Input Validation Vulnerability in Adobe Connect Export Feature Out-of-bounds Write Vulnerability in Acrobat Reader DC Allows Arbitrary Code Execution Cross-site Scripting (XSS) Vulnerability in Adobe ColdFusion Use After Free Vulnerability in Acrobat Reader DC Allows Arbitrary Code Execution Out-of-Bounds Read Vulnerability in Acrobat Reader DC Versions Oracle WebLogic Server Console Remote Code Execution Vulnerability Path Traversal Vulnerability in Adobe InCopy Allows Remote Code Execution Out-of-bounds read vulnerability in Adobe Bridge allows for sensitive memory disclosure Memory Corruption Vulnerability in Adobe Bridge Allows Arbitrary Code Execution Memory Corruption Vulnerability in Adobe Bridge Allows Arbitrary Code Execution Out-of-bounds Write Vulnerability in Adobe Bridge Allows Arbitrary Code Execution Out-of-bounds Write Vulnerability in Adobe Bridge Allows Arbitrary Code Execution Adobe Bridge Genuine Software Service Improper Authorization Vulnerability Out-of-bounds Write Vulnerability in Adobe InDesign Allows Remote Code Execution Out-of-bounds Write Vulnerability in Adobe InDesign Allows Remote Code Execution Oracle Argus Safety 8.2.2 Letters Component Unauthorized Data Access Vulnerability Privilege Escalation Vulnerability in Adobe Digital Editions Allows Arbitrary File System Write Out-of-bounds Write Vulnerability in Adobe Illustrator Allows Arbitrary Code Execution Path Traversal Vulnerability in Adobe Illustrator Allows Arbitrary Code Execution Memory Corruption Vulnerability in Adobe Illustrator 25.2 and Earlier Memory Corruption Vulnerability in Adobe Illustrator Allows Remote Code Execution Memory Corruption Vulnerability in Adobe Illustrator Allows Remote Code Execution Sandbox Escape via Use After Free Vulnerability in Google Chrome Autofill Sandbox Escape Vulnerability in Google Chrome's Drag and Drop Feature on Linux (CVE-2020-16044) Sandbox Escape via Use After Free Vulnerability in Google Chrome's Media Component Remote Code Execution via Use After Free in Google Chrome Payments (CVE-2020-16044) Oracle VM VirtualBox Prior to 6.1.18 Denial of Service Vulnerability Remote Code Execution via Use After Free in Safe Browsing in Google Chrome Sandbox Escape Vulnerability in Google Chrome WebUI (CVE-2020-16044) Remote Code Execution Vulnerability in Google Chrome Prior to 87.0.4280.141 Skia Heap Buffer Overflow in Google Chrome: Remote Code Execution Vulnerability Remote Code Execution Vulnerability in Google Chrome Audio (CVE-2020-16009) Remote Code Execution via User After Free in Safe Browsing in Google Chrome Heap Buffer Overflow in Google Chrome: Remote Code Execution via Crafted HTML Page Local Privilege Escalation in Cryptohome: Exploiting Insufficient Policy Enforcement in Google Chrome Out of Bounds Memory Access Vulnerability in V8 in Google Chrome (CVE-2021-21148) Remote Code Execution via Use After Free in Google Chrome Media (CVE-2021-21148) Oracle VM VirtualBox Prior to 6.1.18 Denial of Service Vulnerability WebSQL Use After Free Vulnerability in Google Chrome Remote Code Execution via Use After Free in Omnibox in Google Chrome on Linux Remote Code Execution Vulnerability in Google Chrome: Use After Free in Blink File System API Bypass Vulnerability in Google Chrome (CVE-2021-21148) Sandbox Escape Vulnerability in Google Chrome Speech Recognizer on Android (prior to 88.0.4324.96) Bypassing File System Restrictions in Google Chrome on Windows Bypassing Site Isolation via Crafted Chrome Extension in Google Chrome (CVE-2021-21148) Bypassing Content Security Policy via Crafted Chrome Extension in Google Chrome (prior to 88.0.4324.96) Heap Buffer Overflow in Google Chrome: Remote Code Execution via Crafted HTML Page Bypassing File System Restrictions via Crafted HTML Page in Google Chrome (CVE-2021-21148) Vulnerability in Oracle Financial Services Revenue Management and Billing: Unauthorized Data Manipulation Bypassing File System Restrictions via Crafted HTML Page in Google Chrome (CVE-2021-21148) Bypassing File System Restrictions via Crafted HTML Page in Google Chrome (CVE-2021-21148) Sandbox Escape Vulnerability in Google Chrome DevTools Bypassing Navigation Restrictions via Downloads in Google Chrome (CVE-2021-21148) Security UI Spoofing Vulnerability in Google Chrome on iOS Cross-Origin Data Leakage in Performance API in Google Chrome (CVE-2021-21148) Cross-Origin Data Leakage in WebView on Android Prior to Version 88.0.4324.96 Information Disclosure Vulnerability in Google Chrome DevTools Sandbox Escape Vulnerability in Google Chrome DevTools Bypassing Navigation Restrictions in Google Chrome's iframe Sandbox Vulnerability in Oracle Common Applications Calendar Allows Unauthorized Access and Data Manipulation Uninitialized Use Vulnerability in Google Chrome Allows Out of Bounds Memory Access via USB Bypassing File Extension Policy in Google Chrome File System API (CVE-2021-21148) Remote Code Execution via Use After Free in Payments in Google Chrome on Mac Heap Buffer Overflow in Google Chrome Extensions: Exploiting Heap Corruption via Malicious Extension Heap Buffer Overflow in Tab Groups in Google Chrome Remote Code Execution Vulnerability in Google Chrome's Font Handling (CVE-2021-21148) Sandbox Escape via Use After Free Vulnerability in Google Chrome Navigation (CVE-2021-21148) Omnibox Spoofing Vulnerability in Google Chrome (CVE-2021-21148) Heap Buffer Overflow in V8: Remote Code Execution in Google Chrome Stack Buffer Overflow in Google Chrome on Linux (Versions prior to 88.0.4324.182) via Crafted HTML Page Vulnerability in Oracle Common Applications Calendar Allows Unauthorized Access and Data Manipulation Sandbox Escape via Use After Free Vulnerability in Google Chrome Downloads (Windows) Remote Code Execution via Use After Free in Payments in Google Chrome Heap Buffer Overflow in Google Chrome on Linux (prior to version 88.0.4324.182) via Crafted HTML Page Stack Buffer Overflow in GPU Process in Google Chrome on Linux Heap Buffer Overflow in Tab Strip in Google Chrome: Remote Code Execution and Sandbox Escape Vulnerability Heap Buffer Overflow in Tab Strip in Google Chrome on Windows Heap Buffer Overflow in V8: Remote Code Execution in Google Chrome Remote Code Execution via Use After Free in Web Sockets in Google Chrome on Linux Heap Buffer Overflow in TabStrip in Google Chrome Vulnerability in Oracle Application Express Opportunity Tracker component of Oracle Database Server (CVE-2020-XXXX) Heap Buffer Overflow in WebAudio in Google Chrome Heap Buffer Overflow in TabStrip in Google Chrome WebRTC Use After Free Vulnerability in Google Chrome (CVE-2021-21166) Cross-Origin Data Leakage in Google Chrome Reader Mode on iOS Cross-Origin Data Leakage Vulnerability in Chrome on iOS Audio Data Race Vulnerability in Google Chrome (Versions prior to 89.0.4389.72) Audio Data Race Vulnerability in Google Chrome (Versions prior to 89.0.4389.72) Remote Code Execution Vulnerability in Google Chrome Prior to 89.0.4389.72 via Bookmarks Use After Free Information Disclosure Vulnerability in Google Chrome AppCache Remote Code Execution Vulnerability in V8 Engine of Google Chrome (CVE-2021-21148) Vulnerability in Oracle Application Express Survey Builder component of Oracle Database Server (CVE-2020-2950) Spoofing Omnibox Contents via Incorrect Security UI in Google Chrome Spoofing Vulnerability in Google Chrome on Android prior to 89.0.4389.72 Bypassing File System Restrictions in Google Chrome on Windows (CVE-2021-21193) Cross-Origin Data Leakage in Google Chrome Prior to Version 89.0.4389.72 Referrer Bypass Vulnerability in Google Chrome (CVE-2021-21148) Cross-Origin Data Leakage in Google Chrome Prior to Version 89.0.4389.72 Omnibox Spoofing Vulnerability in Google Chrome (prior to 89.0.4389.72) Autofill Information Disclosure Vulnerability in Google Chrome (CVE-2021-21148) Omnibox Spoofing Vulnerability in Google Chrome on Linux and Windows Remote Code Execution Vulnerability in Google Chrome on Linux (CVE-2021-21193) Oracle Marketing Product Vulnerability: Unauthorized Access and Data Compromise Remote Code Execution Vulnerability in Google Chrome Tab Search Autofill Information Leakage Vulnerability in Google Chrome (CVE-2021-21166) Bypassing Navigation Restrictions in Google Chrome (CVE-2021-21193) Cross-Origin Data Leakage in Google Chrome Performance APIs Cross-Origin Data Leakage in Google Chrome Performance APIs Insufficient Policy Enforcement in Google Chrome Extensions: Exploiting Sensitive Information Disclosure QR Code Bypass Vulnerability in Google Chrome on iOS (Versions prior to 89.0.4389.72) Domain Spoofing Vulnerability in Google Chrome (Versions prior to 89.0.4389.72) Remote Code Execution Vulnerability in Google Chrome (CVE-2021-21148) Bypassing Navigation Restrictions in Google Chrome Prior to 89.0.4389.72 Oracle VM VirtualBox Prior to 6.1.18 High Privilege Unauthorized Access Vulnerability Uninitialized Data Vulnerability in PDFium in Google Chrome (CVE-2021-21193) WebRTC Use After Free Vulnerability in Google Chrome (CVE-2021-21148) Heap Buffer Overflow in Tab Groups in Google Chrome Remote Code Execution Vulnerability in Google Chrome Prior to Version 89.0.4389.90 Remote Code Execution via Use After Free in Google Chrome Screen Sharing Remote Code Execution Vulnerability in V8 Engine of Google Chrome (CVE-2021-21148) Heap Buffer Overflow in TabStrip in Google Chrome on Windows Heap Buffer Overflow in TabStrip in Google Chrome Sandbox Escape Vulnerability in Google Chrome IPC (CVE-2021-21193) Use After Free Vulnerability in Aura in Google Chrome on Linux (Versions prior to 89.0.4389.114) Oracle VM VirtualBox Prior to 6.1.18 High Privilege Unauthorized Access Vulnerability Out of Bounds Read Vulnerability in Google Chrome WebUI Settings Sandbox Escape via Use After Free Vulnerability in Google Chrome Sandbox Escape via Crafted Chrome Extension in Google Chrome (CVE-2021-21224) Remote Code Execution Vulnerability in Google Chrome Prior to Version 90.0.4430.72 Use After Free Vulnerability in Google Chrome on OS X (CVE-2021-21224) Bypassing Navigation Restrictions in Google Chrome on iOS (CVE-2021-30563) Remote Code Execution Vulnerability in Google Chrome: Use After Free in Blink Sandbox Escape via Crafted Chrome Extension in IndexedDB Domain Spoofing Vulnerability in Google Chrome QR Scanner on iOS Cross-Origin Data Leakage Vulnerability in Google Chrome (prior to 90.0.4430.72) Oracle VM VirtualBox Prior to 6.1.18 Denial of Service Vulnerability Remote Access to Local UDP Ports via Crafted HTML Page in Google Chrome (prior to 90.0.4430.72) Cross-Origin Data Leakage in Google Chrome on iOS (prior to version 90.0.4430.72) via Insecure Navigation Implementation Insecure Network Config UI in Google Chrome on ChromeOS prior to 90.0.4430.72: WiFi Compromise Vulnerability WebMIDI Use After Free Vulnerability in Google Chrome (CVE-2021-21224) Use After Free Vulnerability in Google Chrome Network API Remote Security UI Spoofing Vulnerability in Google Chrome Autofill Remote Security UI Spoofing Vulnerability in Google Chrome Autofill Uninitialized Data Vulnerability in PDFium in Google Chrome (CVE-2021-21224) Uninitialized Data Vulnerability in PDFium in Google Chrome (CVE-2021-21224) Uninitialized Data Vulnerability in PDFium in Google Chrome (CVE-2021-21224) MySQL Server Denial of Service Vulnerability Heap Corruption Vulnerability in V8 in Google Chrome (CVE-2021-21193) Cross-Origin Data Leakage in Mojo in Google Chrome (CVE-2021-21227) Remote Code Execution via Heap Buffer Overflow in V8 in Google Chrome Sandbox Escape via Integer Overflow in Mojo in Google Chrome Type Confusion Vulnerability in V8: Remote Code Execution in Google Chrome (CVE-2021-21227) Remote Code Execution via Out of Bounds Memory Access in V8 in Google Chrome Sandbox Escape via Use After Free Vulnerability in Google Chrome Heap Corruption Vulnerability in V8 in Google Chrome (CVE-2021-21227) Bypassing Navigation Restrictions via Crafted Chrome Extension in Google Chrome (CVE-2021-21224) Domain Spoofing Vulnerability in Google Chrome for Android (prior to 90.0.4430.93) Vulnerability in Oracle VM VirtualBox Prior to 6.1.18 Allows Unauthorized Data Access Type Confusion Vulnerability in V8: Remote Heap Corruption Exploit in Google Chrome (prior to 90.0.4430.93) Heap Corruption Vulnerability in V8 in Google Chrome (CVE-2021-21227) Remote Code Execution Vulnerability in Google Chrome Dev Tools (CVE-2021-21224) Heap Buffer Overflow in ANGLE in Google Chrome on Windows Directory Traversal Vulnerability in spring-boot-actuator-logview Infinite Loop Vulnerability in kamadak-exif 0.5.2 Regular Expression Denial of Service (REDoS) Vulnerability in CairoSVG Arbitrary Code Execution via Git LFS on Windows Improper Verification of Cryptographic Signature in PySAML2 Improper Verification of Cryptographic Signature in PySAML2 Oracle VM VirtualBox Prior to 6.1.18 Denial of Service Vulnerability Denial of Service Vulnerability in httplib2 Prior to Version 0.19.0 Flask-Security-Too: Authentication Token Leakage via GET Request Pre-Auth Remote Code Execution in OneDev 4.0.3 and Earlier Versions Unauthenticated Remote Code Execution in OneDev 4.0.3 and Earlier Pre-Auth Server Side Template Injection via Bean Validation Message Tampering in OneDev Arbitrary File Upload Vulnerability in OneDev before 4.0.3 Arbitrary User Details and Access Token Leakage in OneDev (<= 4.0.3) Unauthenticated Remote Code Execution in OneDev before version 4.0.3 Arbitrary Code Execution via Build Endpoint Parameters in OneDev (CVE-2021-12345) Remote Code Execution via YAML Parsing in OneDev (CVE-2021-12345) Vulnerability in Oracle VM VirtualBox Prior to 6.1.18: Unauthorized Data Access and Manipulation Arbitrary File Read Vulnerability in OneDev (before version 4.0.3) Critical 'Zip Slip' Vulnerability in OneDev Allows Arbitrary File Write Regular Expression Denial of Service (ReDoS) Vulnerability in jQuery Validation Plugin Vulnerability: Lack of Salt in Password Hashing CKEditor 5 Markdown Plugin <= 24.0.0 Regex Denial of Service (ReDoS) Vulnerability IDOR vulnerability in GLPI version 9.5.3 allows unauthorized entity switching Out-of-Bounds Write Vulnerability in Contiki-NG RPL-Classic and RPL-Lite Implementations Cross-Site Scripting (XSS) Injection Vulnerability in GLPI 9.5.0 - 9.5.3 Arbitrary JavaScript Injection in HedgeDoc Slide Mode Oracle VM VirtualBox Prior to 6.1.18 Core Vulnerability Stored XSS vulnerability in Online Invoicing System (OIS) version 4.0 allows admin account takeover Flatpak Portal Service Sandbox Escape Vulnerability Query Binding Exploitation in Laravel Versions before 6.20.11, 7.30.2, and 8.22.1 Arbitrary PHP Execution Vulnerability in October CMS Host Header Poisoning Vulnerability in October CMS XML External Entity (XXE) Attack in openHAB Allows Retrieval of Internal Information Denial-of-Service Vulnerability in Email Address Validation in Schema-Inspector Path Traversal Vulnerability in Keymaker Server (Version < 0.2.0) Allows Unauthorized File Access Oracle VM VirtualBox Prior to 6.1.18 Denial of Service Vulnerability Plaintext Logging of Customer API Key in OctopusDSC Inconsistent Timestamps in DuplicateVoteEvidence Formation in Tendermint Core v0.34.0-v0.34.2 Zip-Slip Vulnerability in ORAS Allows Unauthorized File Manipulation Improper IP Address Validation in Synapse Server (CVE-2021-39145) Denial of Service Attack via Malicious .well-known File in Synapse Matrix Homeserver MediaWiki Report Extension CSRF Vulnerability Polr URL Shortener Setup Process Admin Access Vulnerability Remote Code Execution Vulnerability in angular-expressions before version 1.1.2 Code Injection Vulnerability in RSSHub Denial-of-Service Vulnerability in Contiki-NG 4.6 and Earlier Versions Vulnerability in Oracle VM VirtualBox Prior to 6.1.18: Unauthorized Access to Critical Data Out-of-Bounds Write Vulnerability in Contiki-NG Buffer Overflow Vulnerability in Contiki-NG Versions Prior to 4.6 Buffer Overflow Vulnerability in Contiki-NG's RPL Implementations Cross-Site Scripting (XSS) Vulnerability in Flarum Sticky Extension Privilege Escalation via --userns-remap in Docker Docker Image Manifest Malformed Pull Vulnerability Authorization Bypass Vulnerability in AVideo Platform (CVE-XXXX) MinIO Server-Side Request Forgery (SSRF) Vulnerability SSRF Vulnerability in CarrierWave's Download Feature Command Injection Vulnerability in Mechanize Library (CVE-2021-2345) Oracle VM VirtualBox Prior to 6.1.18 Multiple Vulnerabilities Insecure Temp File Vulnerability in Netty Improper Redirect Validation in OAuth2 Proxy Whitelist Domain Feature Unquoted Windows Binary Path Vulnerability in Traccar 4.12 and Earlier Unbounded Connection Acceptance Leading to File Handle Exhaustion Denial-of-Service Vulnerability in Http4s Netty HTTP/2 Request Smuggling Vulnerability Denial of Service Vulnerability in Fleet 3.7.0 Prototype Pollution Vulnerability in Node-RED Admin API Arbitrary Path Traversal Vulnerability in Node-RED Projects API Vulnerability: HTTP Request Smuggling in Hyper Oracle VM VirtualBox Prior to 6.1.18 Denial of Service Vulnerability Git Symbolic Link Vulnerability Privacy Vulnerability: Unintended Video Streaming in Wire for iOS CSV Injection Vulnerability in PrestaShop Admin Panel (Fixed in 1.7.7.2) Unsanitized Data Input Vulnerabilities in Helm 3.0 to 3.5.2 Prototype Pollution Vulnerability in Dynamoose Code Injection Vulnerability in CarrierWave Regular Expression Denial of Service (ReDoS) Vulnerability in marked (npm package) versions 1.1.1 and below Unauthenticated Remote Code Execution in Lucee Server Admin Incomplete Soft Logout System in PrestaShop Allows for Foreign Request Execution Integer Overflow Vulnerability in 32-bit Redis Versions 4.0 or Newer Oracle VM VirtualBox Prior to 6.1.18 Core Vulnerability Token Verification Bypass Vulnerability in NextAuth.js (next-auth) Server-side Request Forgery Vulnerability in Adminer Unsanitized Input in GLPI Document Upload Function Allows for JavaScript Payload Injection Unsanitized Parameters Vulnerability in GLPI before version 9.5.4 XSS Vulnerability in GLPI Ticket Update Functionality Command Injection Vulnerability in systeminformation npm Package (CVE-2021-12345) Untrusted JavaScript Execution in less-openui5 Regular Expression Denial of Service (REDoS) in uap-core before version 0.11.0 Opencast 9.2 Vulnerability: Denial of Access and Series Hiding Stored XSS vulnerability in Galette prior to version 0.9.5 User Content Sandbox Bypass in matrix-react-sdk before 3.15.0 Vulnerability: Prefix Escaping in fastify-reply-from Vulnerability: Prefix Escaping in fastify-http-proxy Vulnerability: DNS Leakage in Brave Browser's CNAME Adblocking Feature Insecure Direct Object Reference (IDOR) vulnerability in GLPI allows unauthorized user enumeration of GLPI items Cross-Site Scripting (XSS) Vulnerability in GLPI before version 9.5.4 Ticket Creation Vulnerability in GLPI Self-Service Interface Unauthenticated Remote Object Instantiation Vulnerability in GLPI Denial of Service (DoS) Attack via Metrics Backend in Vapor Authentication Bypass in RATCF with Multi-Factor Authentication Open Redirect Vulnerability in aiohttp Local Information Disclosure Vulnerability in Datadog API Client Cross-Site Scripting (XSS) Vulnerability in Synapse before 1.27.0 HTML Injection Vulnerability in Synapse Matrix Homeserver Incorrect Environment Variable Sharing in containerd's CRI Implementation Bypassing Basic Authentication in SPNEGO HTTP Authentication Module for nginx Information Disclosure Vulnerability in Products.PluggableAuthService Open Redirect Vulnerability in Products.PluggableAuthService Open Redirection Vulnerability in TYPO3 Login Handling Clear-text Storage of User Session Identifiers in TYPO3 Critical Denial of Service Vulnerability in Oracle Enterprise Manager for Fusion Middleware Cross-Site Scripting (XSS) Vulnerability in TYPO3's _descriptionColumn_ Preview Denial of Service Vulnerability in XStream Library XStream Unmarshalling Vulnerability XStream Unmarshalling File Deletion Vulnerability Arbitrary Code Execution Vulnerability in XStream Remote Code Execution Vulnerability in XStream Arbitrary Code Execution Vulnerability in XStream Arbitrary Code Execution Vulnerability in XStream XStream Remote Thread Occupation Vulnerability XStream XML Deserialization Remote Resource Access Vulnerability Oracle WebLogic Server Coherence Container Unauthenticated Remote Code Execution Vulnerability Arbitrary Code Execution Vulnerability in XStream (Versions Prior to 1.4.16) Arbitrary Code Execution Vulnerability in XStream (Versions < 1.4.16) Predictable Tokens in Password Reset Feature in Anuko Time Tracker Remote Code Execution Vulnerability in Pug Template Engine (CVE-2021-23337) Open Redirection Vulnerability in Pollbot before Version 1.4.4 Arbitrary File Upload and Disclosure in TYPO3 Arbitrary File Upload Vulnerability in TYPO3 Form Framework Cross-Site Scripting Vulnerability in TYPO3 Form Designer Backend Module Recursive Amplification Vulnerability in TYPO3 Oracle WebLogic Server IIOP Unauthenticated Remote Code Execution Vulnerability Information Disclosure Vulnerability in Products.GenericSetup Information Disclosure Vulnerability in com.bmuschko:gradle-vagrant-plugin Bypassing readOnly Policy in MinIO Multi-User Environment Race condition vulnerability in swagger-codegen allows local privilege escalation Insecure File and Directory Permissions in swagger-codegen Cross-Site Scripting Vulnerability in Bootstrap Package for TYPO3 XML Injection Vulnerability in xmldom 0.4.0 and older Incorrect Authorization Vulnerability in Switchboard Bluetooth Plug for elementary OS Prototype Poisoning Vulnerability in msgpack5 Denial-of-Service Vulnerability in Hyperledger Besu's HTTP JSON-RPC API Service Critical Vulnerability in Oracle Enterprise Manager Base Platform: Policy Framework Compromise Cross-Site Scripting Vulnerability in TYPO3 Content Elements Arbitrary Code Execution through YAML Configuration File in Tenable for Jira Cloud Arbitrary Command Execution in Nimble Package Manager Insecure Package List Retrieval in Nimble Package Manager Insecure SSL/TLS Certificate Verification in Nimble Package Manager Denial of Service Vulnerability in PJSIP Version 2.10 and Earlier Information Exposure Vulnerability in OMERO.web Unvalidated Redirection Vulnerability in OMERO.web Authentication Bypass Vulnerability in Envoy 1.17.0 Privilege Escalation through `{{wikimacrocontent}}` in XWiki Platform Oracle Cloud Infrastructure Data Science Notebook Sessions Vulnerability SQL Script Injection Vulnerability in XWiki Platform with Ratings API Flatpak File Forwarding Vulnerability Vulnerability: Unauthorized Administrative Commands via Restund TURN Server's Status Interface Stored Cross-Site Scripting Vulnerability in Wiki.js Shell Injection Vulnerability in shescape (<=1.1.2) Allows Attackers to Bypass Protection Insecure HTTPS Hostname Verification in Mifos-Mobile Android Application Arbitrary OS Command Execution Vulnerability in APKLeaks v2.0.3 and below Inadequate Encryption Strength and Improper Safety Number Calculation in Wrongthink Messenger (Versions 2.0.0 - 2.3.0) Command Injection Vulnerability in systeminformation Library (Versions < 5.6.4) BuddyPress REST API Members Endpoint Privilege Escalation Vulnerability Vulnerability: MITM Modification of Request Bodies in MinIO Regular Expression Denial of Service (ReDoS) Vulnerability in CKEditor 5 Packages Unrestricted Outbound Requests to User-Provided Domains in Synapse Resource Exhaustion Vulnerability in Synapse Resource Exhaustion Vulnerability in Synapse Cross-Site Request Forgery Vulnerability in Magneto LTS (Long Term Support) Exposure of Client Metadata in Wire-Server (CVE-2021-XXXX) HTML Injection Vulnerability in PrestaShop 1.7.7.3 Unauthenticated Access Vulnerability in Ampache Versions Prior to 4.4.1 Vulnerability in Oracle Financial Services Analytical Applications Infrastructure: Unauthorized Data Access and Manipulation Passphrase Leakage Vulnerability in wire-webapp Invalid free() or realloc() calls in Nanopb when decoding a specifically formed message with an `oneof` field containing both a pointer and non-pointer field Arbitrary File Read Vulnerability in Jellyfin Media System Authentication Bypass Vulnerability in Kongchuanhujiao Server (<=1.3.20) Denial of Service (DoS) vulnerability in Syncthing relay server Vulnerability: Block CID Collision in Lotus Filecoin Implementation Command Injection Vulnerability in Combodo iTop Setup Wizard CSRF Token Bypass Vulnerability in Combodo iTop Arbitrary Code Execution in Smarty Template Engine (Versions < 3.1.43 and 4.0.3) Netty HTTP/2 Request Smuggling Vulnerability Vulnerability in Oracle FLEXCUBE Direct Banking: Unauthorized Data Manipulation Out-of-Bounds Read Vulnerability in Contiki-NG 4.6 and Prior OAuth2-Proxy GitLab Group-Based Authorization Bypass Arbitrary Code Execution Vulnerability in npm Package @thi.ng/egf with GPG-Tagged Property Values Vulnerability: API Pitfalls in isolated-vm Library Allow for Unauthorized Access and Arbitrary Code Execution Remote Code Execution Vulnerability in Prisma's `@prisma/sdk` Package Prisma VS Code Extension Remote Code Execution Vulnerability Sensitive Data Leakage in django-registration Prior to 3.1.2 Use After Free Vulnerability in fluidsynth when Loading Invalid SoundFont File JavaScript Injection Vulnerability in PrestaShop Newsletter Subscription Module (Fixed in 2.6.1) Memory Exhaustion Vulnerability in Eventlet due to Large Websocket Frames Vulnerability in Oracle WebLogic Server Console Allows Unauthorized Data Access and Manipulation Arbitrary Code Execution Vulnerability in vscode-stripe Extension Exposure of API Key in Error Messages in node-etsy-client Vulnerability: Unsanitized Rendering of Large Data Cells in mongo-express Potential Code Execution and Repository Access Vulnerability in `projen` User Enumeration Vulnerability in Symfony Framework Arbitrary YAML File Creation and Modification Vulnerability in Grav Admin Plugin Unsecured Deserialization Vulnerability in Magento-lts (CVE-2021-3007) Unauthorized Access Vulnerability in Magento-lts Versions Before 19.4.13 and 20.0.9 Insecure Temporary Folder Vulnerability in OpenAPI Generator Insecure Temporary File Creation in OpenAPI Generator Maven Plug-in Insecure Temporary File Creation in OpenAPI Generator Bypassing Bot Removal Restrictions in sopel-channelmgnt Plugin Vela 0.7.0 Authentication Bypass Vulnerability Remote Code Execution Vulnerability in Discord Recon Server 0.0.1 Crafted Survey Allows Execution of Malicious Code in OTRS AG Survey Interface Confidential Customer Information Exposed in Printed Tickets via OTRS External Interface Unrestricted Access to Config Items in OTRS AG OTRSCIsInCustomerFrontend 7.0.x version 7.0.14 and prior versions Unauthorized Access to Linked Config Items in OTRS and ITSM Configuration Management Unauthorized Access to Linked FAQ Articles in OTRS Denial of Service (DoS) Vulnerability in OTRS AG Community Edition 6.0.x, OTRS 7.0.x, and OTRS 8.0.x MySQL Server Vulnerability: Remote Takeover via Parser Component Vulnerability: Exposure of Private S/MIME and PGP Keys in Generated Support Bundles XSS Vulnerability in Ticket Overview Screens of OTRS AG ((OTRS)) Community Edition 6.0.x and OTRS 7.0.x Cross-Site Scripting (XSS) Vulnerability in OTRS AG Time Accounting: 7.0.x versions prior to 7.0.19 Unrestricted Access to Customer User Emails in OTRS AG Community Edition and OTRS Multiple X-Frame-Options Headers Vulnerability in SAP Business Objects BI Platform Improper Input Validation in SAP Commerce Cloud Allows for Cross-Site Scripting and Page Hijacking Denial of Service Vulnerability in SAP NetWeaver AS ABAP Stored Cross-Site Scripting in SAP BusinessObjects Business Intelligence Platform SAP GUI for Windows 7.60 Local Credential Spoofing Vulnerability Improper Input Validation in SAP 3D Visual Enterprise Viewer v9 Allows Application Crash Oracle VM VirtualBox Prior to 6.1.20 Vulnerability: High Privileged Takeover Improper Input Validation in SAP 3D Visual Enterprise Viewer v9 Allows Crash via Manipulated PSD File Improper Input Validation in SAP 3D Visual Enterprise Viewer v9 Allows Crashing and Temporary Unavailability Improper Input Validation in SAP 3D Visual Enterprise Viewer v9 Allows for Application Crash Improper Input Validation in SAP 3D Visual Enterprise Viewer v9 Allows Remote Crash Improper Input Validation in SAP 3D Visual Enterprise Viewer v9 Allows Remote Crash Improper Input Validation in SAP 3D Visual Enterprise Viewer v9 Allows for Application Crash Improper Input Validation in SAP 3D Visual Enterprise Viewer v9 Allows for Application Crash Improper Input Validation in SAP 3D Visual Enterprise Viewer v9 Allows Application Crash Improper Input Validation in SAP 3D Visual Enterprise Viewer v9 Allows Application Crash Improper Input Validation in SAP 3D Visual Enterprise Viewer v9 Allows Application Crash MySQL Server Denial of Service Vulnerability Improper Input Validation in SAP 3D Visual Enterprise Viewer v9 Allows for Application Crash Improper Input Validation in SAP 3D Visual Enterprise Viewer v9 Allows Crash via Manipulated BMP File Improper Input Validation in SAP 3D Visual Enterprise Viewer v9 Allows Remote Crash Improper Input Validation in SAP 3D Visual Enterprise Viewer v9 Allows Crashing via Manipulated PCX File Improper Input Validation in SAP 3D Visual Enterprise Viewer v9 Allows Crashing via Manipulated PCX File SQL Injection Vulnerability in BW Database Interface Remote Code Injection Vulnerability in SAP Business Warehouse and SAP BW/4HANA Privilege Escalation in SAP Banking Services: Unauthorized Access to Restricted Market Data Privilege Escalation in BW Database Interface: Unauthorized Access to Database Tables SAP NetWeaver Master Data Management Windows Configuration Vulnerability: Information Disclosure via SMB Relay Attack Oracle ZFS Storage Appliance Kit Installation Vulnerability XML External Entity (XXE) Vulnerability in SAP EPM Add-in for Microsoft Office and SAP Analysis Office Improper Access Control in CLA-Assistant Allows Unauthorized API Endpoint Access Lack of Password Setting Option in SAP Software Provisioning Manager 1.0 (SAP NetWeaver Master Data Management Server 7.1) Installation Unauthenticated User Can Execute Reports in SAP NetWeaver ABAP Platform SAP HANA Database SAML Assertion Tampering Vulnerability SAP Master Data Management Directory Traversal Vulnerability Reverse Tabnabbing Vulnerability in SAP UI5 Versions Remote Code Execution Vulnerability in SAP Commerce Cloud Reverse Tabnabbing Vulnerability in SAP Web Dynpro ABAP Allows for User Redirection to Malicious Sites Java Expression Injection Vulnerability in SCIMono before 0.0.19 Remote Code Execution and Privilege Escalation in SAP MII through Malicious JSP Injection Unauthorized Access to Configuration Objects in SAP NetWeaver MigrationService Brute Force Password Vulnerability in SAP NetWeaver Master Data Management SAP Solution Manager 720 Information Disclosure Vulnerability Bypassing LDAP Authentication in SAP HANA Database Version 2.0 Telnet Command Exploit in SAP NetWeaver Application Server for Java Allows Unauthorized Access to NTLM Hashes Privilege Escalation Vulnerability in SAP Enterprise Financial Services SAP Payment Engine Version 500 Privilege Escalation Vulnerability Insecure Deserialization Vulnerability in Knowledge Management Versions 7.01-7.50 Stored Cross-Site Scripting (XSS) Vulnerability in SAP NetWeaver Enterprise Portal Unauthorized Data Manipulation Vulnerability in Oracle ZFS Storage Appliance Kit (Version 8.8) Reflected Cross-Site Scripting Vulnerability in SAP NetWeaver AS for ABAP (Web Survey) Reverse Tabnabbing Vulnerability in SAP Netweaver Application Server Java SAP NetWeaver Application Server Java Logon Group Spoofing Vulnerability SAP 3D Visual Enterprise Viewer Version 9 GIF File Crash Vulnerability XSS Vulnerability in MK-AUTH 19.01 K4.9 via admin/logs_ajax.php Tipo Parameter CSRF Vulnerability in MK-AUTH 19.01 K4.9: Password Change via executar_central.php Oracle iStore Product Vulnerability: Unauthorized Access and Data Compromise ServiceComb ServiceCenter Directory Traversal Vulnerability Use of SSH Key Past Account Expiration Vulnerability in Dell PowerScale OneFS Versions 8.1.0 – 9.1.0 Privilege Escalation Vulnerability in PowerScale OneFS 8.1.2, 8.2.2, and 9.1.0 Undocumented Default iDRAC Account Vulnerability in Dell EMC Integrated System for Microsoft Azure Stack Hub Privilege Escalation Vulnerability in PowerScale OneFS API Handler Weak Password Encryption Vulnerability in Dell EMC Networking X-Series and PowerEdge VRTX Switch Module Firmware Vulnerability in Oracle PeopleSoft Enterprise PeopleTools: Unauthorized Data Access and DOS Dell iDRAC8 Host Header Injection Vulnerability Unauthorized Access to Backup Data in Dell EMC Avamar Server Dell EMC PowerProtect Cyber Recovery Information Disclosure Vulnerability Authentication Bypass Vulnerability in Dell EMC OpenManage Server Administrator (OMSA) Version 9.5 with Distributed Web Server (DWS) Enabled Configuration Path Traversal Vulnerability in Dell EMC OpenManage Server Administrator (OMSA) Versions 9.5 and Prior Stored Cross-Site Scripting Vulnerability in Dell EMC SourceOne XML External Entity Injection (XXE) Vulnerability in SRS Policy Manager 6.X DLL Injection Vulnerability in Dell SupportAssist Client for Consumer and Business PCs Vulnerability in Oracle Business Intelligence Enterprise Edition: Unauthorized Data Access and Manipulation Dell BIOS Credentials Management Vulnerability Untrusted Deserialization Vulnerability in Dell SRM and SMR Versions Prior to 4.5.0.1 Dell PowerScale OneFS Privilege Escalation in SmartLock Compliance Mode Privilege Escalation Vulnerability in Dell PowerScale OneFS 8.1.0-9.1.0 Exposure of Information through Directory Listing Vulnerability in Dell EMC PowerScale OneFS Versions 9.1.0, 9.2.0.x, 9.2.1.x during Upgrade Denial of Service Vulnerability in Dell System Update (DSU) 1.9 and Earlier Versions Vulnerability in Oracle Internet Expenses: Unauthorized Data Manipulation Dell OpenManage Enterprise-Modular (OME-M) Security Bypass Vulnerability Authorization Bypass Vulnerability in Dell Unisphere for PowerMax Improper Management Server Validation Vulnerability in Dell Wyse ThinOS 8.6 MR9 Denial of Service Vulnerability in Wyse Management Suite Versions up to 3.2 Information Exposure Vulnerability in Dell Hybrid Client Versions Prior to 1.5 Critical Root-Level Access Vulnerability in Dell Hybrid Client Versions Prior to 1.5 Information Exposure Vulnerability in Dell Hybrid Client Versions Prior to 1.5 Information Exposure Vulnerability in Dell Hybrid Client Versions Prior to 1.5 Dell EMC iDRAC9 Improper Authentication Vulnerability Time-of-check Time-of-use (TOCTOU) Race Condition Vulnerability in Dell EMC iDRAC9 MySQL Server Denial of Service Vulnerability Stack-based Overflow Vulnerability in Dell EMC iDRAC9 DOM-based Cross-Site Scripting Vulnerability in Dell EMC iDRAC9 Stored Cross-Site Scripting Vulnerabilities in Dell EMC iDRAC9 Versions Prior to 4.40.10.00 Stored Cross-Site Scripting Vulnerabilities in Dell EMC iDRAC9 Versions Prior to 4.40.00.00 Improper Authentication Vulnerability in Dell EMC iDRAC9 Versions Prior to 4.40.00.00 Dell Peripheral Manager 1.3.1 or Greater Local Privilege Escalation Vulnerability Dell EMC NetWorker Information Disclosure in Log Files Vulnerability Plain-text password storage vulnerability in Dell EMC Unity, UnityVSA, and Unity XT versions prior to 5.0.7.0.5.008 Improper Certificate Validation Vulnerability in Dell EMC Unisphere for PowerMax Cross-Site Request Forgery Vulnerability in Dell EMC XtremIO XMS Oracle One-to-One Fulfillment Unauthorized Data Manipulation Vulnerability Privilege Escalation Vulnerability in Dell EMC PowerScale OneFS 8.1.0-9.1.0 Insufficient Access Control Vulnerability in Dell dbutil_2_3.sys Driver Improper Authorization Vulnerability in Dell Wyse Windows Embedded Systems Dell PowerScale OneFS Incorrect User Management Vulnerability Stack-based Buffer Overflow Vulnerability in Dell PowerEdge and Precision BIOS with Intel Optane DC Persistent Memory Heap-based Buffer Overflow Vulnerability in Dell PowerEdge Server BIOS with NVDIMM-N Stack-based Buffer Overflow Vulnerability in Dell PowerEdge Server BIOS with NVDIMM-N Out-of-Bounds Array Access Vulnerability in Dell PowerEdge and Precision Rack BIOS Dell EMC NetWorker Information Disclosure Vulnerability Improper Certificate Validation in Dell EMC NetWorker Management Console Oracle Customers Online Vulnerability: Unauthorized Data Access and Modification Sensitive Information Exposure Vulnerability in Dell PowerScale OneFS Version 8.1.2 Untrusted Search Path Vulnerability in Dell EMC PowerScale OneFS Improper Check for Unusual or Exceptional Conditions in Dell EMC PowerScale OneFS Auditing Component Leading to Denial of Service Improper Authentication Vulnerability in Dell OpenManage Enterprise Denial of Service Vulnerability in Dell PowerScale OneFS Versions 9.1.0.3 and Earlier Dell PowerScale OneFS 9.1.0.x Privilege Escalation Vulnerability Insufficient Logging Vulnerability in Dell EMC PowerScale OneFS Versions 8.2.x - 9.2.x Dell NetWorker Path Traversal Vulnerability Oracle WebLogic Server TopLink Integration Unauthenticated Remote Code Execution Vulnerability Dell NetWorker Information Disclosure Vulnerability Dell UEFI BIOS HTTPS Stack Improper Certificate Validation Vulnerability Dell BIOSConnect Buffer Overflow Vulnerability: Bypassing UEFI Restrictions and Executing Arbitrary Code Dell BIOSConnect Buffer Overflow Vulnerability: Bypassing UEFI Restrictions and Executing Arbitrary Code Dell BIOSConnect Buffer Overflow Vulnerability: Bypassing UEFI Restrictions and Executing Arbitrary Code Observable Timing Discrepancy Vulnerability in Dell BSAFE Micro Edition Suite DOM-based Cross-Site Scripting Vulnerability in Dell EMC iDRAC9 DOM-based Cross-Site Scripting Vulnerability in Dell EMC iDRAC9 Open Redirect Vulnerability in Dell EMC iDRAC9 Versions Prior to 4.40.40.00 Open Redirect Vulnerability in Dell EMC iDRAC9 Versions Prior to 4.40.40.00 Vulnerability in Hyperion Financial Management: Unauthorized Data Access and Partial Denial of Service Content Spoofing / Text Injection Vulnerability in Dell EMC iDRAC8 and iDRAC9 Cross-Site Scripting (XSS) Vulnerability in Dell EMC iDRAC9 Information Disclosure Vulnerability in Dell OpenManage Enterprise and OpenManage Enterprise-Modular Dell OpenManage Enterprise OS Command Injection Vulnerability Absolute Path Traversal Vulnerability in Wyse Management Suite Versions 3.2 and Earlier Dell Wyse Management Suite Full Path Disclosure Vulnerability Cross-Site WebSocket Hijacking Vulnerability in Dell EMC PowerFlex Presentation Server/WebUI Privilege Escalation Vulnerability in Dell EMC Unity Storage Systems Unauthorized Read Access Vulnerability in Oracle PeopleSoft Enterprise CS Campus Community (9.2) Plain-text Password Storage Vulnerability in Dell EMC Unity, Unity XT, and UnityVSA Versions Prior to 5.1.0.0.5.394 Plain-text Password Storage Vulnerability in Dell EMC Unity, Unity XT, and UnityVSA Versions Prior to 5.1.0.0.5.394 Improper Exception Handling in Dell EMC PowerScale OneFS: Unauthorized Information Disclosure Vulnerability Dell PowerScale OneFS Sensitive Data Disclosure Vulnerability Privilege Escalation Vulnerability in Dell EMC PowerScale OneFS Remote Code Execution Vulnerability in Dell OpenManage Enterprise and OpenManage Enterprise Modular Sensitive Information Disclosure Vulnerability in Dell Wyse ThinOS 9.0 Sensitive Smartcard Data Disclosure Vulnerability in Dell Wyse ThinOS Critical OS Command Injection Vulnerability in Dell EMC PowerScale OneFS Versions 8.2.x - 9.2.1.x MySQL Server Denial of Service Vulnerability Uncontrolled Resource Consumption Vulnerability in Dell EMC NetWorker API Service Information Exposure in Log File Vulnerability in Dell EMC Data Protection Search and IDPA Arbitrary File Reading Vulnerability in Jenkins 2.274 and Earlier Cross-Site Scripting (XSS) Vulnerability in Jenkins 2.274 and Earlier Jenkins Old Data Monitor Injection Vulnerability Jenkins Vulnerability: Agent Name Override in Global `config.xml` File Improper Validation of Fingerprint ID in Jenkins LTS Versions Allows Path Enumeration Jenkins Memory Exhaustion Vulnerability Cross-Site Scripting (XSS) Vulnerability in Jenkins UI Button Labels Jenkins Access Control Vulnerability: Unauthorized Access to Restricted URLs Unauthenticated Access Vulnerability in Oracle Java SE, Java SE Embedded, and Oracle GraalVM Enterprise Edition Reflected Cross-Site Scripting (XSS) Vulnerability in Jenkins 2.274 and Earlier Stored Cross-Site Scripting (XSS) Vulnerability in Jenkins 2.274 and Earlier Unencrypted Storage of Credentials in Jenkins TraceTronic ECU-TEST Plugin Cross-Site Scripting (XSS) Vulnerability in Jenkins TICS Plugin 2020.3.0.6 and Earlier Unencrypted Storage of Credentials in Jenkins Bumblebee HP ALM Plugin Arbitrary File Read Vulnerability in Jenkins 2.275 and LTS 2.263.2 Stored Cross-Site Scripting (XSS) Vulnerability in Jenkins Active Choices Plugin Jenkins Configuration Slicing Plugin CSRF Vulnerability: Unauthorized Configuration Modification Stored Cross-Site Scripting (XSS) Vulnerability in Jenkins Repository Connector Plugin 2.0.2 and Earlier Stored Cross-Site Scripting (XSS) Vulnerability in Jenkins Claim Plugin 2.18.1 and Earlier Vulnerability in MySQL Server Audit Plug-in Allows Unauthorized Data Manipulation Jenkins Claim Plugin 2.18.1 CSRF Vulnerability: Unauthorized Claim Modification Jenkins Support Core Plugin Information Disclosure Vulnerability Stored Cross-Site Scripting (XSS) Vulnerability in Jenkins Artifact Repository Parameter Plugin 1.0.0 and Earlier Incorrect Permission Check in Jenkins Matrix Authorization Strategy Plugin Allows Unauthorized Access to Nested Items Incorrect Permission Check in Jenkins Role-based Authorization Strategy Plugin Allows Unauthorized Access to Nested Items Jenkins CloudBees AWS Credentials Plugin Vulnerability: Unauthorized Enumeration of AWS Credentials Unauthenticated File Pattern Matching in Jenkins Warnings Next Generation Plugin Jenkins Libvirt Agents Plugin CSRF Vulnerability: Hypervisor Domain Stoppage Stored Cross-Site Scripting (XSS) Vulnerability in Jenkins Build With Parameters Plugin CSRF Vulnerability in Jenkins Build With Parameters Plugin 1.5 and Earlier Java SE, Java SE Embedded, Oracle GraalVM Enterprise Edition Unauthenticated Network Access Vulnerability Stored Cross-Site Scripting (XSS) Vulnerability in Jenkins Extra Columns Plugin Jenkins Cloud Statistics Plugin Vulnerability: Unauthorized Access to Provisioning Exception Error Messages Vulnerability: Unauthorized URL Connection in Jenkins OWASP Dependency-Track Plugin Jenkins OWASP Dependency-Track Plugin CSRF Vulnerability Unencrypted Storage of Passwords in Jenkins Jabber (XMPP) Notifier and Control Plugin Stored Cross-Site Scripting (XSS) Vulnerability in Jenkins REST List Parameter Plugin 1.3.0 and Earlier Vulnerability: Enumeration of Credentials ID in Jenkins Team Foundation Server Plugin Vulnerability: Missing Permission Check in Jenkins Team Foundation Server Plugin CSRF Vulnerability in Jenkins Team Foundation Server Plugin Allows Unauthorized Access to Stored Credentials Jenkins Node Replacement Vulnerability MySQL Server Denial of Service Vulnerability Jenkins View Creation Vulnerability Jenkins Promoted Builds Plugin 3.9 and Earlier: Cross-Site Request Forgery (CSRF) Vulnerability Allows Unauthorized Build Promotion Jenkins Config File Provider Plugin 3.7.0 and earlier: XML External Entity (XXE) Vulnerability Jenkins Config File Provider Plugin 3.7.0 and earlier: Permission Check Bypass Vulnerability CSRF Vulnerability in Jenkins Config File Provider Plugin Allows Unauthorized Deletion of Configuration Files Jenkins Config File Provider Plugin 3.7.0 and earlier: Permission Bypass in HTTP Endpoints Arbitrary Code Execution in Jenkins Templating Engine Plugin Unauthenticated Build Scheduling Vulnerability in Jenkins CloudBees CD Plugin Reflected Cross-Site Scripting (XSS) Vulnerability in Jenkins Credentials Plugin Stored Cross-Site Scripting (XSS) Vulnerability in Jenkins Dashboard View Plugin Information Disclosure Vulnerability in Jenkins S3 Publisher Plugin Jenkins S3 Publisher Plugin Information Disclosure Vulnerability Jenkins Xray - Test Management for Jira Plugin 2.4.0 CSRF Vulnerability Jenkins Xray Plugin Vulnerability: Unauthorized Enumeration of Credentials Jenkins P4 Plugin 1.11.4 and earlier: Unauthenticated Perforce Server Connection Vulnerability CSRF Vulnerability in Jenkins P4 Plugin Allows Unauthorized Perforce Server Access XML External Entity (XXE) Vulnerability in Jenkins Xcode Integration Plugin 2.0.14 and Earlier XML External Entity (XXE) Vulnerability in Jenkins Filesystem Trigger Plugin 0.40 and Earlier XML External Entity (XXE) Vulnerability in Jenkins Nuget Plugin 1.0 and Earlier Jenkins URLTrigger Plugin 0.48 and earlier vulnerable to XML External Entity (XXE) attacks MySQL Server Denial of Service Vulnerability Stored Cross-Site Scripting (XSS) Vulnerability in Jenkins Markdown Formatter Plugin Jenkins Kubernetes CLI Plugin 1.10.0 and earlier: Credential Enumeration Vulnerability Vulnerability: Credential Enumeration in Jenkins XebiaLabs XL Deploy Plugin Unauthenticated Remote Code Execution in Jenkins XebiaLabs XL Deploy Plugin Vulnerability: Unauthorized Access to Jenkins Credentials via XL Deploy Plugin CSRF Vulnerability in Jenkins XebiaLabs XL Deploy Plugin Allows Unauthorized Access to User Credentials Reflected Cross-Site Scripting (XSS) Vulnerability in Jenkins Kiuwan Plugin 1.6.0 and Earlier Stored Cross-Site Scripting (XSS) Vulnerability in Jenkins Scriptler Plugin Stored Cross-Site Scripting (XSS) Vulnerability in Jenkins Scriptler Plugin 3.1 and Earlier XML External Entity (XXE) Vulnerability in Jenkins Generic Webhook Trigger Plugin Oracle Solaris Common Desktop Environment Vulnerability: Unauthorized Takeover of System Unauthorized Cancellation and Abortion of Jenkins Jobs Session Persistence Vulnerability in Jenkins 2.299 and earlier, LTS 2.289.1 and earlier Jenkins Selenium HTML Report Plugin 1.0 and earlier - XML External Entity (XXE) Vulnerability Jenkins CAS Plugin 1.6.0 and Earlier Vulnerability: Phishing Attacks via Redirect URL Unauthenticated Access to Pending Requests in Jenkins requests-plugin Plugin 2.2.6 and Earlier CSRF Vulnerability in Jenkins requests-plugin Plugin 2.2.12 and Earlier Unauthenticated Test Email Sending Vulnerability in Jenkins requests-plugin Plugin Remote Code Execution Vulnerability in Jenkins Code Coverage API Plugin 1.4.0 and Earlier CSRF Bypass Vulnerability in Jenkins SAML Plugin 2.0.7 and Earlier Jenkins Azure AD Plugin CSRF Bypass Vulnerability Jenkins Nested View Plugin XML External Entity (XXE) Vulnerability Unencrypted Storage of Docker Passwords in Jenkins Nomad Plugin Jenkins Trailing Dot Character Vulnerability Path Traversal Vulnerability in Jenkins File Browser Stored Cross-Site Scripting (XSS) Vulnerability in Jenkins Git Plugin 4.8.2 and Earlier Unauthenticated Directory Creation Vulnerability in Jenkins File Path Filter Bypass in Jenkins Agent-to-Controller Security Subsystem Unarchiving Symbolic Links Vulnerability in Jenkins Unrestricted Read Access Vulnerability in Jenkins 2.318 and Earlier Lack of Access Control in Jenkins 2.318 and Earlier: FilePath#unzip and FilePath#untar Vulnerability MySQL Server Denial of Service Vulnerability Bypassing File Path Filtering in Jenkins 2.318 and Earlier Unrestricted Symbolic Link Creation Vulnerability in Jenkins Insufficient Permission Check in FilePath#renameTo and FilePath#moveAllChildrenTo in Jenkins 2.318 and earlier, LTS 2.303.2 and earlier Insecure Temporary File Creation in Jenkins 2.318 and Earlier Lack of Permission Checks in FilePath Methods in Jenkins 2.318 and Earlier Unrestricted Access to Files via Symbolic Links in Jenkins Unsandboxed Code Execution Vulnerability in Jenkins Jenkins Vulnerability: Unrestricted Access to Build Directories Unrestricted File Name Lookup Vulnerability in Jenkins Subversion Plugin Stored Cross-Site Scripting (XSS) Vulnerability in Jenkins Active Choices Plugin MySQL Server Denial of Service Vulnerability Stored Cross-Site Scripting (XSS) Vulnerability in Jenkins Scriptler Plugin XML External Entity (XXE) Vulnerability in Jenkins Performance Plugin 3.20 and Earlier Null Pointer Dereference Vulnerability in PHP SOAP Extension Privilege Escalation Vulnerability in PHP FPM SAPI Firebird PDO Driver Extension Vulnerability: Remote Code Execution and Denial of Service URL Validation Bypass Vulnerability in PHP Versions 7.3.x, 7.4.x, and 8.0.x ZipArchive::extractTo Vulnerability: Arbitrary File Write in PHP XML Parsing Vulnerability in PHP Versions 7.3.x, 7.4.x, and 8.0.x Memory Corruption and Remote Code Execution Vulnerability in PHP FILTER_VALIDATE_FLOAT MySQL Server Replication Vulnerability: Unauthorized Hang and Crash MySQL Server Denial of Service Vulnerability Information Leak Vulnerability in ZTE Smart STB (ZXV10 B860A V2.1-T_V0032.1.1.04_jiangsuTelecom) ZTE Products DoS Vulnerability: Memory Leak Leading to Device Denial of Service Memory Leak Vulnerability in ZTE ZXR10 8900E (Versions up to V3.03.20R2B30P1) ZXHN H196Q V9.1.0C2 Information Leak Vulnerability ZTE Products Diagnostic Function Interface Input Verification Vulnerability IPv6 Packet Amplification DoS Vulnerability in ZTE ZXHN F623 (All versions up to V6.0.0P3T33) ZTE ZXA10 C300M Configuration Error Vulnerability CSRF Vulnerability in ZTE Products: ZXHN H168N V3.5.0_EG1T5_TE, V2.5.5 and ZXHN H108N V2.5.5_BTMT1 Oracle Database Server Recovery Component Unauthorized Read Access Vulnerability ZXHN H168N V3.5.0_TY.T6 Improper Access Control Vulnerability CSRF Vulnerability in ZTE ZXCLOUD iRAI Management Page Improper Access Control Vulnerability in ZTE Axon 11 5G: Unauthorized File Access ZXCDN Management System Information Leak Vulnerability Plaintext Storage of Sensitive Information in ZTE PON MDU Devices ZXHN H168N Information Leak Vulnerability Permission and Access Control Vulnerability in ZTE ZXHN HS562 Smart Camera ZTE Smart STB Product Vulnerability: System Tampering and Customization Exploitation Reflective Cross-Site Scripting (XSS) Vulnerabilities in ZTE's Big Video Business Platform Unauthenticated Optical Module Replacement Vulnerability in ZTE's ZXCTN 6120H V5.10.00B24 MySQL Server Denial of Service Vulnerability Information Leak Vulnerability in ZTE Residential Gateway's Digital Media Player ZTE Conference Management System Command Execution Vulnerability ZTE Mobile Phone Message Service App Information Leak Vulnerability ZTE MF971R Product CRLF Injection Vulnerability ZTE MF971R Configuration File Control Vulnerability Referer Authentication Bypass Vulnerability in ZTE MF971R ZTE MF971R Product Reflective XSS Vulnerability: Cookie Information Exposure ZTE MF971R Product Reflective XSS Vulnerability: Cookie Information Exposure Critical Stack-Based Buffer Overflow Vulnerabilities in ZTE MF971R: Risk of Arbitrary Code Execution Critical Stack-Based Buffer Overflow Vulnerabilities in ZTE MF971R: Risk of Arbitrary Code Execution Database Vault Access Control Bypass Vulnerability Privilege Escalation Vulnerability in ZTE BigVideo Analysis Product Input Verification Vulnerability in ZTE BigVideo Analysis Product Oracle Secure Global Desktop 5.6 Vulnerability: Unauthenticated Takeover Use-After-Free Vulnerability in lib3mf 2.0.0 Allows Code Execution via Crafted 3MF File Accusoft ImageGear 19.8 TIFF Header Count Out-of-Bounds Write Vulnerability Use-After-Free Vulnerability in WebKitGTK 2.30.4 Allows Information Leak and Memory Corruption Accusoft ImageGear 19.8 SGI Format Buffer Size Processing Out-of-Bounds Write Vulnerability Ethernet/IP UDP Handler Information Disclosure Vulnerability Denial of Service Vulnerability in lib60870.NET 2.2.0 Allows Loss of Communications Use-After-Free Vulnerability in WebKitGTK 2.30.4: Information Leak and Memory Corruption MySQL Server Replication Vulnerability: Unauthorized Hang and Crash Information Disclosure Vulnerability in ARM SIGPAGE Functionality of Linux Kernel Accusoft ImageGear 19.8 SGI Format Buffer Size Processing Out-of-Bounds Write Vulnerability Remote Code Execution Vulnerability in Genivia gSOAP 2.8.107 WS-Addressing Plugin Accusoft ImageGear 19.8: JPG Format SOF Marker Out-of-Bounds Write Vulnerability Information Disclosure Vulnerability in IOBit Advanced SystemCare Ultimate 14.2.0.220 Privilege Escalation Vulnerability in IOBit Advanced SystemCare Ultimate 14.2.0.220 Privilege Escalation Vulnerability in IOBit Advanced SystemCare Ultimate 14.2.0.220 Driver Privilege Escalation via IOBit Advanced SystemCare Ultimate 14.2.0.220 Driver IOCTL Handling Privilege Escalation Vulnerability in IOBit Advanced SystemCare Ultimate 14.2.0.220 Driver MySQL Server Group Replication Plugin Denial of Service Vulnerability Information Disclosure Vulnerability in IOBit Advanced SystemCare Ultimate 14.2.0.220 Driver Information Disclosure Vulnerability in IOBit Advanced SystemCare Ultimate 14.2.0.220 Driver Information Disclosure Vulnerability in IOBit Advanced SystemCare Ultimate 14.2.0.220 Driver Accusoft ImageGear 19.8 and 19.9 - JPG sof_nb_comp Header Out-of-Bounds Write Vulnerability Accusoft ImageGear 19.9 TIF bits_per_sample Out-of-Bounds Write Vulnerability Accusoft ImageGear 19.9 PSD read_icc_icCurve_data Heap-Based Buffer Overflow Vulnerability Use-After-Free Vulnerability in Nitro Pro PDF's JavaScript Implementation Double-Free Vulnerability in Nitro Pro PDF Allows for Code Execution Nitro Pro PDF JavaScript Stack Variable Address Out-of-Scope Vulnerability Cross-Site Scripting (XSS) Vulnerability in Advantech R-SeeNet v2.4.12 (telnet_form.php) MySQL Server Denial of Service Vulnerability Cross-Site Scripting (XSS) Vulnerability in Advantech R-SeeNet v2.4.12 (20.10.2020) SSH Form Arbitrary JavaScript Code Execution in Advantech R-SeeNet's device_graph_page.php Arbitrary JavaScript Code Execution in Advantech R-SeeNet's device_graph_page.php Arbitrary JavaScript Code Execution in Advantech R-SeeNet's device_graph_page.php Local File Inclusion (LFI) Vulnerability in Advantech R-SeeNet v2.4.12 (20.10.2020) options.php Script OS Command Injection Vulnerability in Advantech R-SeeNet v2.4.12 (20.10.2020) Use-After-Free Remote Code Execution Vulnerability in WebKitGTK Browser Integer Overflow Vulnerability in Accusoft ImageGear 19.9 DICOM parse_dicom_meta_info Functionality Accusoft ImageGear 19.9 PNG png_palette_process Heap Buffer Overflow Vulnerability Command Execution Vulnerability in Moodle 3.10 Legacy Spellchecker Plugin Oracle Document Management and Collaboration Product Vulnerability Heap Buffer Overflow in AT&T Labs’ Xmill 0.7 XML Parsing Heap Buffer Overflow in AT&T Labs’ Xmill 0.7 XML Parsing Stack-based Buffer Overflow in HandleFileArg Functionality of AT&T Labs' Xmill 0.7 Stack-buffer overflow vulnerability in HandleFileArg function Arbitrary Null Write Vulnerability in HandleFileArg Function Stack-based Buffer Overflow in Xmill 0.7's HandleFileArg Functionality Syslog Information Disclosure Vulnerability in D-LINK DIR-3040 1.13B03 Zebra IP Routing Manager Information Disclosure Vulnerability in D-LINK DIR-3040 1.13B03 Hard-coded Password Vulnerability in D-LINK DIR-3040 1.13B03: Exploiting the Zebra IP Routing Manager for Denial of Service Arbitrary Command Execution Vulnerability in D-LINK DIR-3040 1.13B03 Oracle iStore Product Vulnerability: Unauthorized Access and Data Compromise Hard-coded Password Vulnerability in D-LINK DIR-3040 1.13B03's Libcli Test Environment Accusoft ImageGear 19.9 PDF Process_Fontname Stack-Based Buffer Overflow Vulnerability Use-After-Free Vulnerability in Foxit PDF Reader 10.1.3.37598 Allows Arbitrary Code Execution Friend Finder Information Disclosure Vulnerability Accusoft ImageGear 19.9 JPG Handle_JPEG420 Out-of-Bounds Write Vulnerability Heap-based Buffer Overflow in Xmill 0.7 XML Decompression Functionality Heap-Based Buffer Overflow in AT&T Labs Xmill 0.7 XML Decompression DecodeTreeBlock Functionality Heap-Based Buffer Overflow in AT&T Labs Xmill 0.7 XML Decompression DecodeTreeBlock Functionality Heap-Based Buffer Overflow in AT&T Labs Xmill 0.7 XML Decompression DecodeTreeBlock Functionality Heap-based Buffer Overflow in XML Decompression EnumerationUncompressor::UncompressItem Functionality of Xmill 0.7 Oracle iStore Product Vulnerability: Unauthorized Access and Data Compromise Heap-based Buffer Overflow in XML Decompression LabelDict::Load Functionality of Xmill 0.7 Use-After-Free Vulnerability in Foxit PDF Reader 10.1.3.37598 Allows Arbitrary Code Execution ISO Parsing Functionality Memory Corruption Vulnerability in Deamon Tools Pro 8.3.0.0767 Out-of-Bounds Write Vulnerability in Accusoft ImageGear 19.9 Integer Overflow Vulnerability in GPAC Project on Advanced Content Library v1.0.1 Integer Overflow Vulnerability in GPAC Project on Advanced Content Library v1.0.1 Integer Overflow Vulnerability in GPAC Project on Advanced Content Library v1.0.1 Integer Overflow Vulnerabilities in GPAC Project on Advanced Content Library v1.0.1 Integer Overflow Vulnerabilities in GPAC Project on Advanced Content Library v1.0.1 Integer Overflow Vulnerabilities in GPAC Project on Advanced Content Library v1.0.1 Oracle iStore Product Vulnerability: Unauthorized Access and Data Compromise Integer Overflow Vulnerability in GPAC Project on Advanced Content Library v1.0.1 Integer Overflow Vulnerability in GPAC Project on Advanced Content Library v1.0.1 Integer Overflow Vulnerability in GPAC Project on Advanced Content Library v1.0.1 Integer Overflow Vulnerabilities in GPAC Project on Advanced Content Library v1.0.1 MPEG-4 Decoding Functionality Integer Overflow Vulnerability in GPAC Project on Advanced Content Library v1.0.1 Integer Overflow Vulnerability in GPAC Project on Advanced Content Library v1.0.1 MPEG-4 Decoder Integer Overflow Vulnerabilities in GPAC Project on Advanced Content Library v1.0.1 Integer Overflow Vulnerabilities in GPAC Project on Advanced Content Library v1.0.1 Integer Overflow Vulnerability in GPAC Project on Advanced Content Library v1.0.1 Integer Overflow Vulnerability in GPAC Project on Advanced Content Library v1.0.1 Oracle iStore Product Vulnerability: Unauthorized Access and Data Compromise Integer Overflow Vulnerability in GPAC Project on Advanced Content Library v1.0.1 Integer Overflow Vulnerabilities in GPAC Project on Advanced Content Library v1.0.1 Integer Overflow Vulnerability in GPAC Project on Advanced Content Library v1.0.1 MPEG-4 Decoder Integer Overflow Vulnerabilities in GPAC Project on Advanced Content Library v1.0.1 Integer Overflow Vulnerabilities in GPAC Project on Advanced Content Library v1.0.1 Integer Overflow Vulnerabilities in GPAC Project on Advanced Content Library v1.0.1 Integer Overflow Vulnerabilities in GPAC Project on Advanced Content Library v1.0.1 Integer Overflow Vulnerabilities in GPAC Project on Advanced Content Library v1.0.1 Integer Overflow Vulnerabilities in GPAC Project on Advanced Content Library v1.0.1 Integer Truncation Vulnerability in GPAC Project on Advanced Content Library v1.0.1 Oracle iStore Product Vulnerability: Unauthorized Access and Data Compromise Heap-based Buffer Overflow in GPAC Project on Advanced Content Library v1.0.1 Heap-based Buffer Overflow in GPAC Project on Advanced Content Library v1.0.1 Heap-based Buffer Overflow in GPAC MPEG-4 Decoding Functionality Unsafe Deserialization Vulnerability in CODESYS Development System 3.5.16 and 3.5.17 Unsafe Deserialization Vulnerability in CODESYS Development System 3.5.16 and 3.5.17 Unsafe Deserialization Vulnerability in CODESYS Development System 3.5.16 Allows Arbitrary Command Execution Arbitrary Command Execution via Unsafe Deserialization in CODESYS Development System 3.5.16 and 3.5.17 Unsafe Deserialization Vulnerability in CODESYS Development System 3.5.16 and 3.5.17 Unsafe Deserialization Vulnerability in CODESYS Development System 3.5.16 and 3.5.17 Unsafe Deserialization Vulnerability in CODESYS Development System 3.5.16 and 3.5.17 Oracle iStore Product Vulnerability: Unauthorized Access and Data Compromise Use-After-Free Vulnerability in Foxit PDF Reader 10.1.4.37651 Memory Corruption Vulnerability in PowerISO 7.9 DMG File Format Handler OS Command Injection in Lantronix PremierWave 2050 8.9.0.0R4 Web Manager Diagnostics: Traceroute Functionality Arbitrary Command Execution in RSA Keypasswd Parameter via Specially-Crafted HTTP Request Arbitrary Command Execution in DSA KeyPasswd Parameter Arbitrary Command Execution in EC Keypasswd Parameter via Specially-Crafted HTTP Request Arbitrary Command Execution in PUT Requests via Specially-Crafted HTTP Requests Arbitrary Command Execution via Specially-Crafted HTTP GET Requests Local File Inclusion Vulnerability in Lantronix PremierWave 2050 8.9.0.0R4 Web Manager Applications and FsBrowse Functionality Directory Traversal Vulnerability in Lantronix PremierWave 2050 8.9.0.0R4 Web Manager File Upload Functionality Oracle iStore Product Vulnerability: Unauthorized Access and Data Compromise Directory Traversal Vulnerability in Lantronix PremierWave 2050 8.9.0.0R4 Web Manager FsCopyFile Functionality OS Command Injection Vulnerability in Lantronix PremierWave 2050 8.9.0.0R4 Web Manager Wireless Network Scanner OS Command Injection in Lantronix PremierWave 2050 8.9.0.0R4 Web Manager FsUnmount Functionality OS Command Injection in Lantronix PremierWave 2050 8.9.0.0R4 Web Manager Diagnostics: Ping Functionality OS Command Injection in Lantronix PremierWave 2050 8.9.0.0R4 Web Manager SslGenerateCSR Functionality Directory Traversal Vulnerability in Lantronix PremierWave 2050 Web Manager FsMove Functionality Directory Traversal Vulnerability in Lantronix PremierWave 2050 8.9.0.0R4 Web Manager FSBrowsePage Functionality Stack-based Buffer Overflow in Lantronix PremierWave 2050 Web Manager SslGenerateCSR Functionality OS Command Injection in Lantronix PremierWave 2050 Web Manager SslGenerateCertificate Functionality Stack-based Buffer Overflow in Lantronix PremierWave 2050 Web Manager Ping Functionality Oracle Sales Offline Product Vulnerability: Unauthorized Hang and Crash Exploit Stack-based Buffer Overflow in Lantronix PremierWave 2050 Web Manager FsBrowseClean Functionality Stack-based Buffer Overflow in Lantronix PremierWave 2050 Web Manager FsBrowseClean Functionality Stack-based Buffer Overflow in Lantronix PremierWave 2050 Web Manager FsUnmount Functionality Use-After-Free Vulnerability in Foxit PDF Reader 11.0.0.49893 Allows Arbitrary Code Execution Directory Traversal Vulnerability in Lantronix PremierWave 2050 8.9.0.0R4 (QEMU) Web Manager FsTFtp Functionality Directory Traversal Vulnerability in Lantronix PremierWave 2050 8.9.0.0R4 (QEMU) Allows for FsTFtp File Overwrite Arbitrary File Deletion Vulnerability in Lantronix PremierWave 2050 8.9.0.0R4 Heap Buffer Overflow in Ribbonsoft dxflib 3.17.0's DL_Dxf::handleLWPolylineData Functionality Out-of-Bounds Write Vulnerability in LibreCad libdxfrw 2.2.0-rc2-19-ge02f3580 Heap Buffer Overflow in LibreCad libdxfrw 2.2.0-rc2-19-ge02f3580 Oracle Sales Offline Product Vulnerability: Unauthorized Hang and Crash Exploit Use-after-free vulnerability in dxfRW::processLType() function of LibreCad libdxfrw 2.2.0-rc2-19-ge02f3580 Stack-based Buffer Overflow in Garrett Metal Detectors' iC Module CMA Version 5.0 Authentication Bypass Vulnerability in Garrett Metal Detectors iC Module CMA Version 5.0 Stack-based Buffer Overflow in Garrett Metal Detectors' iC Module CMA Version 5.0 Directory Traversal Vulnerability in Garrett Metal Detectors' iC Module CMA Version 5.0 Stack-based Buffer Overflow Vulnerability in Garrett Metal Detectors iC Module CMA Version 5.0 Stack-based Buffer Overflow in Garrett Metal Detectors iC Module CMA Version 5.0 Directory Traversal Vulnerability in Garrett Metal Detectors' iC Module CMA Version 5.0 Arbitrary File Deletion via Command Line Arguments Arbitrary File Deletion Vulnerability in del .cnt|.log Command Vulnerability in Oracle Business Intelligence Enterprise Edition: Unauthorized Data Access and Manipulation Privilege Escalation Vulnerability in Advantech R-SeeNet 2.4.15 (Windows Installation) Privilege Escalation Vulnerability in Advantech R-SeeNet 2.4.15 (Windows Installation) Privilege Escalation Vulnerability in Advantech R-SeeNet 2.4.15 (Windows Installation) WiFi Smart Mesh Functionality Information Disclosure Vulnerability in D-LINK DIR-3040 1.13B03 Heap-based Buffer Overflow in Accusoft ImageGear 19.10 DecoderStream::Append Functionality SQL Injection Vulnerability in Advantech R-SeeNet 2.4.15 (30.07.2021) - Group List Page SQL Injection Vulnerability in Advantech R-SeeNet 2.4.15 (30.07.2021) via 'description_filter' Parameter SQL Injection Vulnerability in Advantech R-SeeNet 2.4.15 (30.07.2021) on 'group_list' Page SQL Injection Vulnerability in 'name_filter' Parameter with Super-Administrator Account SQL Injection Vulnerability in HTTP Request Parameter 'ord' Oracle Solaris Kernel Vulnerability: Unauthorized Access and Denial of Service SQL Injection Vulnerability in 'surname_filter' Parameter SQL Injection Vulnerability in 'name_filter' Parameter SQL Injection Vulnerability in 'username_filter' Parameter SQL Injection Vulnerability in 'company_filter' Parameter SQL Injection Vulnerability in 'desc_filter' Parameter SQL Injection Vulnerability in 'firm_filter' Parameter SQL Injection Vulnerability in 'health_filter' Parameter SQL Injection Vulnerability in 'loc_filter' Parameter SQL Injection Vulnerability in 'mac_filter' Parameter SQL Injection Vulnerability in 'prod_filter' Parameter MySQL Server Denial of Service Vulnerability SQL Injection Vulnerability in 'sn_filter' Parameter SQL Injection Vulnerability in stat_filter Parameter SQL Injection Vulnerability in 'name_filter' Parameter SQL Injection Vulnerability in 'esn_filter' Parameter SQL Injection Vulnerability in 'imei_filter' Parameter SQL Injection Vulnerability in host_alt_filter2 Parameter SQL Injection Vulnerability in 'health_alt_filter' Parameter SQL Injection Vulnerability in 'host_alt_filter' Parameter Accusoft ImageGear 19.10 Palette Box Parser Heap-Based Buffer Overflow Vulnerability Accusoft ImageGear 19.10 XWD Parser Heap-Based Buffer Overflow Vulnerability MySQL Server Denial of Service Vulnerability Heap-Based Buffer Overflow in Anker Eufy Homebase 2 2.1.6.9h's pushMuxer processRtspInfo Functionality Use-After-Free Vulnerability in Anker Eufy Homebase 2 2.1.6.9h: Remote Code Execution Accusoft ImageGear 19.10 TIFF YCbCr Image Parser Out-of-Bounds Write Remote Code Execution Vulnerability Accusoft ImageGear 19.10 XWD Parser Heap-Based Buffer Overflow Vulnerability Heap-Based Buffer Overflow in Accusoft ImageGear 19.10 TIFF Parser Heap-Based Buffer Overflow in Accusoft ImageGear 19.10 TIFF Parser Functionality Heap-based Buffer Overflow in Accusoft ImageGear 19.10 JPEG-JFIF Lossless Huffman Image Parser Heap-Based Buffer Overflow in Accusoft ImageGear 19.10 JPEG-JFIF Lossless Huffman Image Parser Heap-Based Buffer Overflow in AnyCubic Chitubox AnyCubic Plugin 1.0.0 JPEG-JFIF Scan Header Parser Out-of-Bounds Write Vulnerability in Accusoft ImageGear 19.10 Vulnerability in Oracle Partner Management of Oracle E-Business Suite: Unauthorized Access and Data Compromise Out-of-Bounds Write Vulnerability in Anker Eufy Homebase 2 2.1.6.9h Out-of-Bounds Write Vulnerability in Anker Eufy Homebase 2 2.1.6.9h Authentication Bypass Vulnerability in Anker Eufy Homebase 2 2.1.6.9h Authentication Bypass Vulnerability in Anker Eufy Homebase 2 2.1.6.9h Command Execution Vulnerability in Anker Eufy Homebase 2 2.1.6.9h Authentication Bypass Vulnerability in Anker Eufy Homebase 2 2.1.6.9h Allows Password Recovery via Network Sniffing PHP Unserialize Vulnerability in CloudLinux Inc Imunify360 5.10.2: Arbitrary Command Execution Dream Report ODS Remote Connector 20.2.16900.0 Privilege Escalation via Command Injection Heap-based Buffer Overflow Vulnerability in Hancom Office 2020 11.0.0.2353 MQTTS Misconfiguration in SeaConnect 370W v1.3.34: Enabling Man-in-the-Middle Attacks and Device Takeover MySQL Server Denial of Service Vulnerability Stack-based Buffer Overflow Vulnerability in Sealevel Systems SeaConnect 370W v1.3.34 Stack-based Buffer Overflow Vulnerability in Sealevel Systems SeaConnect 370W v1.3.34 NBNS Functionality Heap-based Buffer Overflow in SeaConnect 370W v1.3.34 OTA Update u-download Functionality SeaConnect 370W v1.3.34 Web Server Information Disclosure Vulnerability Denial of Service Vulnerability in Sealevel Systems SeaConnect 370W v1.3.34 Modbus Configuration Denial of Service Vulnerability in SeaMax Remote Configuration Functionality of SeaConnect 370W v1.3.34 Uninitialized Read Vulnerability in Texas Instruments CC3200 SimpleLink Solution NWP 2.9.0.0 HTTP Server Out-of-Bounds Write Vulnerability in Sealevel Systems SeaConnect 370W v1.3.34 OTA Update Task Sealevel Systems SeaConnect 370W v1.3.34 - OTA Update Task Arbitrary File Write Vulnerability Out-of-Bounds Write Vulnerability in Sealevel Systems SeaConnect 370W v1.3.34 Oracle iStore Product Vulnerability: Unauthorized Access and Data Compromise Out-of-bounds write vulnerability in HandleSeaCloudMessage function of Sealevel Systems, Inc. SeaConnect 370W v1.3.34 Out-of-Bounds Write Vulnerability in Sealevel Systems SeaConnect 370W v1.3.34 MQTT URL_decode Functionality vSphere Client (HTML5) Remote Code Execution Vulnerability vSphere Client (HTML5) SSRF Vulnerability in vCenter Server Plugin Heap-Overflow Vulnerability in OpenSLP Service Allows Remote Code Execution CVE-2021-21975: vRealize Operations Manager API Server Side Request Forgery Vulnerability vSphere Replication Remote Code Execution Vulnerability Remote Code Execution Vulnerability in VMware View Planner 4.x prior to 4.6 Security Patch 1 Fixed APP_KEY Vulnerability in Bitnami Laravel Containers Vulnerability in Oracle Knowledge Management of Oracle E-Business Suite: Unauthorized Access and Data Compromise Unauthorized Arbitrary File Read Vulnerability in vSphere Web Client VMware NSX-T Privilege Escalation Vulnerability Authentication Bypass Vulnerability in VMware Carbon Black Cloud Workload Appliance Arbitrary File Write Vulnerability in vRealize Operations Manager API (CVE-2021-21983) Remote Code Execution Vulnerability in VMware vRealize Business for Cloud 7.x prior to 7.6.0 vSphere Client (HTML5) Remote Code Execution Vulnerability in Virtual SAN Health Check Plug-in Unauthenticated Access Vulnerability in vSphere Client (HTML5) Plug-ins Out-of-Bounds Read Vulnerability in VMware Workstation and Horizon Client for Windows Out-of-Bounds Read Vulnerability in VMware Workstation and Horizon Client for Windows Out-of-Bounds Read Vulnerability in VMware Workstation and Horizon Client for Windows Oracle iStore Product Vulnerability: Unauthorized Access and Data Compromise Cross-Site Scripting Vulnerability in VMware Workspace ONE UEM Console Local Privilege Escalation Vulnerability in vCenter Server vCenter Server Denial-of-Service Vulnerability through Improper XML Entity Parsing vCenter Server SSRF Vulnerability in Content Library Allows Information Disclosure ESXi SFCB Authentication Bypass Vulnerability OpenSLP Heap Out-of-Bounds Read Denial-of-Service Vulnerability in ESXi Root-level File System Access Vulnerability in SaltStack Salt Denial-of-Service Vulnerability in VMware Tools for Windows (11.x.y prior to 11.3.0) Authentication Bypass Vulnerability in VMware Carbon Black App Control Local Privilege Escalation Vulnerability in VMware Tools, VMware Remote Console, and VMware App Volumes Oracle Applications Framework Home Page Unauthenticated Access Vulnerability DLL Hijacking Vulnerability in VMware ThinApp 5.x Sensitive Information Disclosure in UAA Server: Identity Provider Deletion Vulnerability Vulnerability: Unauthorized Access and Authentication Bypass in VMware Workspace ONE Access and Identity Manager Unintended Login Interface on Port 7443 in VMware Workspace ONE Access and Identity Manager Vulnerability: Unauthorized Configuration File Usage in SaltStack Salt Installer Arbitrary File Upload Vulnerability in vCenter Server Analytics Service Reverse Proxy Bypass Vulnerability in vCenter Server Allows Unauthorized Endpoint Access Local Information Disclosure Vulnerability in vCenter Server Analytics Service VAPI Information Disclosure Vulnerability in vCenter Server vCenter Server VAPI Denial-of-Service Vulnerabilities MySQL Server Vulnerability: Unauthorized Hang and Crash vCenter Server Denial-of-Service Vulnerability in VPXD Service Unauthenticated API Endpoint Vulnerability in vCenter Server Content Library Allows Unauthorized VM Network Setting Manipulation Unauthenticated Appliance Management API in vCenter Server Allows Information Disclosure vCenter Server File Path Traversal Vulnerability: Information Disclosure in Appliance Management API Authenticated Code Execution Vulnerability in vCenter Server's VAMI Local Privilege Escalation Vulnerabilities in vCenter Server Appliance vCenter Server Reflected Cross-Site Scripting Vulnerability Improper URI Normalization in Rhttproxy Allows Bypassing Proxy and Accessing Internal Endpoints Arbitrary File Deletion Vulnerability in vCenter Server's vSphere Life-cycle Manager Plug-in vCenter Server VAPI Denial-of-Service Vulnerability MySQL Server Replication Vulnerability: Unauthorized Hang and Crash vCenter Server Analytics Service Denial-of-Service Vulnerability Cross Site Scripting (XSS) Vulnerability in VMware vRealize Log Insight (8.x prior to 8.4) Arbitrary File Read Vulnerability in vRealize Operations Manager API (8.x prior to 8.5) Insecure Object Reference Vulnerability in vRealize Operations Manager API (8.x prior to 8.5) Allows Account Takeover Arbitrary Log File Read Vulnerability in vRealize Operations Manager API (8.x prior to 8.5) Unauthenticated API Access Vulnerability in vRealize Operations Manager API (8.x prior to 8.5) Server Side Request Forgery (SSRF) Vulnerability in vRealize Operations Manager API (8.x prior to 8.5) Allows Information Disclosure Server Side Request Forgery (SSRF) Vulnerability in vRealize Operations Manager API (8.x prior to 8.5) Allows Information Disclosure File Path Traversal Vulnerability in Greenplum Database: Information Disclosure and File System Manipulation Denial of Service Vulnerability in VMware Workspace ONE UEM REST API MySQL Server Vulnerability: Unauthorized Hang and Crash Sensitive Credential Information Leakage in Greenplum Database Logs VMware vRealize Operations 8.6 SSRF Vulnerability Information Disclosure Vulnerability in VMware vRealize Operations Tenant App 8.6 CSV Injection Vulnerability in VMware vRealize Log Insight (8.x prior to 8.6) Open Redirect Vulnerability in VMware vRealize Orchestrator (8.x prior to 8.6) Path Interception by Search Order Hijacking in InstallBuilder Windows Installers Unprivileged Binary Replacement Vulnerability in Windows Installers Oracle WebLogic Server Unauthenticated Read Access Vulnerability Use-After-Free Vulnerability in VMware XHCI USB Controller Allows Code Execution Double-fetch vulnerability in UHCI USB controller allows code execution in VMware virtual machines Unauthorized Access Vulnerability in VMware ESXi: Exploiting VMX Privileges to Access High-Privileged settingsd Service VMware ESXi Privilege Escalation via TOCTOU Vulnerability Involuntary Endpoint Exposure in Spring Cloud OpenFeign Heap-Overflow Vulnerability in VMware CD-ROM Device Emulation Unauthorized Access to Custom Controllers in Spring Data REST vCenter Server Privilege Escalation via IWA Authentication Vulnerability vSphere Web Client vSAN UI Plug-in SSRF Vulnerability Oracle Marketing Product Vulnerability: Unauthorized Access and Data Manipulation ESXi rhttpproxy Denial-of-Service Vulnerability Vulnerability: Request Smuggling in Spring Cloud Gateway Code Execution Vulnerability in Spring Cloud Netflix Hystrix Dashboard SSRF Vulnerability in VMware Workspace ONE UEM Console Remote Log Injection Vulnerability in SchedulerServer of VMware Photon SSRF Vulnerability in VMware Workspace ONE Access and Identity Manager Authentication Bypass Vulnerability in VMware Workspace ONE Access Oracle Trade Management Product Vulnerability: Unauthorized Access and Data Compromise Log Injection Vulnerability in Spring Framework Oracle Database - Enterprise Edition RMAN Privilege Escalation Vulnerability MySQL Server Vulnerability: Unauthorized Hang and Crash Oracle Email Center Product Vulnerability: Unauthorized Access and Data Compromise Out-of-Memory Error Vulnerability in Spring AMQP Message toString() Method Log Injection Vulnerability in Spring Framework Deserialization-based Denial of Service in Spring AMQP Open Redirect Vulnerability in UAA Server Versions Prior to 75.4.0 Oracle Trade Management Product Vulnerability: Unauthorized Access and Data Compromise Denial-of-Service Vulnerability in Cloud Foundry CAPI Versions Prior to 1.122 Unauthenticated Denial of Service (DoS) Vulnerability in Cloud Controller Versions Prior to 1.118.0 Unauthenticated Remote Code Execution Vulnerability in Oracle WebLogic Server Privilege Escalation Vulnerability in Spring Security Bypassing Sensitive Headers Restriction in Spring Cloud Netflix Zuul 2.2.6.RELEASE and Below Arbitrary File Write Vulnerability in Spring-integration-zip (CVE-2018-1263) Insecure Logging of Service Broker Credentials in Cloud Controller API Denial of Service Vulnerability in RabbitMQ AMQP 1.0 Client Connection Endpoint Insecure Plugin Directory Permissions in RabbitMQ Installers on Windows Privilege Escalation in Spring Framework WebFlux Application Denial-of-Service (DoS) Vulnerability in Spring Security OAuth 2.0 Client Web and WebFlux Applications MySQL Server Denial of Service Vulnerability Reflected Cross-Site Scripting (XSS) Vulnerability in FortiWeb GUI Interface FortiWeb Management Interface OS Command Injection Vulnerability Uncontrolled Resource Consumption (Denial of Service) Vulnerability in FortiSandbox and FortiAuthenticator Command Execution Vulnerability in FortiSandbox Sniffer Module Arbitrary Code Execution via Network Name Trickery in FortiClient for Linux Improper Access Control Vulnerability in FortiProxy SSL VPN Portal Buffer Overflow Vulnerability in FortiMail Webmail and Administrative Interface MySQL Server Denial of Service Vulnerability Stack-based Buffer Overflow Vulnerability in FortiProxy Physical Appliance CLI Certificate Validation Vulnerability in Fortinet FortiToken Applications Information Disclosure Vulnerability in Elasticsearch 7.7.0 to 7.10.1 Async Search API Sensitive HTTP Header Information Leakage in Elastic APM Agent for Go Versions Before 1.11.0 Elasticsearch Document Disclosure Vulnerability Document Disclosure Vulnerability in Elasticsearch Suggester and Profile API Kibana Session Timeout Bypass Vulnerability Elasticsearch Document Disclosure Vulnerability TLS Certificate Validation Flaw in Logstash Monitoring Feature Denial of Service Vulnerability in Kibana Webhook Actions Oracle WebLogic Server Console Unauthorized Access Vulnerability XML External Entity Injection (XXE) Vulnerability in Elastic App Search Web Crawler Beta Feature Open Redirect Vulnerability in Kibana Versions Before 7.13.0 and 6.8.16 Kibana Chromium Browser Vulnerability Vulnerability: Information Leakage of Sensitive HTTP Headers in Elastic APM .NET Agent Elasticsearch Grok Parser Uncontrolled Recursion Denial of Service Vulnerability Memory Disclosure Vulnerability in Elasticsearch 7.10.0 to 7.13.3 Error Reporting Default Enabled Anonymous User in Elastic Cloud Enterprise Allows for Unauthorized Access Elasticsearch Searchable Snapshots Unauthorized Access Vulnerability API Key Misconfiguration in Elastic Enterprise Search App Search API Key Authorization Bypass in Elastic Enterprise Search App Search Versions Prior to 7.14.0 MySQL Server Stored Procedure Denial of Service Vulnerability Insecure Package Upload Vulnerability in Fleet Admin Permissions Arbitrary File Loading Vulnerability in Kibana Denial of Service Vulnerability in BlackBerry UEM Management Console Remote Code Execution Vulnerability in BlackBerry UEM Management Console Information Disclosure Vulnerability in BlackBerry UEM Management Console Allows Unauthorized Access to Web History Title: Authentication Bypass Vulnerability in BlackBerry Workspaces Server Allows Unauthorized Access Integer Overflow Vulnerability in calloc() Function of BlackBerry QNX Software Development Platform (SDP) and QNX OS Stored XSS Vulnerability in Proofpoint Insider Threat Management Server (formerly ObserveIT Server) before 7.11.1 XML External Entity (XXE) Injection in Proofpoint Insider Threat Management Server Web Console Proofpoint Insider Threat Management Windows Agent Local Privilege Escalation Vulnerability Vulnerability in Oracle PeopleSoft: Unauthorized Data Access and Manipulation Apache Pulsar JSON Web Token (JWT) Signature Validation Bypass Vulnerability IPv6 Routing Loop Vulnerability in OpenWrt 19.07.x Prometheus Denial of Service Vulnerability in GitLab 13.7+ GitLab Vulnerability: Temporary Read Access to Private Repository via Incorrect Headers Critical Vulnerability: Regular Expression Denial of Service in NuGet API of GitLab 12.8+ GitLab EE 13.4 or Later: Internal IP Address Leakage Vulnerability MySQL Server Stored Procedure Denial of Service Vulnerability Nonce Reuse Vulnerability in GitLab 11.6+: Decrypting Encrypted Database Content GitLab Pages Authentication Parameter Vulnerability Unauthorized Access to Tag Data on GitLab Releases Page USB HID Dissector Memory Leak Vulnerability in Wireshark 3.4.0 to 3.4.2 USB HID Dissector Denial of Service Vulnerability in Wireshark 3.4.0 to 3.4.2 Server-Side Request Forgery Vulnerability in GitLab Allows Unauthenticated Attackers to Exploit Webhook Requests Improper Access Control in GitLab Allows Demoted Project Members to Access Authored Merge Request Details GitLab CE/EE 12.6.0 and Above: DoS Vulnerability in gitlab-shell GitLab Vulnerability: SSRF Attack via Prometheus Integration SSRF Vulnerability in GitLab's Outbound Requests Feature Vulnerability in Oracle PeopleSoft: Unauthorized Access and Data Manipulation Improper Access Control Vulnerability in GitLab Allows Unauthorized Access to Analytic Pages Recursive Pipeline Denial of Service Vulnerability in GitLab CE/EE Stored XSS Vulnerability in GitLab Merge Request Stored XSS Vulnerability in GitLab's Epics Page Unredacted Sensitive Information Disclosure in GitLab 12.8 and above Stored Cross-Site Scripting (XSS) Vulnerability in GitLab Wikis (Version 13.8+) Group Maintainer Privilege Escalation in GitLab CE/EE Version 9.4 and Up GitLab Vulnerability: Resource Exhaustion Allows Jobs to Continue After Project Deletion Confidential Issue Title Disclosure in GitLab via Branch Logs Certificate Validation Vulnerability in Gitlab CE/EE Editions Leads to Authentication Issues with Fortinet OTP Vulnerability in Oracle PeopleSoft: Unauthorized Access and Data Manipulation GitLab Workhorse Path Traversal Vulnerability: JWT Token Leakage Remote Code Execution Vulnerability in Wireshark 3.4.0 to 3.4.3 and 3.2.0 to 3.2.11 via Improper URL Handling Arbitrary Code Execution Vulnerability in GitLab CE/EE (All Versions from 13.2) Privilege Escalation Vulnerability in GitLab: Unauthorized Validation of Private Project Names Vulnerability: Insecure Storage of Session Keys in GitLab Remote Code Execution in GitLab VSCode Extension v3.15.0 and Earlier Stored Cross-Site Scripting Vulnerability in GitLab CE/EE via Crafted Branch Name Infinite Loop Vulnerability in GitLab CE/EE: Authenticated User Exploitation Authenticated User Privilege Escalation: Incident Metric Image Deletion Vulnerability in GitLab CE/EE (Versions 13.8 and above) Stored XSS Vulnerability in GitLab with Scoped Labels Vulnerability in Oracle PeopleSoft Enterprise SCM eProcurement: Unauthorized Data Access and Manipulation Vulnerability: Unauthorized Access to Internal Repository Data in GitLab CE/EE File Disclosure Vulnerability in GitLab CE/EE Versions 13.9 and above CSRF Vulnerability in GitLab CE/EE System Hooks API Arbitrary File Read Vulnerability in GitLab CE/EE Arbitrary Code Execution Vulnerability in ExifTool's DjVu File Format Parsing Remote Command Execution Vulnerability in GitLab CE/EE GitLab Vulnerability: Exposed Pull Mirror Credentials in Plain-Text Denial of Service Vulnerability in Wireshark MS-WSP Dissector Improper Permission Check in GitLab Allows Unauthorized Timestamp Modification for Issue Creation/Update Authorization Token Validation Vulnerability in GitLab CE/EE (Versions 13.8 and above) Oracle Secure Global Desktop 5.6 Vulnerability: Unauthenticated Takeover GitLab API Branch Query Parameter Ignored Vulnerability GitLab Dependency Proxy User Impersonation Vulnerability Vulnerability: NTPsec 1.2.0 Key Parsing Issue OAuth Access Token Leakage Vulnerability in GitLab CE/EE Versions 7.10 and Above Unauthenticated Server-Side Request Forgery Vulnerability in GitLab CE/EE (Versions 10.5 and above) with Enabled Internal Network Webhooks GitLab EE Information Disclosure: On-Call Rotation Leakage Uncontrolled Resource Consumption Vulnerability in GitLab CE/EE Uncontrolled Resource Consumption Vulnerability in GitLab CE/EE GitLab CE/EE Vulnerability: Spoofing of Author in Signed Commits via x509 Certificates Sensitive Information Exposure in GitLab Log Files Oracle Bill Presentment Architecture Template Search Vulnerability Stored XSS Vulnerability in GitLab Blob Viewer of Notebooks Insufficient Expired Password Validation in GitLab Allows Limited Access After Expiration Denial of Service Vulnerability in Wireshark 3.4.0 to 3.4.5: Infinite Loop in DVB-S2-BB Dissector Feature Flag Name Client-Side Code Injection Vulnerability in GitLab CE/EE 11.9 Cross-Site Request Forgery Vulnerability in GitLab GraphQL API Allows Unauthorized Mutation Calls Stored Cross-Site Scripting (XSS) Vulnerability in GitLab Markdown Parsing Vulnerability: Unauthorized Push to Protected Branches in GitLab CE/EE (Version 13.9) Reflected Cross-Site Scripting (XSS) Vulnerability in GitLab Versions 13.11.6, 13.12.6, and 14.0.2 Improper Access Control in GitLab Allows Unauthorized Access to Project Details via GraphQL Data Leakage Vulnerability in GitLab CE/EE Versions 12.8 and above Oracle Receivables Product Vulnerability: Unauthorized Access and Data Manipulation Code Injection Vulnerability in GitLab CE/EE 9.3 and later through 13.11.6, 13.12.6, and 14.0.2 Profile Page Denial of Service Vulnerability in GitLab CE/EE 8.0 and above HTML Injection Vulnerability in GitLab CE Versions 13.11.6, 13.12.6, and 14.0.2 GitLab EE Information Disclosure Vulnerability: Unauthorized Project Details Access Arbitrary File Read Vulnerability in GitLab CE/EE DNP Dissector Crash Vulnerability in Wireshark 3.4.0 to 3.4.6 and 3.2.0 to 3.2.14 Improper Handling of OAuth Client IDs Leads to Incorrect Token Generation in GitLab CE/EE (Version 14.1) Impersonation Bypass Vulnerability in GitLab CE/EE Versions before 13.12.9, 14.0.7, 14.1.2 Stored XSS Vulnerability in GitLab's Issue Design Feature Metadata Injection Vulnerability in GitLab CE/EE 14.0 and Later Oracle Compensation Workbench Vulnerability: Unauthorized Access and Data Manipulation Improper Access Control Allows Unauthorized User Creation in GitLab EE Versions 13.11.6, 13.12.6, and 14.0.2 Stored Cross-Site Scripting Vulnerability in GitLab CE/EE Versions 14.0 and Above Stored Cross-Site Scripting Vulnerability in Mermaid Markdown in GitLab CE/EE Version 11.4 and Up User Impersonation Vulnerability in GitLab CE/EE Versions 7.10 and above Unauthorized Access to Vulnerability Data in GitLab EE GitLab CE/EE Vulnerability: Unauthorized Access to Project Pages GitLab Webhook Denial of Service Vulnerability Guests in Private Projects Can Access CI/CD Analytics in GitLab CE/EE (CVE-2021-22214) Unauthorized Access to Pipeline Information in GitLab CE/EE Versions 13.12 and above GitLab EE Vulnerability: Verbose Error Message Discloses Private Email Address of Invited User Vulnerability in Oracle E-Business Intelligence: Unauthorized Access and Data Manipulation Unauthorized Access and Deletion of Impersonation Tokens in GitLab CE/EE (All Versions since 13.3) Email Address Domain Bypass Vulnerability in GitLab EE GitLab CE/EE Vulnerability: Developer Access to Protected CI Variables Unauthorized Deployment Triggering in GitLab EE Versions 13.4 and Above User Impersonation Vulnerability in GitLab Shell (CVE-2021-22214) SSRF Exploit in Baserow <1.1.0: Unauthorized Retrieval of Internal Files via URL File Upload Guest users can create issues for Sentry errors in GitLab CE/EE versions since 12.6, leading to unauthorized access and tracking of issue status. User Enumeration Vulnerability in GitLab Privacy Breach: Exploiting GitLab's Project Import/Export Feature to Access Private Email Addresses GitLab EE 12.6 DOS Vulnerability: Lack of Pagination in Dependencies API Vulnerability in Oracle MySQL Server: Unauthorized Access to Critical Data Stored Cross-Site Scripting Vulnerability in DataDog Integration in GitLab CE/EE Stored Cross-Site Scripting Vulnerability in GitLab's Jira Integration Vulnerability: Unauthorized Namespace Manipulation in GitLab with Jira Cloud Integration Privilege Escalation Vulnerability in GitLab Persistent Access to Projects for Deleted Invited Group Members in GitLab Remote Replay Attack Vulnerability in Idelji Web ViewPoint Suite Vulnerability in Oracle Cash Management Allows Unauthorized Access and Data Manipulation ControlTouch Serial Number Exploit: Unauthorized Access and Control Vulnerability Buffer Overflow Vulnerability in B&R Automation Runtime Webserver: Remote Denial of Service Exploit Integrity Check Bypass Vulnerability in free@home System Access Point Denial of Service Vulnerability in ABB 800xA Control Software PCM600 Update Manager Certificate Validation Vulnerability Missing Authentication Vulnerability in RobotWare Enables Unauthorized File Access and Modification Oracle Incentive Compensation User Interface Unauthorized Data Access Vulnerability DLL Loading Vulnerability in B&R Automation Studio Versions >=4.0 and <4.12 Relative Path Traversal Vulnerability in B&R Industrial Automation Automation Studio Code Injection Vulnerability in B&R Industrial Automation Automation Studio Improper Initialization vulnerability in ABB Relion protection relays and Remote Monitoring and Control Arbitrary Code Execution Vulnerability in OPC Server for AC 800M Denial of Service Vulnerability in ABB SPIET800 and PNI800 Module Denial of Service Vulnerability in ABB SPIET800 and PNI800 Module Denial of Service Vulnerability in ABB SPIET800 and PNI800 Module Code Execution Vulnerability in B&R Automation Studio Project Upload Mechanism Vulnerability in Oracle Depot Repair: Unauthorized Data Access and Modification eCNS280 Denial of Service (DoS) Vulnerability Inconsistent Interpretation of HTTP Requests Vulnerability in Huawei Products HarmonyOS 2.0 Component API Permission Bypass Vulnerability HarmonyOS Local Permission Bypass Vulnerability Leading to Device Hang HarmonyOS 2.0 Component DoS Vulnerability: File System Mount Attack Logic Vulnerability in Huawei Gauss100 OLTP Product: Service Abnormality via SQL Statement Exploit Local Privilege Escalation Vulnerability in Huawei Products MySQL Server Denial of Service Vulnerability Information Leak Vulnerability in eCNS280_TD Versions V100R005C00 and V100R005C10 Buffer Overflow Vulnerability in Mate 30 10.0.0.203(C00E201R7P2) Out-of-Bound Read Vulnerability in Taurus-AL00A 10.0.0.1(C00E1R1P1) Pointer Double Free Vulnerability in Taurus-AL00A 10.0.0.1(C00E1R1P1): Lack of Multi-Thread Protection Use After Free Vulnerability in Taurus-AL00A 10.0.0.1(C00E1R1P1) Buffer Overflow Vulnerability in Mate 30 10.1.0.126(C00E125R5P3) Out-of-Bound Read Vulnerability in Mate 30 10.0.0.182(C00E180R6P2) Weak Algorithm Vulnerability in Mate 3010.0.0.203(C00E201R7P2) Allows Local Attackers to Compromise Module Integrity Business Logic Error in Huawei Smartphone Allows Unauthorized Screenshot Capture Insecure Algorithm Vulnerability in Huawei Products: Brute Forcing for Sensitive Message Extraction Oracle Installed Base API Unauthorized Data Access and Modification Vulnerability Title: Information Leakage Vulnerability in Huawei Products Improper Permission Assignment Vulnerability in Huawei ManageOne Product Memory Leak Vulnerability in Huawei Products Data Confidentiality Impairment Vulnerability in Huawei Smartphone ManageOne Local Privilege Escalation Vulnerability Critical Vulnerability in Huawei Smartphone Allows Unauthorized Access and Data Compromise Information Disclosure Vulnerability in Huawei Smartphone: Impairing Data Confidentiality HarmonyOS 2.0 Component Null Pointer Dereference Vulnerability: Local Denial of Service Exploit Smartphone Vulnerability: Improper Verification Leading to Integer Overflows Vulnerability in Oracle MySQL Server: Group Replication Plugin Allows Partial Denial of Service Denial of Service Vulnerability in Huawei Products: Exploiting Message Handling Module Title: Use-After-Free Vulnerability in Multiple Huawei Products Allows Memory Compromise Title: Huawei Smartphone Vulnerability: Missing Authentication for Critical Function Impairs Data Confidentiality Critical Integer Overflow Vulnerability in Huawei Smartphone Allows Root Privilege Escalation Credentials Management Errors Vulnerability in Huawei Smartphone: Impairing Data Confidentiality Video Stream Interception Vulnerability in Huawei Smartphone HarmonyOS Privilege Dropping / Lowering Errors Vulnerability: Exploiting Kernel Space Read/Write Capability Arbitrary Memory Write Vulnerability in Huawei Smart Phone File Parsing Denial of Service Vulnerability in Huawei CloudEngine Products License Management Vulnerability in Huawei Products Title: Oracle Enterprise Asset Management Setup Vulnerability Allows Unauthorized Data Access and Modification Out of Bounds Write Vulnerability in Huawei Smartphone HUAWEI P30 (9.1.0.131) JavaScript Injection Vulnerability in Huawei Smartphones Pointer Double Free Vulnerability in CloudEngine Switches Huawei Smartphone Improper Validation of Array Index Vulnerability Improper Access Control Vulnerability in Huawei Smartphone Allows App Redirections Memory Buffer Improper Operation Limit Vulnerability in Huawei Smartphone Denial of Security Services Vulnerability in Huawei Smartphone Information Disclosure Vulnerability in Huawei Smartphone: User Click Data Leakage eCNS280 XXE Injection Vulnerability Denial of Service Vulnerability in ManageOne: Insufficient Parameter Verification Java VM Component Vulnerability in Oracle Database Server (Versions 12.1.0.2, 12.2.0.1, 18c, and 19c) Title: Multiple Threads Race Condition Vulnerability in Huawei Product Memory Leak Vulnerability in Huawei Products: Resource Management Weakness in Module Title: Information Leak Vulnerability in Huawei Products: Exploitable Input Handling Issue Configuration Defect Vulnerability in Huawei Smartphone: Impact on Service Integrity and Availability Improper Access Control Vulnerability in Huawei Smartphone Leads to Temporary DoS Out-of-Bounds Memory Write Vulnerability in Huawei Smartphone Improper Permission Management Vulnerability in Huawei Smartphone: User Habits Disclosure Risk Improper Access Control Vulnerability in Huawei Smartphone Leads to Temporary DoS Memory Buffer Improper Operation Limit Vulnerability in Huawei Smartphone Insufficient Input Verification Vulnerability in Huawei Smartphone Leads to System Restart Vulnerability in Oracle Transportation Execution of Oracle E-Business Suite: Unauthorized Data Access and Modification Memory Buffer Improper Operation Limit Vulnerability in Huawei Smartphone Huawei Smartphone Credentials Management Errors Vulnerability Configuration Defect Vulnerability in Huawei Smartphone Allows Device Hijacking and Execution of Malicious Commands Huawei Smartphone Kernel Restart Vulnerability Out-of-Bounds Read Information Disclosure Vulnerability in Huawei Smartphone Weak Secure Algorithm Vulnerability in Huawei Products Denial of Service Vulnerability in Huawei Products: Inadequate Input Validation in Message Handling Module Insufficient Input Validation Vulnerability in FusionCompute 8.0.0 Allows Arbitrary File Upload Denial of Service Vulnerability in S5700 and S6700 Switches (V200R005C00SPC500) Vulnerability in Oracle Financials Common Modules of Oracle E-Business Suite: Unauthorized Data Access and Modification Resource Management Error Vulnerability in USG9500 (V500R001C60SPC500, V500R005C00SPC100, V500R005C00SPC200) Improper Authorization Vulnerability in eCNS280 and eSE620X Out of Bounds Write Vulnerability in Huawei Products: Exploiting Insufficient Validation of Messages Resource Management Error Vulnerability in eCNS280_TD V100R005C10SPC650 Denial of Service Vulnerability in HUAWEI Mate 30 and Mate 30 (5G) eSE620X vESS Local Out of Bounds Read Vulnerability Out-of-Bounds Read Vulnerability in eSE620X vESS Authentication Bypass Vulnerability in Huawei Smartphone Key Management Permission Control Vulnerability in Huawei Smartphone: Implications on Device Functionality Time-of-check Time-of-use (TOCTOU) Race Condition Vulnerability in Huawei Smartphone Allows Root User Escalation Oracle General Ledger Account Hierarchy Manager Unauthorized Data Access Vulnerability Credentials Management Errors Vulnerability in Huawei Smartphone: A Threat to Service Confidentiality Critical Security Flaw: Improper Permission Management in Huawei Smartphone Jeopardizes Confidentiality Security Features Vulnerability in Huawei Smartphone: Threat to Service Confidentiality Design Process Defect Vulnerability in Huawei Smartphone: Impact on Service Integrity and Availability Array Index Validation Vulnerability in Huawei Smartphone: Stability Risks Key Management Errors Vulnerability in Huawei Smartphone: Threats to Confidentiality, Availability, and Integrity HarmonyOS Improper Privilege Management Vulnerability Command Injection Vulnerability in Huawei S-Series Switches (V200R019C00SPC500) Race Condition Vulnerability in eCNS280_TD V100R005C00 and V100R005C10 Huawei Smartphone Integer Underflow Vulnerability in Samgr Leading to Denial of Service (DoS) Critical Vulnerability in Oracle MES for Process Manufacturing: Unauthorized Access and Data Manipulation Cleartext Transmission of Sensitive Information Vulnerability in Huawei Smartphone Input Verification Vulnerability in Huawei Smartphone Leads to DoS Attack Improper Permission Assignment Vulnerability in Huawei LTE USB Dongle Products Out-of-Bounds Read Vulnerability in eCNS280_TD and eSE620X Title: Huawei Smartphone Information Disclosure Vulnerability Enables Authentication Bypass Kernel Code Execution Vulnerability in Huawei Smartphone Component Double Free Vulnerability in Huawei Smartphone Allows Root Elevation of Privileges Remote Code Execution Vulnerability in Huawei Smartphone Integer Overflow Vulnerability in Huawei Smartphone Allows Code Execution Permission Control Vulnerability in Huawei Smartphone Allows Execution of Arbitrary Code Oracle Time and Labor Product Vulnerability: Unauthorized Access and Data Manipulation Memory Buffer Improper Operation Limit Vulnerability in Huawei Smartphone Buffer Size Calculation Vulnerability in Huawei Smartphone Leads to System Reset Buffer Size Calculation Vulnerability in Huawei Smartphone Denial of Service Vulnerability in CloudEngine Series: Exploiting Module Design Weakness Buffer Overflow Vulnerability in Smartphones: Exploiting Multi-Screen Collaboration for DoS Attacks Smartphone Code Injection Vulnerability: Threat to Service Confidentiality Privilege Escalation Vulnerability in Huawei Products: Improper Privilege Management Huawei ManageOne 8.0.0 Privilege Escalation Vulnerability Digital Balance Bypass Vulnerability in Multiple Smartphone Models Bluetooth DoS Vulnerability in Huawei Smartphones Vulnerability in Oracle Outside In Technology Allows Unauthorized Access and Partial Denial of Service Insufficient Input Validation Vulnerability in Huawei Smartphones: System Crash via Malicious APP Installation Critical Remote DoS Vulnerability in Huawei Smartphone Threatens Service Integrity Critical DoS Vulnerability Discovered in Huawei Smartphones Huawei Smartphone Vulnerability: Hijacking Unverified Providers for Device Hijacking and Malicious Command Execution Directory Traversal Vulnerability in Huawei Smartphone: Impact on Service Confidentiality Configuration Defects in Huawei Smartphones: A Threat to Service Availability Uncaught Exception Vulnerability in Huawei Smartphone: App Crash Exploit Configuration Defects in Huawei Smartphone: A Threat to Service Confidentiality Denial of Service Vulnerability in ManageOne: Logic Error in Service Function Implementation Oracle iStore Shopping Cart Unauthorized Data Access Vulnerability XSS Injection Vulnerability in iMaster NCE-Fabric V100R019C10 Out-of-Bounds Write Vulnerability in Huawei Products Integer Overflow Vulnerability in Huawei Smartphone Allows for Random Kernel Address Access Integer Overflow Vulnerability in Huawei Smartphone: System Reset Exploitation Memory Buffer Errors Vulnerability in Huawei Smartphone: System Reset Exploitation Huawei Smartphone Buffer Size Calculation Vulnerability HarmonyOS Data Processing Errors Vulnerability: Exploiting Kernel Code Execution HarmonyOS Data Processing Errors Vulnerability: Exploiting Kernel Memory Leakage HarmonyOS Integer Overflow Vulnerability: Memory Overwriting Exploit HarmonyOS Component Vulnerability: Insufficient Data Authenticity Verification Leading to Persistent DoS Vulnerability in Oracle Outside In Technology Allows Unauthorized Data Access and Modification HarmonyOS Component Vulnerability: External Control of System or Configuration Setting HarmonyOS Component Privilege Escalation Vulnerability HarmonyOS Integer Overflow Vulnerability: Memory Overwriting Exploit HarmonyOS Component Out-of-bounds Write Vulnerability HarmonyOS Kernel Memory Leakage Vulnerability: Exploiting the Path to Kernel Denial of Service Double Free Vulnerability in HarmonyOS Component Allows Root Privilege Escalation Out of Bounds Memory Access Vulnerability in Smartphones Critical Heap-based Buffer Overflow Vulnerability in Huawei Smartphone Allows Authentication Bypass Incomplete Cleanup Vulnerability in Huawei Smartphone: Authentication Bypass Exploit Out of Bounds Memory Access Vulnerability in Smartphones Smartphone Logic Bypass Vulnerability Enables Code Injection Permission Isolation Vulnerability in Smartphones: Exploiting Out-of-Bounds Access Permission Isolation Vulnerability in Smartphones: Exploiting Out-of-Bounds Access Out of Bounds Memory Access Vulnerability in Smartphones Out of Bounds Memory Address Vulnerability in Smartphones: Exploitation and Code Execution Risk Configuration Defect Vulnerability in Huawei Smartphone: Impact on Service Integrity and Availability Logic Bypass Vulnerability in Huawei Smartphone: Threat to Service Integrity and Availability Smartphone Vulnerability: Integer Overflow and TOCTOU Exploit Leading to Random Address Access Memory Buffer Improper Operation Limit Vulnerability in Huawei Smartphone Allows Code Execution Deserialization Vulnerability in Huawei AnyOffice V200R006C10 Allows Remote Code Execution Vulnerability in Hyperion Analytic Provider Services and Essbase Analytic Provider Services: Remote Takeover Path Traversal Vulnerability in Huawei Products Integer Overflow Vulnerability in Huawei Products: Potential Kernel Crash Exploit Title: Huawei Smartphone Vulnerability: Improper Validation of Integrity Check Value Leads to System Reset Input Verification Vulnerability in Huawei Smartphone Allows Random Address Access Code Injection Vulnerability in Huawei Smartphone: Input Verification Flaw Input Verification Vulnerability in Huawei Smartphone: System Reset Exploitation Information Disclosure Vulnerability in Huawei Smartphone Leading to System Reset System Reset Vulnerability in Huawei Smartphone Unauthorized File Access Vulnerability in Smartphones Unauthenticated User Friend Addition Vulnerability in Elf-G10HN 1.0.0.608 Oracle Database - Enterprise Edition Unified Audit Privilege Escalation Vulnerability HarmonyOS Component Incomplete Cleanup Vulnerability: Memory Exhaustion Exploit HarmonyOS Integer Overflow Vulnerability: Memory Overwriting Exploit HarmonyOS Local Attackers Vulnerability: Improper Input Validation Allows Unauthorized Address Reading HarmonyOS Component Vulnerability: Improper Input Validation Leading to Process Crash HarmonyOS Component Vulnerability: External Control of System or Configuration Setting Leading to Core Dump HarmonyOS Integer Overflow or Wraparound Vulnerability: Memory Leakage Exploit HarmonyOS Data Processing Errors Vulnerability: Exploiting Kernel System Unavailability HarmonyOS Component Improper Input Validation Vulnerability: Out-of-Bounds Write HarmonyOS Local Arbitrary Code Execution Vulnerability HarmonyOS Component NULL Pointer Dereference Vulnerability Oracle Universal Work Queue: Unauthorized Data Access and Modification Vulnerability HarmonyOS Component Vulnerability: Insufficient Data Authenticity Verification HarmonyOS Component Vulnerability: Resource Allocation Without Limits or Throttling HarmonyOS Component NULL Pointer Dereference Vulnerability: Kernel Crash Exploit HarmonyOS Component Use After Free Vulnerability: Kernel Information Disclosure HarmonyOS Component Out-of-bounds Read Vulnerability Leading to System Soft Restart Heap-based Buffer Overflow Vulnerability in HarmonyOS Component Leads to Kernel System Unavailability HarmonyOS Component Use After Free Vulnerability: Local Kernel Crash Exploit HarmonyOS Local Attackers Vulnerability: Improper Input Validation Allows Unauthorized Address Reading HarmonyOS Kernel Address Leakage Vulnerability HarmonyOS Kernel Out-of-bounds Read Vulnerability Oracle Advanced Collections Vulnerability: Unauthorized Data Access and Modification HarmonyOS Privileges Controls Vulnerability: Expanding Recording Trusted Domain HarmonyOS Component NULL Pointer Dereference Vulnerability: Local Process Crash Exploit Title: Huawei Smartphone Improper Verification Vulnerability: Threat to Service Confidentiality Authentication Vulnerability in Huawei Smartphone: Threat to Service Confidentiality Out-of-bounds Memory Access Vulnerability in Huawei Smartphone Improper Permission Management Vulnerability in Huawei Smartphone: Impact on Service Confidentiality HarmonyOS Module Interface UAF Vulnerability: Risk of Information Leakage Invalid Address Access Vulnerability in HarmonyOS Module Interface Oracle Secure Global Desktop 5.6 Vulnerability: Unauthenticated Network Access Compromises System HarmonyOS Module Integer Overflow Vulnerability Leading to Heap Memory Overflow Verification Errors Vulnerability in Huawei Smartphone: Implications for Service Confidentiality Uninitialized Variable Vulnerability in Huawei Smartphone Allows Transmission of Invalid Data IP Address Spoofing Vulnerability in Huawei Smartphones: Potential DoS Risk SSID Vulnerability in Huawei Devices: Threat to Service Confidentiality Unstandardized Field Names Vulnerability in Huawei Smartphones: A Threat to Service Confidentiality Out-of-bounds Read Vulnerability in Huawei Smartphone: Impact on Service Availability Unauthorized File Access Vulnerability in Huawei Smartphone Allows Tampering of Restored Backup Files Smartphone DoS Vulnerability: Threatening Service Availability Vulnerability in Oracle Landed Cost Management: Unauthorized Data Access and Modification Permission Verification Vulnerability in Huawei Smartphone: Impact on Device Performance Input Verification Vulnerability in Huawei Smartphone: Impact on Service Availability Samsung Mobile Devices Bluetooth UART Driver Buffer Overflow Vulnerability Fingerprint Inversion Vulnerability on Samsung Note20 Devices with Q(10.0) Software Exynos Mali GPU Driver Out-of-Bounds Access and Device Reset Vulnerability Critical Authentication Bypass Vulnerability in Micro Focus Access Manager: Risk of Information Leakage Improper Session Management in Advanced Authentication Versions Prior to 6.3 SP4 XML External Entity Injection Vulnerability in Micro Focus Application Lifecycle Management Persistent XSS Vulnerability in Micro Focus Application Performance Management (Versions 9.40-9.51) Oracle VM VirtualBox Prior to 6.1.20 Vulnerability: High Privileged Takeover Cross Site Request Forgery Vulnerability in Micro Focus Application Performance Management (Versions 9.40-9.51) Critical Remote Code Execution Vulnerability in Micro Focus Operation Bridge Reporter (OBR) 10.40 Arbitrary Code Execution Vulnerability in Micro Focus Operations Bridge Manager Privilege Escalation Vulnerability in Micro Focus Operations Agent Critical Information Leakage Vulnerability in Micro Focus Access Manager (Versions < 5.0) Micro Focus Operations Bridge Manager Authentication Bypass Vulnerability SQL Injection Vulnerability in OpenText Operations Bridge Reporter Vulnerability in Oracle CRM Technical Foundation: Unauthorized Data Access and Modification Critical Reflected XSS Vulnerability in Micro Focus Application Automation Tools Plugin - Jenkins Plugin SSL/TLS Certificate Disabling Vulnerability in Micro Focus Application Automation Tools Plugin - Jenkins Plugin CSRF Vulnerability in Micro Focus Application Automation Tools Plugin - Jenkins Plugin Unrestricted Access Vulnerability in Micro Focus Application Automation Tools Plugin - Jenkins Plugin Arbitrary Code Execution Vulnerability in Micro Focus Application Performance Management Bypassing Multi-Factor Authentication in NetIQ Advanced Authentication Sensitive Information Exposure via Log Files in Micro Focus Secure API Manager (SAPIM) 2.0.0 Unauthorized Privilege Escalation Vulnerability in Micro Focus Data Protector Arbitrary Code Execution Vulnerability in Micro Focus SiteScope Oracle Loans Product Vulnerability: Unauthorized Data Access and Modification Privileged Escalation Vulnerability in Micro Focus ZENworks Configuration Management Critical Reflected Cross-Site Scripting Vulnerability in Micro Focus Verastream Host Integrator 7.8 Update 1 and Earlier Versions XML External Entity (XXE) Vulnerability in Micro Focus Verastream Host Integrator Critical Injection Attack Vulnerability in NetIQ Access Manager Prior to 5.0.1 and 4.5.4 NetIQ Access Manager Information Leakage Vulnerability Open Redirect Vulnerability in NetIQ Access Manager Versions Prior to 5.0.1 and 4.5.4 NetIQ Access Manager Information Leakage Vulnerability NetIQ Access Manager Reflected XSS Vulnerability Oracle Advanced Supply Chain Planning Unauthenticated Access Vulnerability Cross-Site Scripting Vulnerability in NetIQ Access Manager 4.5 and 5.0 Critical Unauthorized Information Disclosure Vulnerability in Micro Focus Directory and Resource Administrator (DRA) Privilege Escalation Vulnerability in Google Exposure Notification Verification Server Arbitrary Code Execution through Crafted JSON Config File in VScode-bazel Vulnerability in Oracle Project Contracts of Oracle E-Business Suite: Unauthorized Data Access and Modification XSS Vulnerability via DOM Clobbering in Dart SDK (Versions prior to 2.12.3) KVM Vulnerability: Local Privilege Escalation through Improper Handling of VM_IO|VM_PFNMAP Vmas Vulnerability in BinDiff 7 allows for arbitrary code execution Heap Buffer Overflow in IoT Devices SDK's calloc() Implementation Memory Pointer Manipulation Vulnerability Address Modification Vulnerability Oracle Service Contracts Vulnerability: Unauthorized Data Access and Modification Enclave Memory Pointer Modification Vulnerability Untrusted Memory Read Vulnerability in Asylo Versions up to 0.6.1 Heap Memory Exhaustion Vulnerability in Gerrit Servers Linux Kernel Heap Out-of-Bounds Write Vulnerability in net/netfilter/x_tables.c Integer Overflow Vulnerability in Kernel Memory Cache Invalidation Operations Code Execution Vulnerability in SLO Generator via Crafted YAML Files Vulnerability in Oracle Storage Cloud Software Appliance Allows Unauthorized Takeover Out of Bounds Access Vulnerability in libjxl when Rendering Splines JPEG XL Out of Bounds Copy Vulnerability Vulnerability: Premature Expiration of Verification Codes in Exposure Notification Server Privilege Escalation via Incorrect UXN and PXN Bit Settings Bidirectional Unicode Text Vulnerability: Exploiting Code Review with Invisible Source Code OAuth2 Access Token Impersonation Vulnerability in Dart Pub Publish Command Out-of-Order Processing Vulnerability in Protobuf-Java Vulnerability in Oracle Storage Cloud Software Appliance Management Console (CVE-2021-12345) Nullptr Dereference Vulnerability in Proto Symbol Parsing File Disclosure Vulnerability in SA360 Reports Staging Process World-readable files created in system temporary directory on unix-like systems Insecure IDToken Verification Allows for Unauthorized Payload Manipulation Oracle Projects User Interface Unauthorized Data Access Vulnerability Oracle Payables Vulnerability: Unauthorized Access and Data Manipulation Vulnerability in Oracle Human Resources product of Oracle E-Business Suite (iRecruitment component) allows unauthorized access and data manipulation Double Free Vulnerability in packet_set_ring() in net/packet/af_packet.c Oracle Lease and Finance Management Product Vulnerability: Unauthorized Data Access and Modification Oracle Purchasing Product Vulnerability: Unauthorized Data Access and Modification Oracle Sourcing Product Vulnerability: Unauthorized Data Access and Modification Integer Overflow Vulnerability in Texas Instruments TI-RTOS HeapMem_allocUnprotected Function Stack-based Buffer Overflow Vulnerabilities in Tellus Lite V-Simulator and V-Server Lite (Versions prior to 4.0.10.0) Fatek FvDesigner Version 1.5.76 and Prior Out-of-Bounds Read Vulnerability Uninitialized Pointer Vulnerability in Tellus Lite V-Simulator and V-Server Lite (versions prior to 4.0.10.0) Vulnerability in Oracle VM VirtualBox Prior to 6.1.20: Unauthorized Access and Data Manipulation Vulnerability: Password Decryption through Communication Capture and Brute Force Attacks in Ovarro TBox Heap-Based Buffer Overflow Vulnerability in Tellus Lite V-Simulator and V-Server Lite (Versions prior to 4.0.10.0) Invalid Modbus Frames Exploit: Crashing Ovarro TBox System Out-of-Bounds Read Vulnerability in Luxion KeyShot Versions Prior to 10.1 Hardcoded User and Key Vulnerability in Ovarro TBox TWinSoft Remote Code Execution Vulnerability in Luxion KeyShot Versions Prior to 10.1 TWinSoft Configuration Upload Vulnerability in Ovarro TBox Multiple Out-of-Bounds Write Vulnerabilities in Luxion KeyShot Versions Prior to 10.1 Critical Vulnerability: Ovarro TBox Modbus File Access Allows Unauthorized Configuration File Manipulation Multiple NULL Pointer Dereference Vulnerabilities in Luxion KeyShot Versions Prior to 10.1 TWinSoft Code Execution Vulnerability Directory Traversal Vulnerability in Luxion KeyShot Versions Prior to 10.1 Unauthenticated Configuration Change and Code Execution in Advantech iView Versions Prior to v5.7.03.6112 Out-of-Bounds Write Vulnerabilities in Tellus Lite V-Simulator and V-Server Lite (versions prior to 4.0.10.0) SQL Injection Vulnerability in Advantech iView Versions Prior to v5.7.03.6112 Out-of-Bounds Read Vulnerabilities in Tellus Lite V-Simulator and V-Server Lite (versions prior to 4.0.10.0) Directory Traversal Vulnerability in Advantech iView Versions Prior to v5.7.03.6112 Arbitrary Command Injection Vulnerability in mySCADA myPRO Versions 8.20.0 and Prior SQL Injection Vulnerability in Advantech iView Versions Prior to v5.7.03.6112 Remote Unauthenticated Buffer Overflow Vulnerability in Rockwell Automation MicroLogix 1400 Version 21.6 and Below Oracle VM VirtualBox Prior to 6.1.20 High Privilege Unauthorized Access Vulnerability Out-of-Bounds Read Vulnerability in CNCSoft-B Versions 1.0.0.3 and Prior Unauthenticated Password Change Vulnerability in ICX35-HWC-A and ICX35-HWC-E (Versions 1.9.62 and prior) Use After Free Vulnerability in Fatek FvDesigner Version 1.5.76 and Prior Out-of-Bounds Read Vulnerability in Cscape (All versions prior to 9.90 SP3.5) CNCSoft-B Versions 1.0.0.3 and Prior Out-of-Bounds Write Vulnerability Privilege Escalation and System Takeover Vulnerability in Rockwell Automation DriveTools SP and Drives AOP Stack-Based Buffer Overflow in Fatek FvDesigner Version 1.5.76 and Prior Hard-coded Credentials Vulnerability in BB-ESWGP506-2SFP-T Versions 1.01.09 and Prior Out-of-Bounds Read Vulnerability in Delta Industrial Automation CNCSoft ScreenEditor Default Permissions on WebAccess/SCADA Portal Allow Unauthorized Password Update and Privilege Escalation Vulnerability in Oracle Labor Distribution User Interface: Unauthorized Data Access and Modification Uninitialized Pointer Vulnerability in Fatek FvDesigner Version 1.5.76 and Prior Remote Code Execution via Integer Overflow in SimpleLink Wi-Fi SDK Remote Code Execution Vulnerability in Delta Electronics' CNCSoft ScreenEditor Stack-based Buffer Overflow in SimpleLink Wi-Fi Firmware Update Process Relative Path Traversal Vulnerability in WebAccess/SCADA Remote Code Execution Vulnerability in SimpleLink Wi-Fi Firmware Update Cross-Site Scripting (XSS) Vulnerability in UserExcelOut.asp in WebAccess/SCADA Integer Overflow in Host MCU APIs for WIFI Network Connection Memory Corruption Vulnerability in Cscape (All versions prior to 9.90 SP4) Remote Code Execution Vulnerability in SimpleLink Wi-Fi SDKs Oracle Quoting Product Vulnerability in Oracle E-Business Suite (Courseware Component) Integer Overflow Vulnerability in NXP MQX Versions 5.1 and Prior: Arbitrary Memory Allocation and Remote Code Execution Authentication Bypass Vulnerability in Rockwell Automation Studio 5000 Logix Designer and RSLogix 5000 Local Privilege Escalation in Cscape (All versions prior to 9.90 SP4) Fatek FvDesigner Version 1.5.76 and Prior Out-of-Bounds Write Vulnerability Integer Wrap-Around Vulnerability in Tizen RT RTOS 3.0.GBB's functions_calloc and mm_zalloc Relative Path File Disclosure Vulnerability in Cassia Networks Access Controller Vulnerability in Oracle Advanced Pricing Price Book Component (CVE-2021-12345) Vulnerability: Unvalidated request_uri Parameter in Apache CXF Remote Code Execution Vulnerability in EcoStruxure Power Build - Rapsody Software Stack-Based Buffer Overflow in EcoStruxure Power Build - Rapsody Software Allows Remote Code Execution via Unrestricted File Upload Denial of Service Vulnerability in Modicon M241/M251 Logic Controllers Firmware Oracle Site Hub Vulnerability: Unauthorized Data Access and Modification Cross-Site Request Forgery Vulnerability in PowerLogic Devices CWE-319: Cleartext Transmission of Sensitive Information in PowerLogic Devices CWE-319: Cleartext Transmission of Sensitive Information in PowerLogic Devices Path Traversal Vulnerability in Harmony/HMI Products Configured by Vijeo Designer, Vijeo Designer Basic, or EcoStruxure Machine Expert Buffer Overflow Vulnerability in Vijeo Designer or EcoStruxure Machine Expert Driver Cross-site Scripting (XSS) Vulnerability in EVlink Charging Stations Vulnerability Title: Hard-coded Credentials in EVlink Charging Stations Vulnerability Title: Signature Verification Bypass in EVlink City, EVlink Parking, and EVlink Smart Wallbox Buffer Overflow Vulnerability in IGSS Definition (Def.exe) V15.0.0.21041 and Earlier Oracle Work in Process Product Vulnerability: Unauthorized Access and Data Manipulation Remote Code Execution Vulnerability in IGSS Definition (Def.exe) V15.0.0.21041 and Prior Arbitrary Read/Write Vulnerability in IGSS Definition (Def.exe) V15.0.0.21041 and Prior Arbitrary Read/Write Vulnerability in IGSS Definition (Def.exe) V15.0.0.21041 and Prior Buffer Overflow Vulnerability in PowerLogic Meters Buffer Overflow Vulnerability in PowerLogic ION7400, PM8000, and ION9000 (Versions prior to V3.0.0) CWE-732: Remote Code Execution via Incorrect Permission Assignment in C-Bus Toolkit (V1.15.9 and prior) Remote Code Execution Vulnerability in C-Bus Toolkit (V1.15.7 and prior) Remote Code Execution Vulnerability in C-Bus Toolkit (V1.15.7 and prior) Remote Code Execution Vulnerability in C-Bus Toolkit (V1.15.7 and prior) Oracle Subledger Accounting Inquiries Vulnerability Remote Code Execution Vulnerability in C-Bus Toolkit (V1.15.7 and prior) CWE-200: Information Exposure in EVlink Charging Stations Stored Cross-site Scripting Vulnerability in EVlink City, EVlink Parking, and EVlink Smart Wallbox CWE-79: Cross-Site Scripting and Cross-Site Request Forgery Vulnerability in EVlink Charging Stations Title: CVE-352 Cross-Site Request Forgery (CSRF) Vulnerability in EVlink Charging Stations Title: CVE-352 Cross-Site Request Forgery (CSRF) Vulnerability in EVlink Charging Stations Unauthenticated Server-Side Request Forgery (SSRF) Vulnerability in EVlink Charging Stations Insufficient Entropy Vulnerability in EVlink Charging Stations Information Exposure Vulnerability in EVlink City, EVlink Parking, and EVlink Smart Wallbox Unauthorized Administrative Privileges Vulnerability in EVlink Charging Stations Oracle Legal Entity Configurator: Unauthorized Data Access and Modification Vulnerability Hard-coded Credentials Vulnerability in EVlink Charging Stations Insecure Password Recovery Mechanism Allows Unauthorized Password Change on Modicon Managed Switch Code Execution Vulnerability in homeLYnk and spaceLYnk V2.60 and earlier Shell Access Vulnerability in homeLYnk (Wiser For KNX) and spaceLYnk V2.60 and prior Remote Code Execution Vulnerability in homeLYnk and spaceLYnk V2.60 and Prior Remote Code Execution Vulnerability in homeLYnk (Wiser For KNX) and spaceLYnk V2.60 and Prior Path Traversal Vulnerability in homeLYnk and spaceLYnk V2.60 and Prior Insufficiently Protected Credentials Vulnerability in homeLYnk and spaceLYnk V2.60 and Prior Broken Cryptographic Algorithm Vulnerability in homeLYnk and spaceLYnk V2.60 and Prior Information Exposure Vulnerability in homeLYnk and spaceLYnk V2.60 and earlier versions during initial configuration Oracle E-Business Tax User Interface Vulnerability Unauthorized File Upload Vulnerability in homeLYnk (Wiser For KNX) and spaceLYnk V2.60 and Prior Insufficient Computational Effort in Password Hashing Vulnerability Vulnerability: Module Reset in Triconex Model 3009 MP with Malformed TriStation Packets Module Reset Vulnerability in Triconex TCM 4351B Improper Check for Unusual or Exceptional Conditions in Triconex Model 3009 MP Improper Check for Unusual or Exceptional Conditions Vulnerability in Triconex Model 3009 MP Improper Check for Unusual or Exceptional Conditions Vulnerability in Triconex Model 3009 MP Improper Check for Unusual or Exceptional Conditions Vulnerability in Triconex Model 3009 MP Remote Code Execution Vulnerability in C-Bus Toolkit and C-Gate Server Information Disclosure Vulnerability in Modicon X80 BMXNOR0200H RTU SV1.70 IR22 and Prior Oracle Applications Manager: Unauthorized Access and Data Manipulation Vulnerability IGSS Definition (Def.exe) V15.0.0.21041 and Prior Out-of-Bounds Write Vulnerability IGSS Definition (Def.exe) V15.0.0.21140 and Prior Out-of-Bounds Write Vulnerability IGSS Definition (Def.exe) V15.0.0.21140 and Prior Out-of-Bounds Write Vulnerability IGSS Definition (Def.exe) V15.0.0.21140 and Prior Out-of-Bounds Read Vulnerability IGSS Definition (Def.exe) V15.0.0.21140 and Prior Out-of-Bounds Write Vulnerability IGSS Definition (Def.exe) V15.0.0.21140 and Prior Out-of-Bounds Write Vulnerability IGSS Definition (Def.exe) V15.0.0.21140 and Prior Out-of-Bounds Read Vulnerability IGSS Definition (Def.exe) V15.0.0.21140 and Prior Out-of-Bounds Read Vulnerability Uninitialized Pointer Vulnerability in IGSS Definition (Def.exe) V15.0.0.21140 and Prior Use After Free Vulnerability in IGSS Definition (Def.exe) V15.0.0.21140 and Prior Oracle iSetup Product Vulnerability: Unauthorized Data Access and Modification IGSS Definition (Def.exe) V15.0.0.21140 and Prior - CWE-763: Release of Invalid Pointer or Reference Vulnerability Buffer Overflow Vulnerability in IGSS Definition (Def.exe) V15.0.0.21140 and Prior Remote Code Execution Vulnerability in IGSS Definition (Def.exe) V15.0.0.21140 and Prior CWE-640: Weak Password Recovery Mechanism for Forgotten Password in PowerLogic PM55xx, PM8ECC, EGX100, and EGX300 Vulnerability: CWE-287 - Improper Authentication in PowerLogic Devices Title: CWE-20: Improper Input Validation in PowerLogic EGX100 and EGX300 Allows for Denial of Service and Remote Code Execution Denial of Service Vulnerability in PowerLogic EGX100 and EGX300 PowerLogic EGX100 and EGX300 Improper Input Validation Vulnerability PowerLogic EGX100 and EGX300 Improper Input Validation Vulnerability Unrestricted Access to Files and Directories in Easergy T300 Firmware V2.7.1 and Older Oracle Coherence Unauthenticated Remote Code Execution Vulnerability Easergy T300 Firmware V2.7.1 and Older: Information Exposure Vulnerability Arbitrary Command Execution Vulnerability in Easergy T300 Firmware V2.7.1 and Older Authentication Bypass Vulnerability in Easergy T200 SCADA Systems Unverified Password Change Vulnerability in EVlink Charging Stations Vulnerability: Weak Password Hashing in EVlink Charging Stations Uncontrolled Search Path Element Vulnerability in GP-Pro EX, V4.09.250 and Prior CWE-502: Code Execution via Malicious Project File Deserialization Vulnerability Credential Exposure in EcoStruxure Control Expert, EcoStruxure Process Expert, and SCADAPack RemoteConnect Modbus Authentication Bypass Vulnerability in Schneider Electric Industrial Control Systems MySQL Server Denial of Service Vulnerability Insufficiently Protected Credentials Vulnerability in EcoStruxure Control Expert, EcoStruxure Process Expert, and SCADAPack RemoteConnect SMTP Credential Leakage Vulnerability in EcoStruxure Control Expert, EcoStruxure Process Expert, and SCADAPack RemoteConnect Information Disclosure Vulnerability in EcoStruxure Control Expert, EcoStruxure Process Expert, and SCADAPack RemoteConnect Session Hijacking Vulnerability in Ritto Wiser Door Panel Communication C-Bus Toolkit v1.15.8 and Prior: Missing Authentication for Critical Function Vulnerability CWE-200: Information Exposure in Modicon M340 and Premium/Quantum CPUs and Communication Modules Modbus TCP Information Exposure Vulnerability Denial of Service Vulnerability in Modicon M340 and Premium/Quantum Processors and Communication Modules CWE-787: Out-of-bounds Write Vulnerability in Modicon M340 and Quantum Processors Buffer Overflow Vulnerability in Modicon PLC Controllers/Simulators Critical Remote Code Execution Vulnerability in Oracle VM VirtualBox (CVE-2021-1234) Denial of Service Vulnerability in Modicon PLC Controllers and Simulators Denial of Service Vulnerability in Modicon PLC Controllers and Simulators Modicon PLC Controller/Simulator Denial of Service Vulnerability via Crafted Project File FTP Protocol Vulnerability in AccuSine PCS+ / PFV+ and AccuSine PCSn Remote Code Execution Vulnerability in StruxureWare Data Center Expert (V7.8.1 and prior) Remote Code Execution Vulnerability in StruxureWare Data Center Expert (V7.8.1 and prior) Remote Code Execution Vulnerability in C-Bus Toolkit and C-Gate Server Path Traversal Vulnerability in EcoStruxure Control Expert, EcoStruxure Process Expert, and SCADAPack RemoteConnect Title: CWE-522: Insufficiently Protected Credentials in Conext ComBox (All Versions) Expose Sensitive Data Unintended Network Connection Vulnerability in Schneider Electric Software Update (V2.3.0 - V2.5.1) Oracle VM VirtualBox Prior to 6.1.20 Unauthenticated Remote Code Execution Vulnerability Denial of Service Vulnerability in Modicon M218 Logic Controller (V5.1.0.6 and prior) Arbitrary Command Execution Vulnerability in ConneXium Network Manager Software Remote Code Execution Vulnerability in Interactive Graphical SCADA System Data Collector (dc.exe) (V15.0.0.21243 and prior) Unrestricted File Upload Vulnerability in Interactive Graphical SCADA System Data Collector (dc.exe) (V15.0.0.21243 and prior) Arbitrary File Disclosure Vulnerability in IGSS Data Collector (dc.exe) (V15.0.0.21243 and prior) Missing Authentication for Critical Function in Interactive Graphical SCADA System Data Collector (dc.exe) (V15.0.0.21243 and prior) Title: Data Exfiltration and Unauthorized Access Vulnerability in spaceLYnk, Wiser for KNX, and fellerLYnk (Versions 2.6.1 and Prior) Arbitrary Code Execution Vulnerability in Eurotherm GUIcon Tool Arbitrary Code Execution Vulnerability in Eurotherm GUIcon Tool Unintended Data Disclosure Vulnerability in Eurotherm GUIcon Tool Oracle VM VirtualBox Prior to 6.1.20 Unauthenticated Remote Code Execution Vulnerability Title: Cross-Site Scripting Vulnerability in Network Management Card (NMC) Allows Arbitrary Script Execution CWE-79: Cross-Site Scripting Vulnerability in APC Power Products Title: Cross-Site Scripting Vulnerability in APC Network Management Cards (NMC) Title: Cross-Site Scripting Vulnerability in Network Management Card (NMC) Software Cross-Site Scripting (XSS) Vulnerability in APC Network Management Cards Title: CWE-200: Information Exposure Vulnerability in APC Power Distribution Products and Network Management Cards Denial of Service Vulnerability in SCADAPack RTUs with Modbus Server Configuration Default Permissions Vulnerability in Harmony/Magelis iPC Series and Vijeo Designer Title: Unauthorized Access Vulnerability in EVlink Charging Stations (CWE-307) CWE-1021: UI Layer or Frame Manipulation Vulnerability in EVlink City, EVlink Parking, and EVlink Smart Wallbox Oracle VM VirtualBox Prior to 6.1.20 Unauthenticated Remote Code Execution Vulnerability Persistent Unauthorized Access Vulnerability in EVlink Charger Station Web Server Unpatched Server-Side Request Forgery (SSRF) Vulnerability in EVlink Charging Stations Cross-Site Scripting Vulnerability in EVlink Charging Stations Missing Authentication for Critical Function in Interactive Graphical SCADA System Data Collector (dc.exe) (V15.0.0.21320 and prior) Buffer Overflow Vulnerability in Interactive Graphical SCADA System Data Collector (dc.exe) (V15.0.0.21320 and prior) Privileged Account Clickjacking Vulnerability Arbitrary Code Execution Vulnerability in EcoStruxure Power Monitoring Expert 9.0 and Prior Versions Arbitrary Code Execution Vulnerability in EcoStruxure Power Monitoring Expert 9.0 and Prior Versions Oracle VM VirtualBox Prior to 6.1.20 Unauthenticated Remote Code Execution Vulnerability Oracle VM VirtualBox Prior to 6.1.20 Core Vulnerability: Unauthorized Data Access and Modification SQL Injection Vulnerability in Hyweb HyCMS-J1's API SQL Injection Vulnerability in HGiga MailSherlock Stored XSS Vulnerability in Hyweb HyCMS-J1 Backend Editing Function Oracle VM VirtualBox Prior to 6.1.20 Unauthenticated Remote Code Execution Vulnerability Ineffective Access Control in HGiga EIP Product: Database Access and Privileged Function Vulnerability SQL Injection Vulnerability in HGiga EIP Document Management Page SQL Injection Vulnerability in HGiga EIP Product: Exposing Database Schema and Data through Online Registration Access Control Failure in Soar Cloud System's HR Portal: Exploiting User ID Retrieval Vulnerability SQL Injection Vulnerability in Soar Cloud System's HR Portal Deserialization Vulnerability in HR Portal of Soar Cloud System SQL Injection Vulnerabilities in CGE Property Management System Directory Traversal Vulnerability in CGE Page Allows Arbitrary File Downloads Privilege Escalation Vulnerability in CGE Account Management Function SQL Injection Vulnerability in EIC e-document System's Data Querying Function Oracle VM VirtualBox Prior to 6.1.20 Unauthenticated Remote Code Execution Vulnerability Incomplete Identity Verification in EIC e-Document System Allows Unauthorized Access and Privilege Escalation GitHub Enterprise Server Improper Access Control Vulnerability GitHub Enterprise Server Improper Access Control Vulnerability in Actions Secrets Disclosure Improper Access Control Vulnerability in GitHub Enterprise Server GraphQL API GitHub Enterprise Server Remote Code Execution via GitHub Pages Configuration Override GitHub Enterprise Server Access Control Vulnerability GitHub Enterprise Server UI Misrepresentation Vulnerability GitHub Enterprise Server Path Traversal Vulnerability in GitHub Pages Configuration GitHub Enterprise Server Path Traversal Vulnerability in GitHub Pages Configuration Improper Access Control Vulnerability in GitHub Enterprise Server Oracle VM VirtualBox Prior to 6.1.20 Unauthenticated Remote Code Execution Vulnerability GitHub Pages Path Traversal Vulnerability in GitHub Enterprise Server Persistent Cross-Site Scripting (XSS) Vulnerability in Revive Adserver before 5.1.0 Reflected Cross-Site Scripting (XSS) Vulnerability in Revive Adserver before 5.1.0 via afr.php Delivery Script Open Redirect Vulnerability in Revive Adserver before 5.1.0 Reflected XSS Vulnerability in Revive Adserver before 5.1.1 via `period_preset` Parameter Reflected XSS vulnerability in Revive Adserver before 5.1.1 via `setPerPage` parameter in stats.php Credential Leakage via HTTP Referer Header in curl 7.1.1 to 7.75.0 Inadvertent Credential Leakage in Nextcloud External Storage Configuration Reflected Cross-Site Scripting (XSS) Vulnerability in Nextcloud Server prior to 20.0.6 Remote Command Execution in Nextcloud Desktop Client (CVE-2021-22879) Oracle Bills of Material Product Vulnerability: Unauthorized Data Access and Modification Regular Expression Denial of Service (REDoS) Vulnerability in PostgreSQL Adapter of Active Record Open Redirect Vulnerability in Action Pack's Host Authorization Middleware UniFi Protect v1.17.1 and Earlier: Denial-of-Service Vulnerability via Spoofed Cameras Denial of Service Vulnerability in Node.js with 'unknownProtocol' Connection Attempts Vulnerability: DNS Rebinding Attack Bypass in Node.js Unintended Method Execution and Information Disclosure Vulnerability in Action Pack >= 2.0.0 Persistent Cross-Site Scripting (XSS) Vulnerability in Rocket.Chat Desktop App BIOS Firmware Compromise Vulnerability in Pulse Secure PSA-Series Hardware Reflected XSS Vulnerability in Revive Adserver v5.2.0 and Earlier Reflected XSS Vulnerability in Revive Adserver v5.2.0 and Earlier Oracle Product Hub Template GTIN Search Vulnerability Vulnerability: MITM Attack via Bad Handling of TLS 1.3 Session Tickets in curl 7.63.0 to 7.75.0 Missing Authorization Vulnerability in Citrix ShareFile Storage Zones Controller Information Disclosure Vulnerability in Rocket.Chat Server Title: Critical Authentication Bypass Vulnerability in Pulse Connect Secure Allows Remote Code Execution Buffer Overflow Vulnerability in Pulse Connect Secure Allows Remote Code Execution Improper Certificate Validation in Nextcloud Desktop Client Improper Access Control in Nextcloud Mail 1.9.5: Unauthorized Creation of Mail Aliases Vulnerability: Exposure of Data Element to Wrong Session in libcurl Information Disclosure Vulnerability in cURL 7.7 through 7.76.1 via `-t` Command Line Option Command Injection Vulnerability in Pulse Connect Secure Allows Remote Code Execution via Windows Resource Profiles Feature Oracle E-Business Suite Change Management Vulnerability Unrestricted Upload Vulnerability in Pulse Connect Secure Use-After-Free Vulnerability in curl 7.75.0 through 7.76.1: Remote Code Execution Possible Denial of Service Vulnerability in Action Dispatch Mime Type Parser Possible Open Redirect Vulnerability in ActionPack Ruby Gem Possible Denial of Service Vulnerability in Action Controller Token Authentication Information Disclosure in Nextcloud Android App: Default Server Lookup Vulnerability Nextcloud End-to-End Encryption Denial of Service Vulnerability Improper Access Control Vulnerability in Citrix Workspace App for Windows Buffer Overflow Vulnerability in Windows File Resource Profiles in 9.X Firmware Update Man-in-the-Middle Vulnerability in EdgeMAX EdgeRouter Vulnerability in Oracle VM VirtualBox Prior to 6.1.20: Unauthorized Access to Critical Data NoSQL Injection Vulnerability in Rocket.Chat Server Versions <3.13.2, <3.12.4, <3.11.4 Unauthenticated NoSQL Injection Vulnerability in Rocket.Chat Server 3.11-3.13 Information Disclosure Vulnerability in Nextcloud iOS App Information Disclosure Vulnerability in Nextcloud Deck Insecure Storage of Sensitive Information in Citrix Cloud Connector Installation Logs Nextcloud Server Brute Force Vulnerability Information Disclosure Vulnerability in Brave Desktop's Adblocking Feature Information Disclosure Vulnerability in Brave Browser Desktop (Versions 1.17-1.20) with Adblocking and Tor Windows Out-of-Bounds Read Vulnerability in Node.js via uv__idna_toascii() Disk Space Consumption Vulnerability in Citrix ADC, Citrix Gateway, and Citrix SD-WAN WANOP Edition Oracle Document Management and Collaboration Vulnerability: Unauthorized Data Access and Modification SAML Authentication Hijack Vulnerability in Citrix ADC, Citrix Gateway, and Citrix SD-WAN WANOP Edition Local Privilege Escalation Vulnerability in Node.js on Windows Platforms Failure to Remove Potentially Malicious Content: Curl Metalink Hash Mismatch Vulnerability Insecure Credential Handling in curl's Metalink Feature Vulnerability: Case Insensitive Comparison in libcurl Connection Pool Uninitialized Data Disclosure Vulnerability in curl's CURLOPT_TELNETOPTIONS Vulnerability: File-Based Client Certificate Hijacking in libcurl Session Fixation Vulnerability in Citrix ADC and Citrix Gateway 13.0-82.45 Privilege Escalation Vulnerability in Citrix Virtual Apps and Desktops Information Disclosure in Brave Browser: Logged Timestamps of Connections to V2 Onion Domains MySQL Server Stored Procedure Denial of Service Vulnerability Use After Free Vulnerability in Node.js Allows Memory Corruption and Process Behavior Modification Vulnerability: Remote Code Execution, XSS, and DNS Hijacking in Node.js DNS Library Vulnerability: ShareFile File Encryption Disabling Issue Arbitrary File Deletion Vulnerability in Pulse Connect Secure Buffer Overflow Vulnerability in Pulse Connect Secure Command Injection Vulnerability in Pulse Connect Secure Cross-Site Scripting Vulnerability in Pulse Connect Secure before 9.1R12 File Write Vulnerability in Pulse Connect Secure Command Injection Vulnerability in Pulse Connect Secure Node.js HTTPS API Accepts Connections to Servers with Expired Certificates due to Incorrect Usage Oracle WebLogic Server Unauthenticated Remote Code Execution Vulnerability Use After Free Vulnerability in Node.js Allows Memory Corruption and Process Behavior Modification Remote Compromise of Citrix ShareFile Storage Zones Controller Open Redirect Vulnerability in Host Authorization Middleware in Action Pack >= 6.0.0 Remote Camera Control Vulnerability in UniFi Protect Application V1.18.1 and Earlier Privilege Escalation Vulnerability in UniFi Protect Application Double Free Vulnerability in libcurl <= 7.73.0 and 7.78.0 when Sending Data to MQTT Server Bypassing TLS Requirement in curl Versions 7.20.0 to 7.78.0 Curl STARTTLS Response Caching Vulnerability Insecure Session ID Generation in revive-adserver < 5.3.0 CSRF Vulnerability in Concrete CMS 8.5.5 and Below Allows File Duplication and Disk Space Exhaustion Vulnerability in Oracle Concurrent Processing of Oracle E-Business Suite: Unauthorized Data Access and Modification CSRF Vulnerability in Concrete CMS Prior to 8.5.6 Allows Deletion of Attachments in Conversation Comments Vulnerability: Unauthorized Access to Password Protected Files in Concrete CMS (previously concrete 5) prior to version 8.5.7 Remote Control Exploit in UniFi Talk Application V1.12.3 and Earlier CSRF Vulnerability in Concrete CMS 8.5.5 and Below Allows Topic Cloning and Resource Exhaustion Cross-Site Request Forgery Vulnerability in Concrete CMS <v9 Allows Unauthorized Requests Unauthenticated Denial of Service Vulnerability in Citrix ADC Uncontrolled Resource Consumption Vulnerability in Citrix ADC UniFi Protect Application Cross-Origin Resource Sharing (CORS) Account Takeover Vulnerability Server-Side Request Forgery Vulnerability in concrete5 < 8.5.5 Allows Bypassing Localhost Limitations HTTP Request Smuggling Vulnerability in llhttp < v2.1.4 and < v6.0.6 Oracle VM VirtualBox Prior to 6.1.20 Core Vulnerability HTTP Request Smuggling (HRS) Vulnerability in llhttp < 2.1.4 and < 6.0.6 GlassWire v2.1.167 Firewall Software Code Injection Vulnerability Vulnerability: Sensitive Data Leakage and Resource-Based DoS Attack via Crafted Requests Fastify-Static Module Redirect Vulnerability Double Slash Redirect Vulnerability in fastify-static Module (Versions >= 4.2.4 and < 4.4.1) Denial of Service Vulnerability in Pulse Connect Secure Privilege Escalation via Group Permissions in Concrete CMS versions 8.5.6 and below IDOR Vulnerability Allows Unauthenticated Access to Restricted Files in Concrete CMS Remote Code Execution in Concrete CMS (concrete5) File Manager via Bypass of Remote File Addition SSRF Mitigation Bypass in Concrete CMS Versions Below 8.5.7 Oracle VM VirtualBox Prior to 6.1.20 Core Vulnerability Local IP Import Vulnerability in Concrete CMS (formerly concrete5) Versions 8.5.6 and Below and Version 9.0.0 Out-of-Bounds Memory Access Vulnerability in BIG-IP JSON Parser Race condition vulnerability in BIG-IP and BIG-IQ allows for privilege escalation TMM Restart Vulnerability in BIG-IP Systems Excessive CPU Usage Vulnerability in BIG-IP Advanced WAF and ASM Coordinated Malicious HTTP Client and Server Code Vulnerability on BIG-IP Reflected XSS Vulnerability in BIG-IP Versions 16.0.x, 15.1.x, 14.1.x, 13.1.x, 12.1.x, and 11.6.x Reflected Cross-Site Scripting (XSS) Vulnerability in BIG-IP Configuration Utility with Fraud Protection Service Provisioning Critical Denial of Service Vulnerability in Oracle MySQL Server (Versions 8.0.23 and Prior) Untrusted Search Path Vulnerability in BIG-IP APM Client Troubleshooting Utility (CTU) for Windows Vulnerability: Man-in-the-Middle Attacks in TLS Renegotiation without Extended Master Secret (EMS) Extension Buffer Overflow Vulnerability in BIG-IP DNS and GTM Versions 11.6.x, 12.1.x, and 13.1.x Cross-Site Scripting Vulnerability in BIG-IP AFM Configuration Utility Open Redirection vulnerability in BIG-IP Advanced WAF and ASM versions 11.6.x to 15.1.x Excessive Memory Consumption Vulnerability in BIG-IP APM 16.0.x Unauthenticated Remote Command Execution Vulnerability in BIG-IP and BIG-IQ Authenticated Remote Command Execution Vulnerability in BIG-IP Traffic Management User Interface (TMUI) Authenticated Remote Command Execution Vulnerability in BIG-IP TMUI Configuration Utility Authenticated Remote Command Execution Vulnerability in BIG-IP TMUI Configuration Utility MySQL Server Denial of Service Vulnerability Authenticated Remote Command Execution Vulnerability in BIG-IP Traffic Management User Interface (TMUI) Buffer Overflow Vulnerability in BIG-IP Traffic Management Microkernel (TMM) URI Normalization Buffer Overflow and Remote Code Execution Vulnerability in BIG-IP Advanced WAF/BIG-IP ASM DOM-based XSS Vulnerability on DoS Profile Properties Page Reflected XSS Vulnerability in iControl REST on BIG-IP Systems Unauthenticated Failover Vulnerability in BIG-IQ High Availability Denial-of-Service Vulnerability in BIG-IQ Data Collection Device Cluster Unauthenticated and Unencrypted Clustering Transport in BIG-IQ HA ElasticSearch Service SYN Flood Protection Bypass in BIG-IP SNAT Listeners HTTP/2 Stream Retention Vulnerability MySQL Server Denial of Service Vulnerability TMM Restart Vulnerability in BIG-IP Versions 13.1.3.4-13.1.3.6 and 12.1.5.2 Undisclosed iControl REST Endpoint File Upload Vulnerability Session ID Exposure in BIG-IP APM and Edge Client on Windows Systems Undisclosed MPTCP Traffic Core File Generation Vulnerability Multipath TCP (MPTCP) Forwarding Flows Vulnerability Lack of TLS Encryption in BIG-IQ High Availability (HA) with Quorum Device Reflected Cross-Site Scripting Vulnerability in BIG-IQ Versions 7.x and 6.x Vulnerability: Fragmented IP Traffic Dropping in BIG-IP TMM Process BIG-IP APM AD Authentication Bypass via Spoofed AS-REP Response Denial of Service Vulnerability in BIG-IP Versions 16.0.x and 15.1.x Unauthorized Read Access Vulnerability in Oracle MySQL Server WebSocket JSON Payload Processing Vulnerability Excessive Resource Consumption in BIG-IP Traffic Management Microkernel (TMM) Arbitrary Command Execution Vulnerability in BIG-IP TMM Denial of Service Vulnerability in BIG-IP Missing Authorization Checks for File Uploads in BIG-IP Advanced WAF and ASM Bypassing Appliance Mode Restrictions in BIG-IP Bypassing Internal Restrictions to Retrieve Static Content in BIG-IP APM Nginx Resolver Vulnerability: UDP Packet Forgery Leading to Memory Overwrite Insecure Intra-Cluster Communication in NGINX Controller 3.x before 3.4.0 Exposure of Administrator Password in NGINX Controller Support Package Oracle Platform Security for Java Unauthenticated Takeover Vulnerability Insecure Key Generation in NAAS 3.x before 3.10.0 World Readable Agent Configuration File in Nginx Controller 3.x Weak File and Folder Permissions in BIG-IP Edge Client Windows Installer Service DLL Hijacking Vulnerability in BIG-IP Edge Client Windows Installer Authenticated Remote Command Execution Vulnerability in BIG-IQ Configuration Utility Authenticated Remote Command Execution Vulnerability in BIG-IP Configuration Utility Cross-Site Request Forgery (CSRF) Vulnerability in BIG-IP and BIG-IQ DOM-based Cross-Site Scripting (XSS) Vulnerability in BIG-IP Configuration Utility Undisclosed Request Termination Vulnerability in F5 Advanced WAF/BIG-IP ASM Insufficient Permission Checks in F5 Advanced WAF and BIG-IP ASM Configuration Utility Allow SSRF Attacks Critical Vulnerability in Oracle Support Tools: Unauthorized Access to OSS Support Tools Data WebSocket Profile Denial of Service Vulnerability Privilege Escalation Vulnerability in BIG-IP Advanced WAF and ASM Configuration Utility Undisclosed DNS Responses Vulnerability in BIG-IP DNS Systems WebSocket Profile Denial of Service Vulnerability Undisclosed Requests Vulnerability in BIG-IP DNS Cache Resolver HTTP Profile Chunked Response Termination Vulnerability Undisclosed Requests Vulnerability in BIG-IP ASM and DataSafe Profiles Reflected Cross-Site Scripting (XSS) Vulnerability in BIG-IP Configuration Utility Stored Cross-Site Scripting (XSS) Vulnerability in BIG-IP Configuration Utility IPSec Remote Peer Unauthorized Termination Vulnerability Vulnerability in Oracle MySQL Server: Unauthorized Data Access and Server Crash SQL Injection Vulnerability in BIG-IP AFM Configuration Utility DOM-based Cross-Site Scripting (XSS) Vulnerability in BIG-IP Configuration Utility Undisclosed Requests Vulnerability in BIG-IP Software Directory Traversal Vulnerability in BIG-IP Configuration Utility Denial of Service vulnerability in BIG-IP with Intel QuickAssist Technology (QAT) compression driver SCTP Profile Multiple Paths Vulnerability Insecure Logging of Secure Properties in Guided Configuration Memory Increase Vulnerability in BIG-IP APM's OCSP Verification GTP Message Vulnerability in BIG-IP Software Denial-of-Service Vulnerability in BIG-IP Traffic Management Microkernel MySQL Server Denial of Service Vulnerability CSRF-Enabled Policy HTML Response Termination Vulnerability Vulnerability: TMM Termination in BIG-IP with DPDK/ENA Driver on AWS Open Redirect Vulnerability in BIG-IP APM Access Policy MySQL Database Disk Space Exhaustion Vulnerability Reflected Cross-Site Scripting (XSS) Vulnerability in BIG-IP APM System Command line restriction bypass in NGINX Ingress Controller Oracle VM VirtualBox Prior to 6.1.20 High Privilege Unauthorized Access Vulnerability Vulnerability in Oracle MySQL Server: Unauthorized Access and Data Compromise Unauthorized Read Access Vulnerability in Oracle MySQL Server Oracle VM VirtualBox Prior to 6.1.20 Vulnerability: High Privileged Takeover Oracle VM VirtualBox Prior to 6.1.20 Vulnerability: High Privileged Takeover Critical Data Access Vulnerability in Oracle Hospitality Inventory Management Oracle VM VirtualBox Prior to 6.1.20 Denial of Service Vulnerability Unauthenticated Access to Unpublished and Inaccessible Modules in Joomla! XSS Vulnerability in Joomla! mod_breadcrumbs Aria-label Attribute XSS Vulnerability in Joomla! com_tags Views Insecure rand() Function Used in 2FA Secret Generation in Joomla! Insufficient Length for 2FA Secret in Joomla! 3.2.0 through 3.9.24 Insecure Implementation of randval in Joomla! Core Cross-Site Scripting (XSS) Vulnerability in Joomla! 2.5.0 through 3.9.24 XSS Vulnerability in Joomla! 2.5.0 through 3.9.24 due to Missing Filtering of Feed Fields Template Manager Input Validation Vulnerability Path Traversal Vulnerability in Joomla! com_media Component Race Condition Vulnerability in Linux Kernel SCTP Sockets Leading to Privilege Escalation Privilege Escalation via Use After Free Vulnerability in Linux Kernel NFC Sockets Data Leakage through Error Messages and Logs in Argo CD Web UI Unprivileged Command Centre Operator Can Perform Macro Overrides in Gallagher Command Centre Server Stack-Based Buffer Overflow in WECON LeviStudioU Versions 2019-09-21 and Prior: Remote Code Execution Vulnerability Null Pointer Vulnerability in Trend Micro Apex One and Worry-Free Business Security 10.0 SP1 Oracle Application Object Library Vulnerability: Unauthorized Access and Data Manipulation Unauthorized Modification of Command Line Macros in Gallagher Command Centre Server Bypassing PIV Verification in Gallagher Controller: An Incomplete Comparison Vulnerability UART Console Vulnerability in Netgear Nighthawk R6700 Version 1.0.4.120 Oracle HTTP Server Unauthenticated Access Vulnerability AMP for WP – Accelerated Mobile Pages Plugin <= 1.0.77.31 Authenticated Stored XSS Vulnerability Privilege Escalation Vulnerability in Intel(R) Advisor Software Arbitrary Shell Command Execution in Lens Prior to 5.3.4 Certificate Chain Validation Vulnerability in Gallagher Command Centre Mobile Client for Android Heap-Based Buffer Overflow in WECON LeviStudioU Versions 2019-09-21 and Prior: Remote Code Execution Vulnerability Double-Free Vulnerability in htmldoc v1.9.12: Arbitrary Code Execution and Denial of Service Heap-Buffer-Overflow Vulnerability in SoX's lsx_read_w_buf() Function Oracle HRMS (France) Unauthorized Data Access and Modification Vulnerability Vulnerability: Man-in-the-Middle Attack in Mobile Connect for Android CSRF Vulnerability in JFrog Artifactory Versions Prior to 7.33.6 and 6.23.38 Heap Buffer Overflow in htmldoc's pspdf_prepare_outpages() Function File Manipulation Vulnerability in Odoo Community and Enterprise 15.0 and Earlier SMTP Client Certificate Validation Vulnerability in Gallagher Command Centre Unauthenticated Out of Bounds Read Vulnerability in Intel(R) PROSet/Wireless WiFi and Killer(TM) WiFi Products Heap-Buffer Overflow in OpenEXR's copyIntoFrameBuffer Function (Versions < 3.0.1) Vulnerability in Oracle Cloud Infrastructure Storage Gateway Management Console (CVE-2021-12345) Heap-buffer-overflow vulnerability in SoX's startread() function in hcom.c file Improper Access Control Vulnerability Exposes Sensitive Data to Authenticated Users Download Monitor WordPress Plugin <= 4.4.6 Authenticated Persistent XSS Vulnerability Privilege Escalation and Access Control Vulnerability in NVIDIA GeForce Experience GameStream Improper Access Control in Reporting Engine of l10n_fr_fec Module in Odoo Community and Enterprise Versions 15.0 and Earlier Improper Link Resolution Vulnerability in Archive Extraction Payment Method Validation Bypass in Odoo Community and Enterprise 15.0 and Earlier Vulnerability: Out of Bounds Read in Intel(R) and Killer(TM) Bluetooth(R) Firmware Vulnerability in Oracle Cloud Infrastructure Storage Gateway Management Console (CVE-2021-12345) Null Pointer Dereference Vulnerability in htmldoc v1.9.12 and Earlier Cleartext Storage of Sensitive Information in Memory in Gallagher Command Centre Server Database Content Access and Modification Vulnerability in Odoo Community and Enterprise 15.0 and Earlier Local Access Information Disclosure Vulnerability in Intel(R) PROSet/Wireless WiFi and Killer(TM) WiFi Products Vulnerability in Oracle Cloud Infrastructure Storage Gateway Management Console (CVE-2021-12345) NULL Pointer Dereference in image_load_jpeg() Function in htmldoc v1.9.12 and Earlier Samba DCE/RPC Fragmentation Vulnerability Privilege Escalation Vulnerability in Gallagher Command Centre Server Directory Listing Vulnerability in Fresenius Kabi Vigilant Software Suite (Mastermed Dashboard) version 2.0.1.3 Insufficient Client-Side Authentication and Session Management in Agilia Link+ Version 3.0 Unquoted Service Path Vulnerability in Gallagher Controller Service Arbitrary Command Injection Vulnerability in mySCADA myPRO Versions 8.20.0 and Prior Vulnerability in Oracle Cloud Infrastructure Storage Gateway Management Console (CVE-2021-12345) Vulnerability in NVIDIA GPU and Tegra Hardware Microcontroller Allows Unauthorized Microcode Generation and Potential Device Compromise Arbitrary PDF Report Download Vulnerability in Odoo Community and Enterprise 14.0-15.0 Sensitive Information Exposure in Gallagher Command Centre Server Privilege Escalation Vulnerability in Gallagher Command Centre Server Stack Buffer Overflow in htmldoc v1.9.12 and Prior: Arbitrary Code Execution and Denial of Service Vulnerability Vulnerability: Unauthorized Access and Impersonation in Fresenius Kabi Vigilant MasterMed v2.0.1.3 Persistent Cross-Site Scripting (XSS) Vulnerabilities in AMP for WP WordPress Plugin (<= 1.0.77.32) Oracle VM VirtualBox Prior to 6.1.20 High Privilege Unauthorized Access Vulnerability SoX voc.c read_samples() Floating Point Divide-by-Zero Vulnerability Cleartext Storage of Cloud Encryption Key in Memory Vulnerability in Gallagher Command Centre Server SSL Certificate Verification Bypass Vulnerability Integer Overflow and Heap-Buffer Overflow Vulnerability in OpenEXR's DwaCompressor Time-Window Corrupting Vulnerability in NVIDIA GPU and Tegra Hardware FIPS Mode Enabled Memory Leak in Mirantis Container Runtime 20.10.8 Vulnerability in NVIDIA GPU and Tegra Hardware Microcontroller Allows Unauthorized Information Disclosure OpenGrok Web App Vulnerability: Remote Takeover (CVE-XXXX-XXXX) SSL Certificate Verification Bypass Vulnerability Privilege Escalation Vulnerability in Intel(R) PROSet/Wireless WiFi and Killer(TM) WiFi Products Arbitrary Web Script Injection Vulnerability in Cacti 1.1.38 User Creation CSRF Vulnerability in Alexander Fuchs PHP Everywhere Plugin <= 2.0.2 Reflected Cross-Site Scripting Vulnerability in DIAEnergie Version 1.7.5 and Prior Oracle FLEXCUBE Universal Banking: Unauthenticated Remote Access Vulnerability SQL Injection Vulnerability in Gallagher Command Centre OPCUA Interface Unauthenticated Access to Sensitive Endpoints in Fresenius Kabi Agilia Link+ v3.0 and Prior Device Disruption Vulnerability in Fresenius Kabi Agilia Link+ Version 3.0 Race Condition Vulnerability in Sudo's sudoedit Personality Vulnerability in Oracle FLEXCUBE Universal Banking Allows Unauthorized Data Access and Manipulation Privilege Escalation via SELinux RBAC Bypass in Sudoedit Directory Traversal and Authentication Bypass Vulnerability in MERCUSYS Mercury X18G 1.0.5 Devices Directory Traversal Vulnerability in MERCUSYS Mercury X18G 1.0.5 Devices Vulnerability in Oppo Battery App Allows Unauthorized Third-Party Provider Loading Vulnerability: ColorOS Whitelist XML Allows Unauthorized App Permissions Foreground Package Name Disclosure Vulnerability in ACE2 ColorOS11 Quick Game Engine Command Injection Vulnerability Enables Remote Code Execution URL Spoofing Vulnerability in Opera Mini for Android below 53.1 Remote Code Execution (RCE) Vulnerability in Spring Beans with SPEL Expression Remote Code Execution (RCE) Vulnerability in Groovy Script Rendering Database Vault Access Control Bypass Vulnerability in Oracle Database Server XSS Vulnerability: File Name Injection Allows Script Execution for Authenticated Users System Configuration File Override Vulnerability YAML Configuration File Modification Vulnerability Leading to Remote Code Execution (RCE) Unauthenticated Remote Attackers Can Read Textual Content via FreeMarker Unauthenticated Remote Attackers Can Manipulate Search Indexes in Unprotected Crafter-Search Installations Unauthorized Content Locking by Reviewer Role Log Injection Vulnerability Command Execution Vulnerability in Crafter Studio of Crafter CMS IPv6 Routing Loop Vulnerability in Gargoyle OS 1.12.0 Stored Cross Site Scripting (XSS) Vulnerability in TIBCO EBX Web Server Cross Site Scripting (XSS) Vulnerability in TIBCO BPM Enterprise and TIBCO BPM Enterprise Distribution for TIBCO Silver Fabric Stored Cross Site Scripting (XSS) Vulnerability in TIBCO Spotfire Software Clickjacking Vulnerability in TIBCO API Exchange Gateway and TIBCO API Exchange Gateway Distribution Privilege Escalation Vulnerability in TIBCO Software Inc.'s Windows Installation Component Authenticated SQL Injection Vulnerability in Eaton Intelligent Power Manager (IPM) Prior to 1.69 Unauthenticated Eval Injection Vulnerability in Eaton Intelligent Power Manager (IPM) Authenticated Arbitrary File Delete Vulnerability in Eaton Intelligent Power Manager (IPM) Unauthenticated Arbitrary File Delete Vulnerability in Eaton Intelligent Power Manager (IPM) Oracle Text Component Vulnerability Authenticated Arbitrary File Upload Vulnerability in Eaton Intelligent Power Manager (IPM) Unauthenticated Remote Code Execution in Eaton Intelligent Power Manager (IPM) Stored Cross Site Scripting Vulnerability in Eaton Intelligent Power Protector (IPP) Software Stored Cross-site Scripting Vulnerability in Eaton Intelligent Power Manager Infrastructure (IPM Infrastructure) Versions 1.5.0plus205 and Earlier Reflected Cross-site Scripting Vulnerability in Eaton Intelligent Power Manager Infrastructure (IPM Infrastructure) CSV Formula Injection Vulnerability in Eaton Intelligent Power Manager Infrastructure (IPM Infrastructure) Insufficient Input Validation in Intelligent Power Manager (IPM 1) versions prior to 1.70 Insufficient Input Validation in Intelligent Power Protector Software (Versions Prior to 1.69) Oracle XML DB Component Takeover Vulnerability Oracle Database Server Core RDBMS Component Denial of Service Vulnerability Oracle LogMiner Component Vulnerability Arbitrary Command Injection in @graphql-tools/git-loader (before 6.2.6) Cross-site Scripting (XSS) Vulnerability in ApexCharts Package (Versions before 3.24.0) Prototype Pollution Vulnerability in iniparserjs Prototype Pollution in nested-object-assign before 1.0.4 via default function Oracle XML DB Component Privilege Escalation Vulnerability Command Injection Vulnerability in Launchpad Package (All Versions) via Stop Parameter Insecure Temporary File Creation in com.squareup:connect Package LDAP Injection Vulnerability in is-user-valid Package Web Cache Poisoning via urllib.parse.parse_qsl and urllib.parse.parse_qs Command Injection Vulnerability in Lodash Template Function Unsafe YAML Load Function in Qlib's Workflow Function in CLI Multiple Transfer-Encoding Headers Vulnerability Vulnerability in Oracle Database - Enterprise Edition Data Redaction Component Local File Inclusion Vulnerability in Pimcore CustomReportController Regular Expression Denial of Service (ReDoS) vulnerability in prismjs before 1.23.0 Vulnerability: Bypassing Remediation and Executing Malicious JavaScript in docsify before 4.12.0 Vulnerability: Regular Expression Denial of Service (ReDoS) in path-parse package Remote Code Execution (RCE) Vulnerability in total.js before 3.4.8 via set() Server-side Request Forgery (SSRF) vulnerability in github.com/thecodingmachine/gotenberg via /convert/html endpoint Regular Expression Backtracking Vulnerability in html-parse-stringify Package Cross-site Scripting (XSS) Vulnerability in Argo CD SSO Provider Arbitrary Command Execution Vulnerability in portprocesses Package (<=1.0.5) Vulnerability in Oracle Database - Enterprise Edition Data Redaction Component Denial of Service (DoS) Vulnerability in go-proxyproto Package Arbitrary Code Execution via Custom Graphviz Path in Madge ReDoS Vulnerability in jspdf's addImage Function Vulnerability: ReDoS in printf package (<=0.6.1) via regex string in lib/printf.js Arbitrary Command Execution Vulnerability in ps-kill Package Arbitrary Command Execution Vulnerability in kill-process-by-name Package Directory Traversal Vulnerability in Tyk Gateway's handleAddOrUpdateApi Function Arbitrary Code Injection Vulnerability in Underscore Package Arbitrary Command Execution Vulnerability in port-killer Package Vulnerability in Oracle Database - Enterprise Edition Data Redaction Component Arbitrary Command Execution Vulnerability in killport (before 1.0.2) Regular Expression Denial of Service (ReDoS) in hosted-git-info before 3.0.8 Arbitrary Command Execution in kill-by-port Package (CVE-2021-XXXX) Regular Expression Denial of Service (ReDoS) Vulnerability in browserslist 4.0.0 - 4.16.5 Authentication Bypass Vulnerability in Tyk Identity Broker via Go XML Parser ReDoS Vulnerability in postcss Package: Source Map Parsing Remote Code Execution (RCE) Vulnerability in Handlebars Package (Versions before 4.7.7) Oracle XML DB Component Takeover Vulnerability Critical Vulnerability in Swiper Package (Version < 6.5.1) Denial of Service Vulnerability in chrono-node before 2.2.4 Denial of Service (DoS) Vulnerability in mongo-express: Crash on Exporting Empty Collection as CSV Prototype Pollution in package set-deep-prop Arbitrary Command Execution Vulnerability in ps-visitor Package Arbitrary Command Execution Vulnerability in psnode Package Arbitrary Command Execution Vulnerability in ffmpegdotjs trimvideo Function Arbitrary Command Execution Vulnerability in onion-oled-js Package Arbitrary Command Execution Vulnerability in picotts Package Arbitrary Command Execution Vulnerability in Portkiller Package Vulnerability in Oracle Siebel CRM's Siebel Apps - Marketing: Unauthorized Data Access and Manipulation Arbitrary Command Execution Vulnerability in roar-pidusage Package Arbitrary Command Execution Vulnerability in Package Killing Regular Expression Denial of Service (ReDoS) in postcss before 8.2.13 via getAnnotationURL() and loadAnnotation() in lib/previous-map.js Prototype Pollution Vulnerability in Handlebars Package (Versions before 4.7.7) Open Redirect Vulnerability in koa-remove-trailing-slashes Package Arbitrary URL Redirect Vulnerability in Flask-Security Unencrypted Network Exposure of Internal Memory via Crafted Invalid Domain Names Open Redirect Vulnerability in trailing-slash Package (Versions before 2.0.1) Vulnerability: ReDoS in Email Validation of Package Forms Arbitrary Code Execution Vulnerability in total.js Package (before 3.4.9) via U.set() and U.get() Functions High-Privilege Network Access Vulnerability in Oracle MySQL Server (CVE-2021-2380) Arbitrary Code Execution Vulnerability in total4 Package (Versions before 0.0.43) Arbitrary File System Overwrite Vulnerability in Calipso Package Vulnerability: Regular Expression Denial of Service (ReDoS) in locutus package before 2.0.15 Arbitrary URL Redirection in Flask-Unchained before 0.9.0 Remote Code Execution (RCE) Vulnerability in studio-42/elfinder before 2.1.58 via PHP Code Execution in .phar Files Prototype Pollution Vulnerability in nedb Package Prototype Pollution in lutils package via main (merge) function Prototype Pollution vulnerability in @ianwalter/merge package Cross-site Scripting (XSS) Vulnerability in react-bootstrap-table's dataFormat Parameter Arbitrary Command Execution Vulnerability in wincred Package MySQL Server Vulnerability: Unauthorized Partial Denial of Service via Memcached Component HTTP Header Injection Vulnerability in Nodemailer Package (before 6.6.1) Arbitrary URL Redirection in Flask-User's make_safe_url Function Prototype Pollution in package record-like-deep-assign Prototype Pollution in ts-nodash Merge() Function CSRF Vulnerability in SQLite-Web Package Unvalidated Parameter in ClassificationstoreController Class in pimcore/pimcore Unsafe PAC File Handling Vulnerability in pac-resolver Improper Sanitization of User-Controlled File Names in elFinder.Net.Core Prototype Pollution Vulnerability in com.graphhopper:graphhopper-web-bundle Denial of Service (DoS) Vulnerability in github.com/pires/go-proxyproto before 0.6.0 Vulnerability in Java SE and Oracle GraalVM: Unauthorized Read Access Cross-site Scripting (XSS) Vulnerability in Package's Main Functionality Command Injection Vulnerability in gitlogplus Package Prototype Pollution Vulnerability in jszip before 3.7.0 Arbitrary Code Execution Vulnerability in video.js (before 7.14.3) Improper Sanitization of User-Controlled File Names in elFinder.AspNet Improper Input Sanitization in Curly-Bracket-Parser Template Library Prototype Pollution vulnerability in deepmergefn package XML External Entity (XXE) Injection Vulnerability in glances before 3.2.1 Prototype Pollution Vulnerability in open-graph Package (Versions before 0.2.6) MySQL Server Denial of Service Vulnerability Arbitrary Command Execution Vulnerability in codeception/codeception Prototype Pollution in merge-change package via utils.set function Command Injection Vulnerability in bikeshed before 3.0.0 Arbitrary File Disclosure Vulnerability in bikeshed before 3.0.0 Denial of Service Vulnerability in ansi-html Package ReDoS Vulnerability in trim-off-newlines Package Proto Package Object Property Injection Vulnerability Arbitrary Extraction Vulnerability in elFinder.NetCore's ExtractAsync Function Path Traversal Vulnerability in elFinder.NetCore Denial of Service (DoS) Vulnerability in transpile Package's .to() Function Oracle Workflow Notification Mailer Unauthorized Read Access Vulnerability Directory Traversal Vulnerability in startserver Package Joplin Package Prior to 2.3.2 Vulnerable to Cross-Site Request Forgery (CSRF) Untrusted Input Vulnerability in Mootools' Object.merge() Function Prototype Pollution in algoliasearch-helper before 3.6.2 via merge function in src/SearchParameters/index.jsSearchParameters._parseNumbers Type Confusion Vulnerability in object-path Package (CVE-2020-15256 Bypass) Session Hijacking Vulnerability Type Confusion Vulnerability in immer Package (before 9.0.6) Allows Bypass of CVE-2020-28477 ReDoS Vulnerability in Pillow's getrgb Function Type Confusion Vulnerability in mpath Package (CVE-2018-16490 Bypass) Arbitrary JavaScript Code Execution via File Upload in file-upload-with-preview Oracle Coherence Denial of Service Vulnerability Type Confusion Vulnerability in set-value Package Prototype Pollution Vulnerability in @cookiex/deep Package Type Confusion Vulnerability in edge.js Allows Bypassing Input Sanitization Type Confusion Vulnerability in jointjs before 3.4.2 Allows Bypass of CVE-2020-28480 Unescaped HTML Injection Vulnerability in datatables.net (<=1.11.3) Regular Expression Denial of Service (ReDoS) in Handsontable.helper.isNumeric function Type Confusion Vulnerability in teddy Package (before 0.5.9) Allows Bypass of Input Sanitization Prototype Pollution vulnerability in package config-handler Prototype Pollution Vulnerability in vm2 Package (<=3.9.4): Remote Code Execution Vulnerability in Oracle Commerce Guided Search / Experience Manager: Unauthorized Data Access and Manipulation Prototype Pollution Vulnerability in Dojo's setObject Function Insecure Randomness in otp-generator: Brute-Force Vulnerability Prototype Pollution Vulnerability in Package x-assign Vulnerability in Oracle Commerce Guided Search / Experience Manager: Unauthorized Data Access and Manipulation Prototype Pollution Vulnerability in min-dash Package (before 3.8.1) via set Method XML External Entity (XXE) Injection in com.h2database:h2 via org.h2.jdbc.JdbcSQLXML class object Vulnerability in Oracle Hyperion Infrastructure Technology: Unauthorized Access and Data Compromise Unvalidated Constructor Property in putil-merge's merge() Function Type Confusion Vulnerability in bootstrap-table Package Allows Bypass of Input Sanitization Unauthorized Read Access Vulnerability in Oracle Commerce Guided Search / Oracle Commerce Experience Manager Zip Slip Vulnerability in zip-local Package Unauthenticated Remote Code Execution in Oracle Essbase EAS Console Vulnerability: Regular Expression Denial of Service (ReDoS) in parse-link-header package (before 2.0.0) Open Redirect Vulnerability in Karma Package (before 6.3.16) Incomplete fix in @strikeentco/set package allows for denial of service and potential remote code execution Critical Unauthenticated Access Vulnerability in Oracle Essbase EAS Console (CVE-2021-XXXX) Prototype Pollution in object-path-set's setPath Method Type Confusion Vulnerability in json-ptr Allows Bypass of CVE-2020-7766 Vulnerability in Advanced Networking Option component of Oracle Database Server (CVE-2021-2351) Directory Traversal Vulnerability in Crow before 0.3+4 Prototype Pollution in cached-path-relative Package High-Privilege Network Access Vulnerability in Oracle MySQL Server (CVE-2021-2380) Arbitrary File Write Vulnerability in JUCE Framework's ZipFile::uncompressEntry Function Arbitrary Code Execution via Symbolic Link in JUCE Framework Vulnerability in Oracle Siebel CRM: Unauthorized Access to Critical Data MySQL Server Federated Component Denial of Service Vulnerability Sandbox Bypass Vulnerability in Realms-shim Package via Prototype Pollution Oracle Marketing Product Vulnerability: Unauthorized Access and Data Manipulation Sandbox Bypass Vulnerability in vm2 Package Vulnerability: Exposed Dangerous Method or Function in Guake (CVE-2021-12345) Prototype Pollution in bmoor before 0.10.1: Missing Sanitization in set Function Vulnerability in Oracle MySQL Server: Unauthorized Access and Denial of Service Prototype Pollution in comb package via deepMerge() function Arbitrary JavaScript Code Execution via File Upload in plupload Information Exposure via valueOf() function in nanoid package (3.0.0 - 3.1.31) Vulnerability: Denial of Service (DoS) in colors package after 1.4.0 Prototype Pollution Vulnerability in extend2 Package MySQL Server Denial of Service Vulnerability Prototype Pollution in deepFillIn and set functions of js-data package (CVE-2020-28442) Oracle Access Manager Remote Access Vulnerability Oracle Marketing Product Vulnerability: Unauthorized Access and Data Compromise Deserialization of Untrusted Data Vulnerability in topthink/framework Sandbox Bypass Vulnerability in Realms-shim Package via Prototype Pollution Denial of Service Vulnerability in fastify-multipart (CVE-2020-8136 Bypass) Oracle Approvals Management Product Vulnerability: Unauthorized Data Access and Modification Oracle Advanced Inbound Telephony Vulnerability: Unauthorized Data Access and Modification Vulnerability in Oracle Field Service: Unauthorized Access and Data Manipulation Type Confusion Vulnerability in Dotty Package Allows Bypass of CVE-2021-25912 Vulnerability in Oracle Public Sector Financials (International) Allows Unauthorized Access and Data Manipulation Arbitrary File Read Vulnerability in convert-svg Packages Remote Code Execution (RCE) Vulnerability in Git Package Allows OS Command Execution Remote Code Execution (RCE) vulnerability in md-to-pdf before 5.0.0 Oracle iSupplier Portal: Unauthorized Data Access and Modification Vulnerability Cross-site Scripting (XSS) Vulnerability in @braintree/sanitize-url Package Oracle Human Resources Product Vulnerability: Unauthorized Access and Data Manipulation Unvalidated Formula Injection in html-to-csv Package Vulnerability in Primavera P6 Enterprise Project Portfolio Management: Unauthorized Data Access and Manipulation Prototype Pollution Vulnerability in sey's deepmerge() Function Server-side Request Forgery (SSRF) vulnerability in @isomorphic-git/cors-proxy before 2.7.1 MySQL Server Denial of Service Vulnerability File Upload Vulnerability in pekeupload Package Allows Remote Code Execution Unauthenticated Remote Access Vulnerability in Oracle Siebel CRM Prototype Pollution vulnerability in litespeed.js and appwrite/server-ce Vulnerability in Java SE and Oracle GraalVM: Unauthorized Data Access MySQL Server Denial of Service Vulnerability Prototype Pollution in mergeDeep() function of package merge-deep2 Prototype Pollution Vulnerability in object-extend Package (Version 0.0.0) Oracle Coherence Denial of Service Vulnerability Vulnerability: Server-side Request Forgery (SSRF) in ssrf-agent before 1.0.5 MySQL Server Denial of Service Vulnerability Stored Command Injection Vulnerability in Celery (CVE-2021-32823) Vulnerability in JD Edwards EnterpriseOne Tools: Unauthorized Data Access and Manipulation Arbitrary OS Command Execution Vulnerability in docker-cli-js Vulnerability in Oracle MySQL Server (InnoDB Component) Allows Unauthorized Access to Critical Data Vulnerability in JD Edwards EnterpriseOne Tools: Unauthorized Data Access and Manipulation Deserialization of Untrusted Data in ajaxpro.2 Package: Remote Code Execution Vulnerability Oracle WebLogic Server Unauthenticated Remote Code Execution Vulnerability Prototype Pollution in keyget package (0.0.0) via set, push, and at methods leading to DoS and potential RCE Unauthorized Read Access Vulnerability in Oracle PeopleSoft Enterprise PeopleTools Sandbox Escape and Prototype Pollution Vulnerability in notevil and argencoders-notevil Packages Arbitrary File Write Vulnerability in github.com/kataras/iris Oracle WebLogic Server Unauthenticated Remote Code Execution Vulnerability Potential Cross-Site Scripting Vulnerability in tempura before 0.4.0 XML External Entity (XXE) Injection in com.twelvemonkeys.imageio:imageio-metadata before 3.7.1 Directory Traversal Vulnerability in http-server-node via --path-as-is Vulnerability in Oracle Applications Framework: Unauthorized Access and Data Compromise Bypassing allowFunctions in latte/latte before 2.10.6 Type Confusion Vulnerability in jsonpointer Allows Bypass of Prototype Pollution Fix Oracle Solaris Kernel Vulnerability Allows Unauthorized Data Access and Partial Denial of Service Unisharp/laravel-filemanager Upload Function File Type Validation Bypass Vulnerability Oracle WebLogic Server Remote Code Execution Vulnerability Type Confusion Vulnerability in json-pointer Package Allows Bypass of CVE-2020-7709 Unquoted Attribute Injection leading to Cross-site Scripting (XSS) in Crow before 0.3+4 Inadequate Media Cache Clearance in Keybase Desktop Client MySQL Server Denial of Service Vulnerability Local File Disclosure Vulnerability in flatCore ACP Interface Stored XSS Vulnerability in flatCore ACP Interface Time-Based Blind SQL Injection in flatCore before 2.0.0 build 139 Reflected XSS Vulnerability in flatCore ACP Interface Vulnerability: Inverted Padding Check in OpenSSL 1.0.2 MySQL Server Denial of Service Vulnerability Vulnerability: Integer Overflow in EVP_CipherUpdate, EVP_EncryptUpdate, and EVP_DecryptUpdate Vulnerability: OpenSSL X509_issuer_and_serial_hash() NULL Pointer Dereference Blowfish Encryption Key Retrieval Vulnerability Bosch AMC2 Configuration Tool Password Bypass Vulnerability Session Hijacking Vulnerability in Configuration Web Page Clear Text Password Vulnerability in HTTP Protocol Bosch IP Cameras: Missing Authentication in Critical Function Vulnerability Reflected Cross-Site Scripting (XSS) Vulnerability in Bosch IP Cameras CSRF Vulnerability in Web-Based Interface Allows Unauthorized Actions on Behalf of Users Vulnerability in Oracle MySQL Server: Unauthorized Access and Denial of Service Remote Code Execution and Crash Vulnerability in Camera Recovery Image Telnet Interface Remote Code Execution and Crash Vulnerability in Camera Recovery Image Web Interface Bosch IP Cameras: Denial of Service (DoS) Vulnerability Arbitrary HTTP Header Injection Vulnerability in Bosch IP Cameras Reflected Cross Site Scripting (XSS) Vulnerability in Bosch IP Cameras (Versions 7.7x and 7.6x) Unprotected Web Server Exposes User and Password Database with Weak Hashing Algorithm Reflected XSS Vulnerability in Web Server Allows for Script Execution via Manipulated URLs Hash-Based Login Vulnerability Unprotected Web Server Exposes Sensitive Configuration and Device Details Unauthenticated Remote Crash and Command Injection Vulnerability in Bosch VRM and BVMS Unauthorized Read Access Vulnerability in Primavera P6 Enterprise Project Portfolio Management Reflected Cross-Site Scripting (XSS) Vulnerability in VRM Web Interface Vulnerability: Unauthorized Access to Extended Debug Functionality on VRM Arbitrary Command Execution Vulnerability in Bosch Security Systems Bosch Video Security Android Application HTML Code Injection Vulnerability MySQL Server Denial of Service Vulnerability Privilege Escalation via Symbolic Link Manipulation in McAfee Total Protection (MTP) File Lock Component Junction Link Manipulation Privilege Escalation Vulnerability in McAfee Total Protection Arbitrary Process Execution Vulnerability in McAfee Total Protection (MTP) Prior to 16.0.30 Privilege Escalation and Arbitrary File Modification Vulnerability in McAfee Total Protection Privilege Escalation Vulnerability in McAfee Total Protection Trial Installer Clear Text Storage of Sensitive Information in Memory Vulnerability in McAfee Endpoint Security (ENS) for Windows Unquoted Service Path Vulnerability in McAfee Endpoint Product Removal (EPR) Tool Java SE and Oracle GraalVM Enterprise Edition Vulnerability: Unauthorized Takeover Unauthenticated Local Administrator Uninstallation Vulnerability in McAfee Endpoint Security Stored Cross Site Scripting Vulnerability in McAfee Endpoint Security (ENS) ePO Extension Improper Access Control Vulnerability in McAfee Endpoint Security (ENS) for Windows Prior to 10.7.0 February 2021 Update Null Pointer Dereference Vulnerability in McAfee Endpoint Security (ENS) for Windows Cleartext Transmission of Sensitive Information in McAfee Content Security Reporter (CSR) ePO Extension Privilege Escalation Vulnerability in McAfee Web Gateway (MWG) Prior to 9.2.8 Denial of Service Vulnerability in McAfee DLP Endpoint for Windows: BSoD via Process Suspension and Memory Modification Privilege Escalation via Arbitrary Kernel Address Write in McAfee DLP Endpoint for Windows Unvalidated Client-Side URL Redirect Vulnerability in McAfee ePolicy Orchestrator (ePO) Arbitrary Web Script Injection Vulnerability in McAfee ePolicy Orchestrator (ePO) Unauthenticated Remote Denial of Service Vulnerability in MySQL Server Information Leakage Vulnerability in McAfee ePolicy Orchestrator (ePO) Agent Handler Privilege Escalation Vulnerability in McAfee Total Protection (MTP) Prior to 16.0.32 Privilege Escalation through TOCTOU Race Condition in ENSL TP/FW Installation Process Privilege Escalation via Unutilized Memory Buffer in McAfee Drive Encryption (DE) Remote Code Execution Vulnerability in McAfee Database Security (DBSec) Prior to 4.8.2 Remote Code Execution Vulnerability in McAfee Database Security (DBSec) Prior to 4.8.2 Cleartext Transmission of Sensitive Information in McAfee Database Security (DBSec) Administrator Interface Arbitrary HTML/XML Injection in OWASP json-sanitizer (before 1.2.2) Unauthenticated Remote Denial of Service Vulnerability in MySQL Server Denial of Service Vulnerability in OWASP json-sanitizer XML External Entity (XXE) Injection Vulnerability in Nutch DmozParser Remote Code Execution Vulnerability in Mercedes-Benz MBUX Infotainment System Remote Code Execution Vulnerability in Mercedes-Benz MBUX Infotainment System Type Confusion Vulnerability in Headunit NTG6 of MBUX Infotainment System on Mercedes-Benz Vehicles Remote Code Execution Vulnerability in HERMES 2.1 MBUX Infotainment System on Mercedes-Benz Vehicles Oracle BI Publisher Scheduler Vulnerability Out-of-Bounds Array Access Vulnerability in HERMES 2.1 MBUX Infotainment System Oracle BI Publisher Remote Code Execution Vulnerability Broken Access Control on Password List Entry Elements in Devolutions Server Cross-Site Scripting (XSS) Vulnerability in Devolutions Remote Desktop Manager Broken Authentication Vulnerability in Devolutions Server Sensitive Information Exposure in Devolutions Server Diagnostic Files Cross-Site Scripting (XSS) Vulnerability in Devolutions Server Document Entries XML Entity Expansion Vulnerability in XMLBeans up to v2.6.0 SSRF Vulnerability in OX App Suite 7.10.4 via URL with @ Character in PUT Request Cross-Site Scripting (XSS) Vulnerability in OX App Suite through 7.10.3 via ajax/apps/manifests Query String Cross-Site Scripting (XSS) Vulnerability in OX App Suite 7.10.4 Oracle E-Records E-Signatures Vulnerability Cross-Site Scripting (XSS) Vulnerability in OX App Suite through 7.10.4 via Conversion API for DistributedFile Inline Binary File XSS Vulnerability in OX App Suite through 7.10.4 Cross-Site Scripting (XSS) Vulnerability in OX App Suite through 7.10.4 via Crafted Filename Cross-Site Scripting (XSS) Vulnerability in OX App Suite through 7.10.4 via mail:// URL Cross-Site Scripting (XSS) Vulnerability in OX App Suite through 7.10.4 via Contact Name Cross-Site Scripting (XSS) Vulnerability in OX App Suite 7.10.4 via Appointment Location Field Cross-Site Scripting (XSS) Vulnerability in OX App Suite 7.10.4 via Task Subject Arbitrary DNS Lookup and Amplification Attack Vulnerability in Apache Wicket's WebClientInfo Oracle WebLogic Server Unauthenticated Takeover Vulnerability Vulnerability in Oracle Hospitality Reporting and Analytics: Unauthorized Data Access and Modification Cross-Origin Information Leakage in PDF Reader Type Confusion Vulnerability in JavaScript Switch Statement Pointer Lock State Confusion Vulnerability in Firefox < 85 Confusing File Picker Design in Firefox < 85 Allows Uploading Entire Directories Android `intent` URL scheme allows for iframe sandbox escape in Firefox for Android (Firefox < 85) Screen Sharing State Leakage Vulnerability in Firefox < 85 XSS Vulnerability in Firefox for Android: Spoofing Attacks on Internal Error Pages Oracle BI Publisher Product Takeover Vulnerability Garbage Collection Vulnerability in JavaScript Variables: User-After-Poison and Potential Crash Exploit Slipstream Exploit: Firefox < 85 Vulnerability Exposes Internal Network and Local Services User-After-Poison Vulnerability in Firefox < 85 WebRTC Geolocation Reset Vulnerability in Firefox < 85 Memory Corruption Vulnerabilities in Firefox 84 and Firefox ESR 78.6 Memory Corruption Vulnerabilities in Firefox 84 Frame Navigation Vulnerability in Firefox, Thunderbird, and Firefox ESR Improper Source File Handling in Firefox and Thunderbird Oracle WebLogic Server Remote Code Execution Vulnerability Context-Specific Code in Shared Jump Table Triggers Assertions in Multithreaded Wasm Code (Firefox < 86) Referrer-Policy Conflict in Firefox < 86 Allows Information Leakage HTTP Auth Phishing Vulnerability in Firefox < 86 Cross-Origin Resource Decoding Error Information Disclosure Vulnerability DOMParser API mXSS Bypass in Firefox < 86 Improper Use of sizeof Function in Firefox < 86 Arbitrary File Path Manifest Injection Vulnerability in Firefox for Android Time-of-Check-Time-of-Use Vulnerability in Firefox for Android Allows Unauthorized Access to Sensitive Data Memory Corruption Vulnerabilities in Firefox 85 and Firefox ESR 78.7 Memory Corruption Vulnerabilities in Firefox 85 Vulnerability in Oracle Advanced Outbound Telephony: Unauthorized Access and Data Manipulation Mutation XSS Vulnerability in bleach.clean() Function WebGL Texture Upload Vulnerability in Firefox and Thunderbird WebRTC-based Cross-Network Scanning Vulnerability CSS Rule Removal Vulnerability in Firefox < 87: Potential Memory Corruption and Exploitable Crash Popup Spoofing Vulnerability in Firefox ESR, Firefox, and Thunderbird Unnoticed Remote Monitoring and Network Traffic Exposure in Firefox < 87 Same-Origin Policy Bypass in Firefox Extension with Cross-Origin Favicon Reference Memory Corruption Vulnerabilities in Firefox 86 and Firefox ESR 78.8 Memory Corruption Vulnerabilities in Firefox 86 High Privilege Network Access Vulnerability in Oracle MySQL Server (CVE-2021-2380) Vulnerability: Invalid Subkey in Thunderbird's OpenPGP Key Handling OpenPGP Key User ID Spoofing Vulnerability in Thunderbird Denial of Service (DoS) Vulnerability in Thunderbird < 78.9.1 due to Invalid Subkey Self Signature WebGL Framebuffer Initialization Vulnerability in Firefox ESR, Thunderbird, and Firefox Arbitrary Code Execution Vulnerability in Firefox ESR, Thunderbird, and Firefox 3D CSS and Javascript Exploit: Viewport Spoofing Vulnerability in Firefox < 88 Use-After-Free Vulnerability in Firefox < 88 Allows Arbitrary Code Execution Inheriting Secure Lock Icon Vulnerability in Firefox ESR, Thunderbird, and Firefox Blob URL Privilege Escalation Vulnerability Oracle BI Publisher Unauthenticated Remote Code Execution Vulnerability Race Condition Vulnerability in Firefox < 88: User Interaction Misdirection Session History Manipulation in Firefox < 88 Arbitrary Command Injection via Encoded Newline Characters in FTP URLs Hard-coded Cryptographic Keys Vulnerability in FortiAuthenticator Versions Before 6.3.0 Improper Access Control Vulnerability in FortiManager: Unauthorized Access to SD-WAN Orchestrator Panel SQL Injection Vulnerabilities in FortiMail before 6.4.4 Arbitrary Command Execution Vulnerability in FortiWAN Web GUI (CWE-78) Oracle BI Publisher Unauthenticated Read Access Vulnerability Directory Traversal Vulnerability in FortiSandbox Privilege Escalation Vulnerability in FortiNAC Version Below 8.8.2: Abusing Sudo Privileges for Root Access LDAP User SSLVPN Certificate Trust Vulnerability Path Traversal Vulnerabilities in FortiMail Webmail: Unauthorized File Access XSS Vulnerability in FortiSandbox before 4.0.0 Command Injection Vulnerability in FortiMail Administrative Interface Arbitrary Command Execution via Crafted IPv4 Field in Fortinet FortiManager CSV Export Vulnerability Arbitrary Module Assignment Vulnerability in Fortinet FortiManager Buffer Underwrite Vulnerability in FortiOS Firmware Verification Routine Insufficient Session Expiration Vulnerability in FortiClientEMS Versions 6.4.2 and Below, 6.2.8 and Below MySQL Server Vulnerability: Unauthorized Hang and Crash Signature Verification Bypass in FortiMail 6.4.0 - 6.4.4 and 6.2.0 - 6.2.7 Stored Cross-Site Scripting (XSS) Vulnerability in FortiAnalyzer Logview Column Settings Buffer Overflow Vulnerability in FortiAnalyzer and FortiManager CLI Improper Input Validation in FortiAI v1.4.0 and Earlier Allows Authenticated User to Gain System Shell Access via Malicious Payload in diagnose Command Sensitive Information Exposure in FortiADCManager and FortiADC Integer Overflow and Heap Overflow in preg_quote function Out-of-Bounds Write Vulnerability in WhatsApp Audio Decoding Pipeline Cache Configuration Vulnerability in WhatsApp for Android and WhatsApp Business for Android Invalid Free Vulnerability in Facebook Thrift's Table-Based Serialization Packet of Death: Crash Vulnerability in mvfst and proxygen Oracle WebLogic Server Unauthenticated Read Access Vulnerability Code Execution Vulnerability in Facebook Gameroom's fbgames Protocol Handler Default File Permissions Vulnerability in Zstandard Command-Line Utility Incomplete Fix for CVE-2021-24031 Allows Momentary Unauthorized Access to Zstandard Output Files Command Injection Vulnerability in react-dev-utils prior to v11.0.4 Path Traversal Vulnerability in WhatsApp for Android and WhatsApp Business for Android Integer Overflow Vulnerability in IOBuf Creation Use After Free Vulnerability in Hermes Allows Arbitrary Code Execution via Crafted JavaScript Local Privilege Escalation Vulnerability in Oculus Desktop Versions 1.39 to 31.1.0.67.507 Vulnerability in Oracle PeopleSoft Enterprise HCM Candidate Gateway: Unauthorized Data Access and Manipulation Unsafe YAML Deserialization in ParlAI Prior to v1.1.0: Remote Code Execution Vulnerability Out-of-Bounds Write Vulnerability in WhatsApp for Android and WhatsApp Business for Android Out-of-Bounds Write Vulnerability in WhatsApp Calling Logic Out-of-Bounds Heap Read Vulnerability in WhatsApp Type Confusion Vulnerability in Hermes Prior to v0.10.0 Type Confusion Vulnerability in Facebook Hermes (prior to v0.10.0) Exploitable Logic Flaw in Ray-Ban® Stories Device Software Allows Unauthorized Parameter Modification Oracle Engineering Product Vulnerability: Unauthorized Data Access and Modification Vulnerability in Oracle Collaborative Planning User Interface Exploiting the Microsoft SharePoint Remote Code Execution Vulnerability Excel Remote Code Execution Vulnerability: A Critical Security Flaw in Microsoft Excel Excel Remote Code Execution Vulnerability: A Critical Security Flaw in Microsoft Excel Excel Remote Code Execution Vulnerability: A Critical Security Flaw in Microsoft Excel Unauthenticated Unauthorized Read Access Vulnerability in Oracle PeopleSoft Enterprise PeopleTools Excel Remote Code Execution Vulnerability: A Critical Security Flaw in Microsoft Excel Unauthenticated Information Disclosure Vulnerability in Microsoft SharePoint SharePoint Server Remote Code Execution Vulnerability Skype for Business and Lync Spoofing Vulnerability: Impersonation Threats Critical Windows TCP/IP Remote Code Execution Vulnerability Discovered Windows VMSwitch Denial of Service Vulnerability Windows VMSwitch Information Disclosure Vulnerability Faxploit: Remote Code Execution Vulnerability in Windows Fax Service Critical Remote Code Execution Vulnerability in Windows DNS Server Windows Backup Engine Data Exposure Vulnerability Vulnerability in Oracle PeopleSoft: Unauthorized Data Access and Manipulation Windows Trust Verification API Denial of Service Vulnerability Windows Codecs Library Remote Code Execution Vulnerability WDAC Security Feature Bypass Vulnerability in Microsoft.PowerShell.Utility Module Address Book Remote Code Execution Vulnerability in Windows Windows Mobile Device Management Data Exposure Vulnerability Microsoft Exchange Server Spoofing Vulnerability: Exploiting Email Authentication Windows TCP/IP Denial of Service Vulnerability: Disrupting Network Communication Azure IoT CLI Extension Privilege Escalation Vulnerability PrintNightmare: Windows Local Spooler Remote Code Execution Vulnerability Critical Remote Code Execution Vulnerability in HEVC Video Extensions Oracle VM VirtualBox Prior to 6.1.24 Vulnerability: High Privileged Takeover Windows Error Reporting Privilege Escalation Vulnerability Windows Camera Codec Pack Remote Code Execution Vulnerability: A Critical Security Flaw Guardian Breached: Microsoft Defender Elevation of Privilege Vulnerability Exploiting the Windows Graphics Component for Remote Code Execution Critical Windows TCP/IP Remote Code Execution Vulnerability Discovered Unprivileged Access Exploit in DirectX Windows Kernel Privilege Escalation Vulnerability Windows Console Driver DoS Vulnerability Skype for Business and Lync Denial of Service Vulnerability: Disrupting Communication Channels MySQL Server Denial of Service Vulnerability Microsoft Edge for Android Information Leakage Vulnerability Microsoft Dataverse Data Exposure Vulnerability Windows Event Tracing Privilege Escalation Vulnerability Windows Event Tracing Privilege Escalation Vulnerability Unauthenticated Spoofing Vulnerability in Microsoft SharePoint Server Vulnerability: Dependency Confusion - Remote Code Execution Windows DirectX Information Leakage Vulnerability Windows Event Tracing Data Exposure Vulnerability Exploiting the Microsoft Office Remote Code Execution Vulnerability Unauthenticated Elevation of Privilege Vulnerability in Microsoft Azure Kubernetes Service MySQL Cluster: Unauthenticated Remote Denial of Service Vulnerability Critical Remote Code Execution Vulnerability in HEVC Video Extensions .NET Framework Denial of Service Vulnerability: Exploiting System Resource Exhaustion .NET Core Remote Code Execution: A Critical Vulnerability Edge (Chromium-based) Security Feature Bypass Vulnerability Microsoft Teams iOS Data Exposure Vulnerability Lack of Constant-Time Computations in Botan Decoding and Encoding Operations Side-Channel Vulnerability in wolfSSL PEM File Decoding Allows Secret RSA Key Extraction Side-Channel Vulnerability in Apache Teaclave Rust SGX SDK 1.1.3: Exposing Secret RSA Keys through Base64 PEM File Decoding Side-Channel Vulnerability in Trusted Firmware Mbed TLS 2.24.0 Allows Secret RSA Key Extraction via Controlled-Channel and Side-Channel Attacks MySQL Server Denial of Service Vulnerability JSP Source Code Disclosure Vulnerability in Apache Tomcat Arbitrary File Upload Vulnerability in PowerPress WordPress Plugin Unauthenticated Reflected XSS in WP Shieldon WordPress Plugin v1.6.3 and below SQL Injection Vulnerability in Contact Form Submissions WordPress Plugin Privilege Escalation through Unsanitized Image Metadata in Envira Gallery Lite WordPress Plugin Authenticated Stored Cross-Site Scripting (XSS) Vulnerability in ThirstyAffiliates Affiliate Link Manager WordPress Plugin Cross-site scripting vulnerability in Team Members WordPress plugin (versions before 5.0.4) allows injection of arbitrary web script or HTML via member's 'Description/biography' field Stored Cross-Site Scripting (XSS) Vulnerability in Themify Portfolio Post WordPress Plugin SQL Injection Vulnerability in WP Google Map Plugin WordPress Plugin Authenticated SQL Injection Vulnerabilities in Anti-Spam by CleanTalk WordPress Plugin SQL Injection Vulnerability in The Slider by 10Web WordPress Plugin CSRF Vulnerability in ActiveCampaign WordPress Plugin Allows Unauthorized API Credential Changes Multiple Stored Cross-Site Scripting Vulnerabilities in Constant Contact Forms WordPress Plugin (Versions < 1.8.8) Stored Cross-Site Scripting Vulnerabilities in WP Customer Reviews WordPress Plugin Multiple Cross-Site Scripting Vulnerabilities in Testimonials Widget WordPress Plugin SQL Injection Vulnerability in Blog2Social WordPress Plugin (Versions < 6.3.1) Authenticated SQL Injection in AdRotate WordPress Plugin (Versions < 5.8.4) via id Parameter SQL Injection Vulnerability in 10Web Photo Gallery WordPress Plugin Vulnerability in Oracle Communications Session Border Controller: Unauthorized Access to Critical Data SQL Injection vulnerability in Ajax Load More WordPress Plugin (versions before 5.3.2) via unvalidated input in POST /wp-admin/admin-ajax.php SQL Injection Vulnerability in Advanced Database Cleaner Plugin (Versions < 3.0.2) Allows Admin+ Users to Perform Unauthorized SQL Attacks SQL Injection Vulnerability in Easy Redirect Manager WordPress Plugin SQL Injection Vulnerability in AccessPress Social Icons Plugin Arbitrary Formula Injection Vulnerability in Contact Form 7 Database Addon Plugin Arbitrary PHP File Upload in Modern Events Calendar Lite WordPress Plugin Unauthenticated Access to Event Data Export in Modern Events Calendar Lite WordPress Plugin Cross-Site Scripting (XSS) Vulnerability in Modern Events Calendar Lite WordPress Plugin Authentication Bypass Vulnerability in MStore API WordPress Plugin (Versions < 3.2.0) via Sign In With Apple Authenticated SQL Injection in Modern Events Calendar Lite WordPress Plugin Oracle Time and Labor Product Vulnerability: Unauthorized Access and Data Manipulation Unauthenticated Full-Read SSRF Vulnerability in LikeBtn WordPress Plugin Authenticated Blind SQL Injection Vulnerability in WP Editor WordPress Plugin Reflected Cross-Site Scripting Vulnerability in Popup Builder's All Subscribers Setting Page Stored Cross-Site Scripting Vulnerability in Yoast SEO WordPress Plugin Arbitrary File Download Vulnerability in Theme Editor WordPress Plugin Arbitrary File Upload and Remote Code Execution Vulnerability in Backup Guard WordPress Plugin Stored Cross-Site Scripting Vulnerability in Testimonial Rotator 3.0.3 Allows Privilege Escalation Unfiltered HTML Capability Bypass in Orbit Fox by ThemeIsle Hidden User Role Parameter Vulnerability in Orbit Fox by ThemeIsle Cross-Site Scripting (XSS) Vulnerability in Contact Form 7 Style WordPress Plugin Oracle Communications Session Border Controller Denial of Service Vulnerability Remote Code Execution Vulnerability in Responsive Menu WordPress Plugin Remote Code Execution Vulnerability in Responsive Menu WordPress Plugin Vulnerability in Responsive Menu WordPress Plugins Allows Injection of Malicious JavaScript Unauthenticated User Installation and Client Secret Retrieval Vulnerability in SendWP Ninja Forms Contact Form Plugin Unauthorized Access to OAuth Connection Information in Ninja Forms Contact Form WordPress Plugin Open Redirect Vulnerability in Ninja Forms Contact Form WordPress Plugin Vulnerability: Lack of Nonce Protection in wp_ajax_nf_oauth_disconnect Endpoint XMLHttpRequest Vulnerability in Web-Stat < 1.4.0 Allows Unauthorized Access Stored Cross-Site Scripting Vulnerability in Easy Contact Form Pro WordPress Plugin Reflected XSS Vulnerability in Advanced Order Export For WooCommerce WordPress Plugin Vulnerability in Oracle MySQL Server: Unauthorized Access and Denial of Service Information Leakage in User Profile Picture WordPress Plugin Double Extension Attack and Path Traversal Vulnerability in WooCommerce Upload Files WordPress Plugin Vulnerability: Lack of CSRF Checks in VM Backups WordPress Plugin CSRF Vulnerability in VM Backups WordPress Plugin Allows Stored Cross-Site Scripting CSRF Vulnerability in Database Backups WordPress Plugin Vulnerability: Authentication Bypass and Arbitrary Account Creation in Plus Addons for Elementor Page Builder WordPress Plugin Arbitrary JavaScript Code Execution in JH 404 Logger WordPress Plugin Reflected XSS Vulnerability in File Manager WordPress Plugin Cross-Site Request Forgery and Stored Cross-Site Scripting Vulnerabilities in Business Directory Plugin Cross-Site Request Forgery and Remote Code Execution Vulnerability in Business Directory Plugin for WordPress MySQL Server Denial of Service Vulnerability Reflected Cross-Site Scripting (XSS) Vulnerability in Related Posts for WordPress Plugin Blind and Time-Based SQL Injection Vulnerability in Tutor LMS Plugin Vulnerability: UNION-based SQL Injection in Tutor LMS Plugin Vulnerability: UNION-based SQL Injection in Tutor LMS Plugin Unprotected AJAX Endpoints in Tutor LMS Plugin Allow Unauthorized Course Modifications and Privilege Escalation Blind and Time-Based SQL Injection Vulnerability in Tutor LMS Plugin UNION Based SQL Injection Vulnerability in Tutor LMS Plugin Reflected Cross-Site Scripting (XSS) Vulnerability in SEO Redirection Plugin - 301 Redirect Manager WordPress Plugin Arbitrary Plugin Installation and Activation Vulnerability in WP Content Copy Protection & No Right Click WordPress Plugin Arbitrary Plugin Installation and Activation Vulnerability in Captchinoo WordPress Plugin Vulnerability in Oracle Outside In Technology: Denial of Service (DoS) Exploit Arbitrary Plugin Installation and Activation Vulnerability in WooCommerce Conditional Marketing Mailer WordPress Plugin Arbitrary Plugin Installation and Activation Vulnerability in WP Maintenance Mode & Site Under Construction WordPress Plugin Arbitrary Plugin Installation and Activation Vulnerability in Tree Sitemap WordPress Plugin Arbitrary Plugin Installation and Activation Vulnerability in Visitor Traffic Real Time Statistics WordPress Plugin Arbitrary Plugin Installation and Activation Vulnerability in Login Protection - Limit Failed Login Attempts WordPress Plugin Arbitrary Plugin Installation and Activation Vulnerability in Login as User or Customer WordPress Plugin Authenticated Reflected XSS in Social Slider Widget WordPress Plugin (<=1.8.5) via Unsanitized 'token_error' Parameter Improper Access Control in wpDataTables Plugin Allows Unauthorized Data Access Improper Access Control in wpDataTables Plugin Allows Unauthorized Data Deletion Boolean-based Blind SQL Injection in wpDataTables Plugin Vulnerability in Oracle Outside In Technology: Denial of Service (DoS) Exploit Boolean-based Blind SQL Injection in wpDataTables Plugin Unfiltered JavaScript Execution in Elementor Website Builder WordPress Plugin Arbitrary JavaScript Execution in Elementor Website Builder WordPress Plugin Arbitrary JavaScript Execution in Elementor Website Builder WordPress Plugin Unfiltered JavaScript Execution in Elementor Accordion Widget Unfiltered JavaScript Execution in Elementor Website Builder Plugin Unfiltered JavaScript Execution in Elementor Image Box Widget Vulnerability: Unauthorized Post and Page Editing by Subscriber-Level Users in WP Page Builder Plugin Unfiltered HTML and JavaScript Injection Vulnerability in WP Page Builder WordPress Plugin Authenticated Remote Code Execution (RCE) Vulnerability in WP Super Cache Plugin Critical Data Access Vulnerability in Oracle PeopleSoft Enterprise CS Campus Community Open Redirect Vulnerability in PhastPress WordPress Plugin Authenticated Stored XSS Vulnerability in WordPress Related Posts Plugin Unauthenticated File Upload Vulnerability in WooCommerce Help Scout WordPress Plugin Reflected Cross-Site Scripting Vulnerability in GiveWP Donation Plugin Reflected Cross-Site Scripting in OpenID Connect Generic Client WordPress Plugin 3.8.0 and 3.8.1 Improper Access Control in Controlled Admin Access WordPress Plugin Unrestricted File Upload Vulnerability in All-in-One WP Migration WordPress Plugin Object Injection and Remote Code Execution Vulnerability in Facebook for WordPress Plugin CSRF and Script Injection Vulnerability in Facebook for WordPress Plugin Arbitrary Data Injection Vulnerability in Thrive Themes WordPress Plugins and Themes MySQL Server Denial of Service Vulnerability Remote Code Execution via Image Compression Endpoint in Thrive Themes WordPress Themes SQL Injection in Quiz And Survey Master WordPress Plugin Arbitrary File Upload Vulnerability in WP-Curriculo Vitae Free WordPress Plugin Arbitrary File Upload Vulnerability in N5 Upload Form WordPress Plugin Arbitrary File Upload Vulnerability in Easy Form Builder WordPress Plugin Reflected XSS Vulnerability in Advanced Booking Calendar WordPress Plugin Information Leakage in AccessAlly WordPress Plugin Local File Disclosure Vulnerability in Patreon WordPress Plugin Reflected Cross-Site Scripting Vulnerability in Patreon WordPress Plugin Reflected Cross-Site Scripting in Patreon WordPress Plugin (<= 1.7.2) via patreon_save_attachment_patreon_level AJAX Action Vulnerability in Oracle Outside In Technology: Denial of Service (DoS) Exploit Cross-Site Request Forgery Vulnerability in Patreon WordPress Plugin (Versions before 1.7.0) Cross-Site Request Forgery Vulnerability in Patreon WordPress Plugin (Versions before 1.7.0) Authenticated Reflected Cross-Site Scripting in Advanced Booking Calendar WordPress Plugin Unauthenticated Reflected Cross-Site Scripting Vulnerability in Cooked Pro WordPress Plugin Reflected Cross-Site Scripting Vulnerability in Ivory Search WordPress Plugin (<= 4.6.1) Unauthenticated Reflected Cross-Site Scripting in Goto WordPress Theme Arbitrary File Upload and Remote Code Execution (RCE) in Imagements WordPress Plugin Unauthenticated Reflected Cross-Site Scripting in Realteo WordPress Plugin Arbitrary Property Deletion Vulnerability in Realteo WordPress Plugin Reflected Cross-Site Scripting in Pie Register WordPress Plugin MySQL Server Stored Procedure Denial of Service Vulnerability Arbitrary File Upload and Remote Code Execution in Business Hours Pro WordPress Plugin Reflected Cross-Site Scripting in Advanced Custom Fields Pro WordPress Plugin Local File Inclusion Vulnerability in Tutor LMS WordPress Plugin (<=1.8.8) Unsanitized AJAX Action in WPBakery Page Builder Clipboard Plugin Allows XSS Attacks Unauthenticated Privilege Escalation in WPBakery Page Builder (Visual Composer) Clipboard WordPress Plugin Reflected Cross-Site Scripting in Stop Spammers WordPress Plugin Stored Cross-Site Scripting and Cross-Frame Scripting Vulnerability in Workscout Core WordPress Plugin Privilege Escalation via XSS in Contact Form Check Tester WordPress Plugin Remote Code Execution (RCE) Vulnerability in Business Directory Plugin for WordPress Cross-Site Request Forgery Vulnerability in Business Directory Plugin for WordPress MySQL Server Denial of Service Vulnerability Authenticated Stored Cross-Site Scripting Vulnerability in Business Directory Plugin for WordPress Cross-Site Request Forgery Vulnerability in Business Directory Plugin for WordPress Arbitrary File Upload and Remote Code Execution Vulnerability in Event Banner WordPress Plugin Arbitrary PHP File Upload Vulnerability in Classyfrieds WordPress Plugin Arbitrary File Upload and Remote Code Execution Vulnerability in College Publisher Import WordPress Plugin Stored Cross-Site Scripting (XSS) Vulnerability in Essential Addons for Elementor Lite WordPress Plugin Stored Cross-Site Scripting (XSS) Vulnerability in Elementor – Header, Footer & Blocks Template WordPress Plugin Stored Cross-Site Scripting (XSS) Vulnerability in Premium Addons for Elementor WordPress Plugin Stored Cross-Site Scripting (XSS) Vulnerability in Elements Kit Lite and Elements Kit Pro WordPress Plugins Stored Cross-Site Scripting (XSS) Vulnerability in Elementor Addon Elements WordPress Plugin MySQL Server Denial of Service Vulnerability Stored Cross-Site Scripting (XSS) Vulnerability in Livemesh Addons for Elementor WordPress Plugin Stored Cross-Site Scripting (XSS) Vulnerability in HT Mega WordPress Plugin Stored Cross-Site Scripting (XSS) Vulnerability in WooLentor – WooCommerce Elementor Addons + Builder WordPress Plugin Stored Cross-Site Scripting (XSS) Vulnerability in Elementor Addons – PowerPack Addons for Elementor WordPress Plugin Stored Cross-Site Scripting (XSS) Vulnerability in Image Hover Effects – Elementor Addon WordPress Plugin Stored Cross-Site Scripting (XSS) Vulnerability in Rife Elementor Extensions & Templates WordPress Plugin Stored Cross-Site Scripting (XSS) Vulnerability in The Plus Addons for Elementor Page Builder Lite WordPress Plugin Stored Cross-Site Scripting (XSS) Vulnerability in All-in-One Addons for Elementor – WidgetKit WordPress Plugin Stored Cross-Site Scripting (XSS) Vulnerability in JetWidgets For Elementor WordPress Plugin Stored Cross-Site Scripting (XSS) Vulnerability in Sina Extension for Elementor WordPress Plugin MySQL Server Denial of Service Vulnerability Stored Cross-Site Scripting (XSS) Vulnerability in DeTheme Kit for Elementor WordPress Plugin Stored Cross-Site Scripting (XSS) Vulnerability in Ultimate Addons for Elementor WordPress Plugin CSRF and Stored XSS Vulnerability in Fitness Calculators WordPress Plugin Stored Cross-Site Scripting (XSS) Vulnerability in Clever Addons for Elementor WordPress Plugin Reflected Cross-Site Scripting in Ultimate Maps by Supsystic WordPress Plugin Reflected Cross-Site Scripting in Popup by Supsystic WordPress Plugin Reflected Cross-Site Scripting in Contact Form by Supsystic WordPress Plugin Authenticated Stored Cross-Site Scripting Vulnerability in Yandex Turbo WordPress Plugin Unauthenticated Access to Valid Nonces in Contact Form 7 WordPress Plugin Arbitrary Plugin Installation Vulnerability in Redirection for Contact Form 7 WordPress Plugin Oracle Coherence Unauthenticated Network Access Vulnerability Arbitrary PHP Object Injection in Redirection for Contact Form 7 WordPress Plugin Arbitrary Post Deletion Vulnerability in Contact Form 7 WordPress Plugin Vulnerability: Privilege Escalation in Redirection for Contact Form 7 WordPress Plugin Reflected XSS Vulnerability in Settings Page's tab GET Parameter Unauthenticated Arbitrary File Upload Vulnerability in Kaswara Modern VC Addons WordPress Plugin SQL Injection in Car Seller - Auto Classifieds Script WordPress Plugin Reflected Cross-Site Scripting in Redirect 404 to Parent WordPress Plugin Reflected Cross-Site Scripting in Select All Categories and Taxonomies WordPress Plugin (<=1.3.2) Unsanitized 'Redirect' Parameter in AcyMailing Subscription Vulnerability Privilege Escalation Vulnerability in Store Locator Plus for WordPress Plugin Unauthenticated Remote Denial of Service Vulnerability in Oracle MySQL Server Unauthenticated JavaScript Injection Vulnerability in Store Locator Plus for WordPress Plugin Reflected Cross-Site Scripting (XSS) Vulnerability in Photo Gallery by 10Web WordPress Plugin Stored Cross-Site Scripting (XSS) Vulnerability in Happy Addons for Elementor WordPress Plugin Cross-Site Scripting (XSS) Vulnerability in NextGEN Gallery Pro WordPress Plugin Unsanitized POST Parameters in DSGVO All in one for WP Plugin Allows XSS Attack and Unauthorized Account Creation Unauthenticated Time-Based Blind SQL Injection in CleanTalk WordPress Plugin XSS Vulnerability in WP Customer Reviews WordPress Plugin Unauthenticated Reflected XSS Vulnerability in Goto WordPress Theme Reflected XSS Vulnerability in Giveaway Page GET Parameters Unauthenticated XSS Vulnerability in ReDi Restaurant Reservation WordPress Plugin Vulnerability in Oracle Outside In Technology: Denial of Service (DoS) Exploit Reflected Cross-Site Scripting in PickPlugins Product Slider for WooCommerce WordPress Plugin Stored Cross-Site Scripting (XSS) Vulnerability in Hotjar Connecticator WordPress Plugin Authenticated Stored Cross-Site Scripting (XSS) Vulnerability in Hana Flv Player WordPress Plugin SQL Injection Vulnerability in JiangQie Official Website Mini Program WordPress Plugin Unauthenticated Reflected Cross-site Scripting (XSS) vulnerability in Newsmag WordPress theme before 5.0 Critical Unauthenticated Stored XSS Vulnerability in Target First WordPress Plugin v2.0 Authenticated Reflected Cross-Site Scripting in The Ultimate Member WordPress Plugin Arbitrary Code Execution via Unserialized .ini File in All in One SEO Plugin Stored Cross-Site Scripting Vulnerability in LifterLMS Plugin Stored XSS Vulnerability in Weekly Schedule WordPress Plugin Vulnerability in Oracle Outside In Technology: Denial of Service (DoS) Exploit Cross-Site Scripting (XSS) Vulnerability in Photo Gallery by 10Web Plugin Arbitrary File Upload Vulnerability in External Media WordPress Plugin RCE Vulnerability in WP Super Cache WordPress Plugin (CVE-2021-24209) Cross-Site Scripting (XSS) Vulnerability in WP Prayer WordPress Plugin Unauthenticated SQL Injection Vulnerability in Goto WordPress Theme Stored XSS Vulnerability in GiveWP WordPress Plugin Cross-Site Scripting Vulnerability in Mediumish WordPress Theme (1.0.47) Search Feature Cross-Site Scripting Vulnerabilities in Listeo WordPress Theme Arbitrary Deletion of Pages, Posts, and Bookings in Listeo WordPress Theme Cross-Site Scripting Vulnerability in Bello - Directory & Listing WordPress Theme Java SE JNDI Vulnerability Allows Unauthorized Partial Denial of Service Reflected Cross-Site Scripting Vulnerability in Bello - Directory & Listing WordPress Theme SQL Injection Vulnerability in Bello - Directory & Listing WordPress Theme before 1.6.0 Stored Cross-Site Scripting Vulnerability in Database Backup for WordPress Plugin XSS Vulnerability in 'Additional Tax Classes' Field Allows Admin-Level Privilege Users to Bypass Unfiltered_HTML Restrictions CSRF and XSS Vulnerabilities in 404 SEO Redirection WordPress Plugin Reflected XSS Vulnerability in 404 SEO Redirection WordPress Plugin Authenticated Reflected XSS Vulnerability in All 404 Redirect to Homepage WordPress Plugin Unsanitized Input in SEO Redirection Plugin Allows XSS Payload Injection Vulnerability: WP Login Security and History WordPress Plugin CSRF and XSS Exploit Stored Cross-Site Scripting Vulnerability in WP Super Cache WordPress Plugin Essbase Analytic Provider Services Denial of Service Vulnerability Cross-Site Scripting (XSS) Vulnerability in Funnel Builder by CartFlows WordPress Plugin Unsanitized Settings in Smooth Scroll Page Up/Down Buttons WordPress Plugin Allows XSS Payload Injection Stored Cross-Site Scripting Vulnerability in Autoptimize WordPress Plugin (Versions before 2.8.4) CSRF and XSS Vulnerability in Content Copy Protection & Prevent Image Save WordPress Plugin Stored Cross-Site Scripting Vulnerability in Instant Images WordPress Plugin Reflected Cross-Site Scripting Vulnerability in Car Repair Services & Auto Mechanic WordPress Theme SQL Injection Vulnerability in FlightLog WordPress Plugin SQL Injection Vulnerability in Video Embed WordPress Plugin 1.0 Authenticated Stored Cross-Site Scripting (XSS) Vulnerability in Pods WordPress Plugin Authenticated Stored Cross-Site Scripting (XSS) Vulnerability in Pods WordPress Plugin Vulnerability in Oracle Web Applications Desktop Integrator: Unauthorized Data Access and Modification Unauthenticated Access and SQL Injection Vulnerability in WP Statistics WordPress Plugin SQL Injection Vulnerability in Xllentech English Islamic Calendar WordPress Plugin Reflected Cross-Site Scripting (XSS) in JNews WordPress Theme before 8.0.6 Authenticated Stored Cross-Site Scripting in iFlyChat WordPress Plugin Stored Cross-Site Scripting Vulnerability in Easy Preloader WordPress Plugin Blind SQL Injection Vulnerability in Sendit WP Newsletter WordPress Plugin Reflected XSS Vulnerability in Stock in & out WordPress Plugin Case Insensitive File Extension Check Vulnerability SQL Injection Vulnerability in Side Menu – add fixed side buttons WordPress Plugin Reflected Cross-Site Scripting Vulnerability in Gallery from files WordPress Plugin Vulnerability in Oracle Essbase: Unauthorized Access and Data Manipulation Unauthenticated Stored XSS Vulnerability in Visitors WordPress Plugin Reflected Cross-Site Scripting Vulnerability in The Plus Addons for Elementor Page Builder WordPress Plugin Unauthenticated Export Vulnerability in Simple 301 Redirects by BetterLinks WordPress Plugin Unauthenticated Users Can Exploit Import Vulnerability in Simple 301 Redirects Plugin Arbitrary Plugin Installation Vulnerability in Simple 301 Redirects by BetterLinks WordPress Plugin Vulnerability: Unauthenticated Access to Wildcard Redirects in Simple 301 Redirects Plugin Arbitrary Plugin Activation Vulnerability in Simple 301 Redirects by BetterLinks WordPress Plugin Stored Cross-Site Scripting in FooGallery WordPress Plugin (<=2.0.35) Open Redirect Vulnerability in Plus Addons for Elementor Page Builder WordPress Plugin Arbitrary Password Reset and Account Takeover Vulnerability in Plus Addons for Elementor Page Builder WordPress Plugin Oracle Common Applications Vulnerability: Unauthorized Access and Data Compromise Blind SQL Injection Vulnerability in Yes/No Chart WordPress Plugin Unauthenticated SQL Injection in Location Manager WordPress Plugin Cross-Site Scripting (XSS) Vulnerability in Photo Gallery by 10Web Plugin Path Traversal Vulnerability in Photo Gallery by 10Web WordPress Plugin Reflected Cross-Site Scripting (XSS) vulnerability in Jannah WordPress theme before 5.4.4 Unescaped Content Vulnerability in Admin Columns WordPress Plugin Stored Cross-Site Scripting Vulnerability in Admin Columns WordPress Plugin Authenticated Stored Cross-Site Scripting (XSS) Vulnerability in WP Config File Editor WordPress Plugin Reflected Cross-Site Scripting Vulnerability in Quiz And Survey Master WordPress Plugin Stored Cross-Site Scripting Vulnerability in GetPaid WordPress Plugin MySQL Server Denial of Service Vulnerability Arbitrary File Upload Vulnerability in Fancy Product Designer WordPress Plugin (CVE-2021-12345) Unvalidated URL Input in RSVPMaker WordPress Plugin Allows SSRF Attack Reflected Cross-Site Scripting Vulnerability in WP Hardening WordPress Plugin Reflected Cross-Site Scripting in WP Hardening WordPress Plugin (before 1.2.2) Jetpack Carousel Module in WordPress Plugin Allows Leakage of Non-Published Page/Post Comments Arbitrary File Access and Remote Code Execution in Motor WordPress Theme Remote Code Execution Vulnerability in Autoptimize WordPress Plugin Race Condition Vulnerability in Autoptimize WordPress Plugin (CVE-2020-24948 Bypass) Unrestricted File Upload Vulnerability in Autoptimize WordPress Plugin Unrestricted Like/Dislike Exploit in Comments Like Dislike WordPress Plugin Java VM Denial of Service Vulnerability in Oracle Database Server CSRF Vulnerability in Shantz WordPress QOTD Plugin Cross-Site Scripting (XSS) Vulnerability in Ninja Forms Contact Form WordPress Plugin Stored Cross-Site Scripting Vulnerability in Smart Slider 3 WordPress Plugin Authenticated Stored Cross-Site Scripting in WP Google Maps WordPress Plugin JoomSport WordPress Plugin Unauthenticated PHP Object Injection Vulnerability SQL Injection Vulnerability in Filebird Plugin 4.7.3 Unsanitized SVG File Upload Vulnerability in WP SVG Images WordPress Plugin Reflected Cross-Site Scripting Vulnerability in WP Pro Real Estate 7 WordPress Theme Stored Cross-Site Scripting Vulnerability in VikRentCar Car Rental Management System WordPress Plugin Unauthenticated Reflected XSS Vulnerability in WP Foodbakery WordPress Plugin Oracle Hyperion BI+ Unauthenticated Read Access Vulnerability SQL Injection Vulnerability in WordPress支付宝Alipay|财付通Tenpay|贝宝PayPal集成插件 Plugin SQL Injection Vulnerability in Cashtomer WordPress Plugin (Version 1.0.0) SQL Injection Vulnerability in WordPress Membership SwiftCloud.io Plugin SQL Injection Vulnerability in Comment Highlighter WordPress Plugin SQL Injection Vulnerability in Easy Testimonial Manager WordPress Plugin SQL Injection Vulnerability in Embed Youtube Video WordPress Plugin SQL Injection Vulnerability in GSEOR – WordPress SEO Plugin WordPress Plugin SQL Injection Vulnerability in MicroCopy WordPress Plugin Time-based SQL Injection in Responsive 3D Slider WordPress Plugin SQL Injection Vulnerability in The Sorter WordPress Plugin MySQL Server Denial of Service Vulnerability SQL Injection Vulnerability in Display Users WordPress Plugin SQL Injection Vulnerability in WP Domain Redirect WordPress Plugin SQL Injection Vulnerability in WP iCommerce Plugin Allows Low Privilege Users to Manipulate Orders SQL Injection Vulnerability in WordPress Page Contact Plugin Time-Based SQL Injection Vulnerability in WP-Board WordPress Plugin Vulnerability: Easy Cookies Policy WordPress Plugin CSRF and Stored XSS Open Redirect Vulnerability in wpForo Forum WordPress Plugin Reflected Cross-site Scripting (XSS) vulnerability in Jannah WordPress theme before 5.4.5 Unsanitized Shortcode Parameters in Prismatic WordPress Plugin Allow Cross-Site Scripting (XSS) Attacks Reflected Cross-Site Scripting in Prismatic WordPress Plugin MySQL Server Denial of Service Vulnerability Stored Cross-Site Scripting (XSS) Vulnerability in తెలుగు బైబిల్ వచనములు WordPress Plugin Stored Cross-Site Scripting Vulnerability in Social Tape WordPress Plugin Cross-Site Scripting (XSS) Vulnerability in Html5 Audio Player Plugin for WordPress Cross-Site Scripting (XSS) Vulnerability in Easy Twitter Feed WordPress Plugin Cross-Site Scripting (XSS) Vulnerability in Video Player for YouTube WordPress Plugin Cross-Site Scripting Vulnerability in Polo Video Gallery WordPress Plugin Cross-Site Scripting (XSS) Vulnerability in StreamCast – Radio Player for WordPress Plugin Cross-Site Scripting (XSS) Vulnerability in Smooth Scroll Page Up/Down Buttons WordPress Plugin Stored Cross-Site Scripting Vulnerability in WP YouTube Lyte WordPress Plugin Oracle VM VirtualBox Prior to 6.1.24 Denial of Service Vulnerability Stored Cross-Site Scripting Vulnerability in Request a Quote WordPress Plugin Stored Cross-Site Scripting Vulnerability in WP JobSearch WordPress Plugin Stored Cross-Site Scripting Vulnerability in UpdraftPlus WordPress Backup Plugin Authenticated Stored Cross-Site Scripting in WP Reset Plugin Stored Cross-Site Scripting Vulnerability in myStickymenu WordPress Plugin Reflected Cross-Site Scripting Vulnerability in Backup by 10Web Plugin Authenticated Stored Cross-Site Scripting in W3 Total Cache WordPress Plugin Authenticated Stored Cross-Site Scripting Vulnerability in Yandex Turbo WordPress Plugin Stored Cross-Site Scripting (XSS) Vulnerability in Salon Booking System WordPress Plugin Oracle VM VirtualBox Prior to 6.1.24 Multiple Vulnerabilities Unvalidated Input in Speed Booster Pack Plugin Leads to Remote Code Execution (RCE) Vulnerability Cross-Site Scripting Vulnerability in Language Bar Flags WordPress Plugin Reflected Cross-Site Scripting in Advanced AJAX Product Filters WordPress Plugin Stored Cross-Site Scripting Vulnerability in Simple Sort&Search WordPress Plugin Stored Cross-Site Scripting and CSRF Vulnerability in Glass WordPress Plugin Reflected Cross-Site Scripting in titan-framework's iframe-font-preview.php file Reflected Cross-Site Scripting (XSS) Vulnerability in W3 Total Cache WordPress Plugin Reflected Cross-Site Scripting (XSS) Vulnerability in RealFaviconGenerator WordPress Plugin Reflected Cross-Site Scripting in ShareThis Dashboard for Google Analytics WordPress Plugin Stored Cross-Site Scripting Vulnerability in Browser Screenshots WordPress Plugin MySQL Server Denial of Service Vulnerability Stored Cross-Site Scripting Vulnerability in Sign-up Sheets WordPress Plugin CSV Injection Vulnerability in Sign-up Sheets WordPress Plugin SQL Injection Vulnerability in Poll, Survey, Questionnaire and Voting System WordPress Plugin (<=1.5.3) Cross-Site Scripting (XSS) Vulnerability in Youzify – BuddyPress Community Plugin Authenticated Stored Cross-Site Scripting in TaxoPress WordPress Plugin Authenticated Stored Cross-Site Scripting in My Site Audit WordPress Plugin Vulnerability: Cross-Site Request Forgery (CSRF) and Stored XSS in Remove Footer Credit WordPress Plugin Local File Inclusion Vulnerability in WP Image Zoom WordPress Plugin Authenticated Stored Cross-Site Scripting in Profile Builder WordPress Plugin Vulnerability in Oracle Hyperion Infrastructure Technology: Unauthorized Data Access and Modification Authenticated Stored Cross-Site Scripting in ProfilePress WordPress Plugin Authenticated SQL Injection in Export Users With Meta WordPress Plugin Reflected Cross-Site Scripting (XSS) Vulnerability in W3 Total Cache WordPress Plugin Path Traversal and Local File Inclusion Vulnerability in Include Me WordPress Plugin: Risk of Remote Code Execution and System Compromise Stored Cross-Site Scripting Vulnerability in YOP Poll WordPress Plugin Stored Cross-Site Scripting Vulnerability in Tutor LMS WordPress Plugin (<=1.9.2) SQL Injection Vulnerability in Quiz Maker WordPress Plugin SQL Injection Vulnerability in Portfolio Responsive Gallery WordPress Plugin SQL Injection Vulnerability in Popup Box WordPress Plugin SQL Injection Vulnerability in Survey Maker WordPress Plugin Oracle Secure Global Desktop Vulnerability: Unauthorized Takeover of System SQL Injection Vulnerability in Popup Like box – Page Plugin WordPress Plugin SQL Injection Vulnerability in FAQ Builder AYS WordPress Plugin SQL Injection Vulnerability in Photo Gallery by Ays WordPress Plugin (<= 4.4.4) SQL Injection Vulnerability in Image Slider by Ays- Responsive Slider and Carousel WordPress Plugin Authenticated Stored Cross-Site Scripting in YouTube Embed, Playlist and Popup WordPress Plugin Authenticated SQL Injection and Object Deserialization Vulnerability in Meow Gallery WordPress Plugin CSRF and Stored XSS Vulnerabilities in Verse-O-Matic WordPress Plugin CSRF Vulnerability in Leaflet Map WordPress Plugin Allows for Cross-Site Scripting Attacks Stored XSS Vulnerability in Leaflet Map WordPress Plugin Oracle Secure Global Desktop Vulnerability: Unauthorized Takeover of System Stored Cross-Site Scripting in Yada Wiki WordPress Plugin (before 3.4.1) Unvalidated Shortcode Attributes in YouTube Embed WordPress Plugin Leading to Stored XSS Vulnerabilities Proxy Functionality Exposes SSRF and RFI Vulnerabilities in OnAir2 WordPress Theme and QT KenthaRadio WordPress Plugin IDOR Vulnerability in User Profile Picture WordPress Plugin Unauthenticated Reflected XSS Vulnerability in Awesome Weather Widget WordPress Plugin Authenticated Stored Cross-Site Scripting in Steam Group Viewer WordPress Plugin Stored Cross-Site Scripting and CSRF Vulnerabilities in Migrate Users WordPress Plugin Authenticated Stored Cross-Site Scripting in Bookshelf WordPress Plugin Authenticated Stored Cross-Site Scripting in DrawBlog WordPress Plugin Oracle Financial Services Crime and Compliance Investigation Hub Reports Unauthorized Data Access Vulnerability Stored Cross-Site Scripting in Event Geek WordPress Plugin Authenticated Stored XSS Vulnerability in Any Hostname WordPress Plugin Stored Cross-Site Scripting Vulnerability in Related Posts for WordPress Plugin SQL Injection Vulnerability in Poll Maker WordPress Plugin SQL Injection Vulnerability in Secure Copy Content Protection and Content Locking WordPress Plugin Cross-Site Scripting Vulnerability in Special Text Boxes WordPress Plugin Stored Cross-Site Scripting Vulnerability in Simple Social Media Share Buttons WordPress Plugin Stored Cross-Site Scripting in St-Daily-Tip WordPress Plugin Reflected Cross-Site Scripting Vulnerability in Post Grid WordPress Plugin Authenticated Stored Cross-Site Scripting Vulnerability in Request a Quote WordPress Plugin Vulnerability in Oracle Outside In Technology: Denial of Service (DoS) Exploit Arbitrary File Upload and CSRF Vulnerability in Email Artillery WordPress Plugin CSRF Vulnerability in Fileviewer WordPress Plugin Allows Arbitrary File Upload and Deletion SQL Injection Vulnerability in Handsome Testimonials & Reviews WordPress Plugin Unauthenticated File Upload Vulnerability in Shopp WordPress Plugin Allows Remote Code Execution Stored Cross-Site Scripting Vulnerability in WP Offload SES Lite WordPress Plugin Reflected Cross-Site Scripting in Marmoset Viewer WordPress Plugin Reflected Cross-Site Scripting in Community Events WordPress Plugin SQL Injection Vulnerability in Giveaway WordPress Plugin Reflected Cross-Site Scripting in Calendar Event Multi View WordPress Plugin Arbitrary File Upload Vulnerability in Workreap WordPress Theme Vulnerability in Oracle Outside In Technology: Denial of Service (DoS) Exploit CSRF and Insecure Direct Object Reference Vulnerabilities in Workreap WordPress Theme Unauthenticated User Object Modification and Deletion Vulnerability in Workreap WordPress Theme Stored Cross-Site Scripting Vulnerability in WP Google Map WordPress Plugin Unsanitized Shortcode Parameters in Simple Icons WordPress Plugin Allow for Cross-Site Scripting (XSS) Vulnerability Cross-Site Scripting (XSS) Vulnerability in WP LMS – Best WordPress LMS Plugin Authenticated Stored Cross-Site Scripting (XSS) Vulnerability in Forms WordPress Plugin SQL Injection Vulnerability in Slider Hero WordPress Plugin SQL Injection Vulnerability in Astra Pro Addon WordPress Plugin (<= 3.5.2) Unauthenticated Stored Cross-Site Scripting in Smash Balloon Social Post Feed WordPress Plugin Stored XSS Vulnerability in Page View Count WordPress Plugin Vulnerability in Oracle Outside In Technology: Denial of Service (DoS) Exploit Reflected Cross-Site Scripting in MF Gig Calendar WordPress Plugin SQL Injection in WooCommerce WordPress Plugin's fetch_product_ajax Functionality Authenticated Reflected XSS Vulnerability in Video Posts Webcam Recorder WordPress Plugin Cross-Site Scripting (XSS) Vulnerability in The Form Builder WordPress Plugin Cross-Site Scripting (XSS) Vulnerability in Visual Form Builder WordPress Plugin Stored Cross-Site Scripting in Video Gallery WordPress Plugin (<=1.1.5) Authenticated Stored Cross-Site Scripting in PlanSo Forms WordPress Plugin Unfiltered HTML Capability Bypass in Stop Spammers Security Plugin Authenticated Stored Cross-Site Scripting in WPFront Notification Bar WordPress Plugin Authenticated Stored Cross-Site Scripting in VikRentCar Car Rental Management System WordPress Plugin Vulnerability in Oracle Outside In Technology: Denial of Service (DoS) Exploit SQL Injection Vulnerability in Stock in & out WordPress Plugin SQL Injection Vulnerability in Side Menu Lite WordPress Plugin XSS Vulnerability in ProfilePress WordPress Plugin (Formerly WP User Avatar) Allows for wp-admin Access Authenticated Stored Cross-Site Scripting Vulnerability in Daily Prayer Time WordPress Plugin Cross-Site Scripting Vulnerability in GiveWP Donation Plugin Stored XSS Vulnerability in Shortcodes Ultimate WordPress Plugin Authenticated Stored Cross-Site Scripting in Form Maker WordPress Plugin Vulnerability: User Registration & User Profile Plugin Allows Unauthorized Password Reset for Admin Stored Cross-Site Scripting (XSS) Vulnerability in FluentSMTP WordPress Plugin Authenticated Stored Cross-Site Scripting in The Grid Gallery WordPress Plugin Vulnerability in Oracle Outside In Technology: Denial of Service (DoS) Exploit Cross-Site Scripting Vulnerability in Alojapro Widget WordPress Plugin Authenticated Stored Cross-Site Scripting Vulnerability in The Charitable – Donation Plugin WordPress Plugin Cross-Site Scripting Vulnerability in Maintenance WordPress Plugin 4.03 Stored Cross-Site Scripting in PhoneTrack Meu Site Manager WordPress Plugin Cross-Site Scripting (XSS) Vulnerability in Light Messages WordPress Plugin Stored Cross-Site Scripting Vulnerability in Custom Login Redirect WordPress Plugin Arbitrary PHP Code Execution Vulnerability in Similar Posts WordPress Plugin Authenticated Stored XSS Vulnerability in Current Book WordPress Plugin Authenticated Stored Cross-Site Scripting in Coming Soon Plugin Oracle VM VirtualBox Prior to 6.1.24 Vulnerability: Takeover of Oracle VM VirtualBox Stored XSS Vulnerability in Wonder Video Embed WordPress Plugin Stored XSS Vulnerability in Wonder PDF Embed WordPress Plugin Stored Cross-Site Scripting in jQuery Reply to Comment WordPress Plugin Unsanitized Slider Options in Responsive WordPress Slider Plugin Allow Cross-Site Scripting and Privilege Escalation Cross-Site Scripting (XSS) Vulnerability in WP HTML Author Bio WordPress Plugin Arbitrary PHP Code Execution in Gutenberg Block Editor Toolkit – EditorsKit WordPress Plugin (CVE-2021-12345) Authenticated Stored XSS Vulnerability in KN Fix Your Title WordPress Plugin Authenticated Stored Cross-Site Scripting (XSS) in Mimetic Books WordPress Plugin Path Traversal Vulnerability in AceIDE WordPress Plugin Critical Vulnerability in Oracle PeopleSoft Enterprise HCM Shared Components (Person Search) Authenticated SQL Injection in Broken Link Manager WordPress Plugin SQL Injection Vulnerability in Edit Comments WordPress Plugin Authenticated SQL Injection in Simple Events Calendar WordPress Plugin Authenticated SQL Injection Vulnerability in Timeline Calendar WordPress Plugin Authenticated SQL Injection in Paytm – Donation Plugin WordPress Plugin SQL Injection and Lack of CSRF Protection in daac_delete_booking_callback Function Stored XSS Vulnerability in Email Subscriber WordPress Plugin SQL Injection Vulnerability in rslider_page's Update Functionality Reflected XSS Vulnerability in Project Status WordPress Plugin Stored Cross-Site Scripting in Qyrr WordPress Plugin Oracle Business Intelligence Enterprise Edition Remote Code Execution Vulnerability Reflected Cross-Site Scripting in Software License Manager WordPress Plugin Authenticated Stored Cross-Site Scripting in WP SMS WordPress Plugin LMS by LifterLMS Plugin: IDOR Vulnerability Exposes Student Answers and Grades Unauthenticated File Upload Vulnerability in Frontend Uploader WordPress Plugin Authenticated Stored Cross-Site Scripting in WPFront Scroll Top WordPress Plugin CSRF and Stored XSS Vulnerabilities in Contact Form 7 Captcha WordPress Plugin LFI Vulnerability in WooCommerce Currency Switcher FOX WordPress Plugin Authenticated Stored XSS Vulnerability in Simple Post WordPress Plugin Cross-Site Scripting (XSS) Vulnerability in AddToAny Share Buttons WordPress Plugin Cross-Site Scripting (XSS) Vulnerability in Cookie Notice & Compliance Plugin Unauthenticated Remote Access Vulnerability in Oracle Fusion Middleware Identity Manager (CVE-2021-XXXX) CSRF and Stored XSS Vulnerabilities in Accept Donations with PayPal WordPress Plugin Stored Cross-Site Scripting Vulnerability in HD Quiz WordPress Plugin Arbitrary Post Deletion Vulnerability in Accept Donations with PayPal WordPress Plugin Cross-Site Scripting (XSS) Vulnerability in Simple Banner WordPress Plugin SQL Injection Vulnerability in WPSchoolPress WordPress Plugin Improper Input Sanitization in Easy Accordion WordPress Plugin Stored XSS Vulnerability in Coming Soon and Maintenance Mode WordPress Plugin Reflected Cross-Site Scripting in SportsPress WordPress Plugin (<=2.7.9) PHP Object Injection Vulnerability in Bold Page Builder WordPress Plugin Vulnerability in Oracle Fusion Middleware Identity Manager: Unauthorized Access and Data Compromise SQL Injection Vulnerability in Side Menu Lite WordPress Plugin Stored Cross-Site Scripting and CSRF Vulnerabilities in Blue Admin WordPress Plugin Stored Cross-Site Scripting in ThinkTwit WordPress Plugin (<=1.7.1) Arbitrary Timeslot Deletion and CSRF Vulnerability in Timetable and Event Schedule WordPress Plugin Arbitrary Timeslot Update and Stored XSS Vulnerability in Timetable and Event Schedule WordPress Plugin Sensitive User Data Leakage in Timetable and Event Schedule WordPress Plugin CSRF and Stored XSS Vulnerabilities in Per Page Add to Head WordPress Plugin Authenticated Stored Cross-Site Scripting in Splash Header WordPress Plugin Cross-Site Scripting (XSS) Vulnerability in SMS Alert Order Notifications WordPress Plugin Arbitrary HTML Injection in Cookie Notice & Consent Banner Plugin Unsanitized CustomCSS Setting in Highlight WordPress Plugin Allows Cross-Site Scripting Attacks Cross-Site Scripting Vulnerability in Sitewide Notice WP WordPress Plugin Authenticated Stored Cross-Site Scripting in Business Hours Indicator WordPress Plugin Cross-Site Scripting Vulnerability in Translate WordPress – Google Language Translator WordPress Plugin CSRF Vulnerability in Wp Cookie Choice WordPress Plugin Cross-Site Scripting Vulnerability in youForms for WordPress Plugin Stored Cross-Site Scripting Vulnerability in You Shang WordPress Plugin Unescaped Testimonial Fields in Testimonial WordPress Plugin 1.6.0 and Earlier Allow for Cross Site Scripting Attacks Unauthenticated Endpoint in Email Encoder WordPress Plugin Allows HTML Injection Vulnerability in Oracle Application Express Data Reporter component of Oracle Database Server (CVE-2021-2345) Cross-Site Scripting (XSS) Vulnerability in WP Dialog WordPress Plugin Cross-Site Scripting (XSS) Vulnerability in WPFront Notification Bar WordPress Plugin Unrestricted Privilege Escalation in HM Multiple Roles WordPress Plugin Cross-Site Scripting Vulnerability in Site Reviews WordPress Plugin (Versions before 5.13.1) Cross-Site Scripting (XSS) Vulnerability in Availability Calendar WordPress Plugin Reflected Cross-Site Scripting Vulnerability in Custom Post View Generator WordPress Plugin SQL Injection Vulnerability in Availability Calendar WordPress Plugin Unsanitized Input in Storefront Footer Text WordPress Plugin Allows Cross-Site Scripting Attacks Cross-Site Scripting Vulnerability in Formidable Form Builder Plugin for WordPress Cross-Site Scripting Vulnerability in WP Mapa Politico Espana WordPress Plugin Vulnerability in Oracle Communications Interactive Session Recorder: Unauthorized Access and Partial Denial of Service Authenticated Stored Cross-Site Scripting Vulnerability in TranslatePress WordPress Plugin Cross-Site Scripting and CSRF Vulnerabilities in Keyword Meta WordPress Plugin Cross-Site Scripting (XSS) Vulnerability in Sociable WordPress Plugin Cross-Site Scripting Vulnerability in Post Views Counter WordPress Plugin Cross-Site Scripting Vulnerability in Book Appointment Online WordPress Plugin Wechat Reward WordPress Plugin Cross-Site Scripting Vulnerability Cross-Site Scripting Vulnerability in AddToAny Share Buttons WordPress Plugin Reflected Cross-Site Scripting in GamePress WordPress Plugin Stored Cross-Site Scripting (XSS) vulnerability in Donate With QRCode WordPress plugin before 1.4.5 Cross-Site Scripting Vulnerability in Per Page Add to Head WordPress Plugin Vulnerability in Oracle Commerce Service Center: Unauthorized Data Access and Manipulation Unrestricted File Upload and Remote Code Execution in WordPress Simple Ecommerce Shopping Cart Plugin Stored Cross-Site Scripting Vulnerability in WP Courses LMS WordPress Plugin Cross-Site Scripting Vulnerability in Customer Service Software & Support Ticket System WordPress Plugin Cross-Site Scripting (XSS) Vulnerability in WordPress Advanced Ticket System Plugin Cross-Site Scripting Vulnerability in MP3 Audio Player for Music, Radio & Podcast Plugin SQL Injection Vulnerability in SpiderCatalog WordPress Plugin Unauthenticated User Privilege Escalation and SQL Injection in Chameleon CSS WordPress Plugin Authenticated SQL Injection in G Auto-Hyperlink WordPress Plugin Authenticated SQL Injection in Wow Forms WordPress Plugin Authenticated SQL Injection in Post Content XMLRPC WordPress Plugin Oracle Commerce Platform Unauthenticated Takeover Vulnerability Authenticated SQL Injection in Schreikasten WordPress Plugin Unlimited PopUps WordPress Plugin Authenticated SQL Injection Vulnerability Reflected Cross-Site Scripting in Recipe Card Blocks WordPress Plugin (<=2.8.1) Unauthenticated User Modification of Post Contents in Countdown Block WordPress Plugin Stored Cross-Site Scripting Vulnerability in Recipe Card Blocks by WPZOOM WordPress Plugin Unrestricted AJAX Actions and CSRF Vulnerability in Visual Link Preview WordPress Plugin CSRF Vulnerability in Print My Blog WordPress Plugin Allows Deactivation and Data Deletion Stored Cross-Site Scripting Vulnerability in Google Fonts Typography WordPress Plugin Unauthenticated Path Traversal and Arbitrary CSS File Overwrite in OMGF WordPress Plugin Arbitrary File and Folder Deletion Vulnerability in OMGF WordPress Plugin Oracle Linux OSwatcher Vulnerability: Unauthorized Takeover of Infrastructure Cross-Site Scripting Vulnerability in WordPress Slider Block Gutenslider Plugin CSRF Vulnerability in Images to WebP WordPress Plugin Vulnerability: CSRF, RCE, and XSS in Scroll Baner WordPress Plugin Stored Cross-Site Scripting Vulnerability in WP Map Block WordPress Plugin Local File Inclusion Vulnerability in Images to WebP WordPress Plugin Cross-Site Scripting Vulnerability in Booking.com Product Helper WordPress Plugin Cross-Site Scripting Vulnerability in Booking.com Banner Creator WordPress Plugin WordPress Plugin Registration Forms Vulnerability: Unauthenticated User Login via Social Login Implementation Reflected Cross-Site Scripting in RegistrationMagic WordPress Plugin Arbitrary Role Assignment Vulnerability in WP User Frontend WordPress Plugin Unauthenticated SQL Injection Vulnerability in Poll Maker WordPress Plugin Arbitrary Modification of ultp_options Values in PostX – Gutenberg Blocks for Post Grid WordPress Plugin Cross-Site Scripting Vulnerability in Cookie Bar WordPress Plugin Stored Cross-Site Scripting Vulnerability in User Registration WordPress Plugin Arbitrary Password Reset Vulnerability in WP User Manager WordPress Plugin Cross-Site Scripting (XSS) Vulnerability in Simple Social Media Share Buttons WordPress Plugin Unauthenticated Stored Cross-Site Scripting in Limit Login Attempts WordPress Plugin Unsanitized Settings in Erident Custom Login and Dashboard WordPress Plugin Allows XSS Attacks Stored Cross-Site Scripting Vulnerability in PostX – Gutenberg Blocks for Post Grid WordPress Plugin Stored Cross-Site Scripting Vulnerability in PostX – Gutenberg Blocks for Post Grid WordPress Plugin Vulnerability: Unauthorized Access to Password-Protected or Private Post Contents in PostX – Gutenberg Blocks for Post Grid WordPress Plugin Authenticated SQL Injection in Game Server Status WordPress Plugin Arbitrary File Upload Vulnerability in Simple Schools Staff Directory WordPress Plugin Stored Cross-Site Scripting Vulnerability in WPSchoolPress WordPress Plugin Cross-Site Scripting Vulnerability in WP Video Lightbox WordPress Plugin SQL Injection Vulnerability in Podlove Podcast Publisher WordPress Plugin Stored Cross-Site Scripting Vulnerability in Simply Gallery Blocks with Lightbox (Version 2.2.0 & below) CSRF Vulnerability in MAZ Loader WordPress Plugin Allows Arbitrary Loader Deletion SQL Injection Vulnerability in MAZ Loader Plugin for WordPress Stored Cross-Site Scripting Vulnerability in CoolClock WordPress Plugin Stored Cross-Site Scripting Vulnerability in MX Time Zone Clocks WordPress Plugin Stored Cross-Site Scripting Vulnerability in One User Avatar WordPress Plugin Stored Cross-Site Scripting Vulnerability in Appointment Hour Booking WordPress Plugin CSRF Vulnerability in Genie WP Favicon WordPress Plugin Allows Unauthorized Favicon Changes CSRF Vulnerability in One User Avatar WordPress Plugin Reflected Cross-Site Scripting in Better Find and Replace WordPress Plugin before 1.2.9 Unauthenticated Enumeration of Private Post Titles in Find My Blocks WordPress Plugin Stored Cross-Site Scripting Vulnerability in CM Tooltip Glossary WordPress Plugin Reflected Cross-Site Scripting in Bitcoin / AltCoin Payment Gateway for WooCommerce WordPress Plugin Stored Cross-Site Scripting Vulnerability in WP Travel Engine WordPress Plugin Stored Cross-Site Scripting Vulnerability in Duplicate Page WordPress Plugin Stored Cross-Site Scripting Vulnerability in Cool Tag Cloud WordPress Plugin Stored Cross-Site Scripting Vulnerability in Weather Effect WordPress Plugin OS Command Injection Vulnerability in WordPress PDF Light Viewer Plugin Cross-Site Scripting (XSS) Vulnerability in Flat Preloader WordPress Plugin Cross-Site Scripting (XSS) Vulnerability in SVG Support WordPress Plugin Cross-Site Scripting Vulnerability in Modern Events Calendar Lite WordPress Plugin Unauthenticated and Authenticated User Arbitrary Post Deletion Vulnerability in Orange Form WordPress Plugin Path Traversal Vulnerability in Contact Forms - Drag & Drop Contact Form Builder WordPress Plugin Unsanitized Inputs in Chained Quiz WordPress Plugin Settings Cross-Site Scripting (XSS) Vulnerability in Quiz And Survey Master WordPress Plugin Path Traversal Vulnerability in Simple Download Monitor WordPress Plugin Stored Cross-Site Scripting Vulnerability in Simple Download Monitor WordPress Plugin Stored Cross-Site Scripting Vulnerability in Simple Download Monitor WordPress Plugin Unauthenticated Access to Sensitive Information in Simple Download Monitor WordPress Plugin CSRF Vulnerability in Simple Download Monitor WordPress Plugin Reflected Cross-Site Scripting in Simple Download Monitor WordPress Plugin Vulnerability: Unauthorized Thumbnail Removal in Simple Download Monitor WordPress Plugin Stored Cross-Site Scripting Vulnerability in Easy Media Download WordPress Plugin Cross-Site Scripting (XSS) Vulnerability in Forminator WordPress Plugin Cross-Site Scripting (XSS) Vulnerability in Quiz Tool Lite WordPress Plugin Cross-Site Scripting Vulnerability in LearnPress WordPress Plugin Vulnerability: Unauthenticated Activation of Installed Plugins in Download Plugin WordPress Plugin Unsanitized Parameter in Orange Form WordPress Plugin Allows Arbitrary Post Deletion Cross-Site Scripting (XSS) Vulnerability in NEX-Forms WordPress Plugin Cross-Site Scripting Vulnerability in Qwizcards WordPress Plugin Cross-Site Scripting (XSS) Vulnerability in Learning Courses WordPress Plugin Cross-Site Scripting Vulnerability in Export any WordPress data to XML/CSV Plugin Stored Cross-Site Scripting Vulnerability in Weather Effect WordPress Plugin Vulnerability in Oracle MySQL Connectors: Unauthorized Access and DOS Cross-Site Scripting Vulnerability in Print-O-Matic WordPress Plugin CSRF Vulnerability in Software License Manager WordPress Plugin Improper Sanitization in Appointment Hour Booking WordPress Plugin (<=1.3.17) Cross-Site Scripting Vulnerability in Video Lessons Manager WordPress Plugin Unescaped Output in Import any XML or CSV File to WordPress Plugin Allows Cross-Site Attacks Cross-Site Scripting Vulnerability in WP Sitemap Page WordPress Plugin Unsanitized User Input in Modern Events Calendar Lite WordPress Plugin Privilege Escalation and Information Disclosure in AutomatorWP WordPress Plugin Cross-Site Scripting Vulnerability in Contact Form, Survey & Popup Form Plugin for WordPress Reflected Cross-Site Scripting (XSS) Vulnerability in Enfold WordPress Theme Authenticated Stored XSS Vulnerability in GeoDirectory Business Directory WordPress Plugin Authenticated Translator Users Can Inject PHP Code via Loco Translate WordPress Plugin (CVE-2021-24147) Cross-Site Scripting Vulnerability in MotoPress WordPress Plugin's Restaurant Menu Feature Cross-Site Scripting (XSS) Vulnerability in WP Reactions Lite WordPress Plugin Cross-Site Scripting (XSS) Vulnerability in MotoPress WordPress Plugin CSRF Vulnerability in Comment Link Remove and Other Comment Tools WordPress Plugin Authenticated SQL Injection in WP Simple Booking Calendar WordPress Plugin Authenticated SQL Injection in StopBadBots WordPress Plugin Authenticated SQL Injection in Membership & Content Restriction Plugin Stored Cross-Site Scripting Vulnerability in Logo Showcase with Slick Slider WordPress Plugin Arbitrary Media Modification Vulnerability in Logo Showcase with Slick Slider WordPress Plugin SQL Injection Vulnerability in Registration Forms WordPress Plugin Stored Cross-Site Scripting Vulnerability in DearFlip WordPress Plugin Vulnerability: Unauthorized Access to Draft and Password-Protected Posts in WP Post Page Clone Plugin Stored Cross-Site Scripting Vulnerability in Compact WP Audio Player WordPress Plugin CSRF Vulnerability in Compact WP Audio Player WordPress Plugin Stored Cross-Site Scripting Vulnerability in Shared Files WordPress Plugin Stored Cross-Site Scripting Vulnerability in wpDiscuz WordPress Plugin Stored Cross-Site Scripting Vulnerability in Logo Carousel WordPress Plugin Arbitrary Private Post Duplication and Viewing Vulnerability in Logo Carousel WordPress Plugin Oracle Web Analytics Vulnerability: Unauthorized Data Access and Modification Cross-Site Scripting (XSS) Vulnerability in Tutor LMS WordPress Plugin SQL Injection Vulnerability in Support Board WordPress Plugin Insecure Authorisation Mechanism in Logo Slider and Showcase WordPress Plugin Stored XSS Vulnerability in Podcast Subscribe Buttons WordPress Plugin Cross-Site Scripting Vulnerability in WordPress Contact Forms Plugin Cross-Site Scripting (XSS) Vulnerability in About Author Box WordPress Plugin Reflected Cross-Site Scripting in Social Sharing Plugin WordPress Plugin Authenticated SQL Injection in SEO Booster WordPress Plugin Authenticated SQL Injection in Email Before Download WordPress Plugin CSRF Vulnerability in URL Shortify WordPress Plugin Oracle VM VirtualBox Prior to 6.1.28 Denial of Service Vulnerability SQL Injection Vulnerability in WP Visitor Statistics Plugin Cross-Site Scripting (XSS) Vulnerability in GenerateBlocks WordPress Plugin Vulnerability: Lack of Capability and CSRF Checks in CatchThemes Plugins Authenticated SQL Injection in Rich Reviews by Starfish WordPress Plugin SQL Injection Vulnerability in MainWP Child Reports WordPress Plugin SQL Injection Vulnerability in myCred WordPress Plugin Cross-Site Scripting (XSS) Vulnerability in WP System Log WordPress Plugin Unauthenticated Image Upload Vulnerability in Stylish Price List WordPress Plugin SQL Injection Vulnerability in Email Log WordPress Plugin PDF.js Viewer WordPress Plugin Cross-Site Scripting Vulnerability Unauthenticated Access Vulnerability in Oracle Transportation Management (Version 6.4.3) Cross-Site Scripting Vulnerability in Gutenberg PDF Viewer Block WordPress Plugin Arbitrary File Deletion Vulnerability in Error Log Viewer WordPress Plugin SQL Injection Vulnerability in Perfect Survey WordPress Plugin Unauthenticated Access and Stored Cross-Site Scripting in Perfect Survey WordPress Plugin Reflected Cross-Site Scripting Vulnerability in Perfect Survey WordPress Plugin Stored Cross-Site Scripting in Perfect Survey WordPress Plugin through 1.5.2 CSRF Vulnerability in 404 to 301 WordPress Plugin Allows Unauthorized Log Deletion CSRF Vulnerability in Redirect 404 Error Page to Homepage or Custom Page with Logs WordPress Plugin Cross-Site Scripting Vulnerability in WP RSS Aggregator WordPress Plugin SQL Injection Vulnerability in Permalink Manager Lite WordPress Plugin Oracle Applications Framework Session Management Vulnerability Arbitrary Image Upload Vulnerability in Stylish Price List WordPress Plugin Stored Cross-Site Scripting Vulnerability in Inspirational Quote Rotator WordPress Plugin SQL Injection Vulnerability in Stream WordPress Plugin Unfiltered HTML Capability Bypass in WordPress Download Manager Plugin SQL Injection Vulnerability in Check & Log Email WordPress Plugin Arbitrary Post Title Enumeration in Document Embedder WordPress Plugin CSRF Vulnerability in WP Performance Score Booster WordPress Plugin SQL Injection Vulnerability in Hotscot Contact Form WordPress Plugin SQL Injection Vulnerability in Tradetracker-Store WordPress Plugin (<= 4.6.60) Unauthenticated Users Can Update WP Debugging Plugin Settings MySQL Server Denial of Service Vulnerability CSRF Vulnerability in Single Post Exporter WordPress Plugin Arbitrary Post Meta Field Modification Vulnerability in Image Source Control WordPress Plugin Unescaped Class Name Field in Flex Local Fonts WordPress Plugin Allows for Cross-Site Scripting Attacks Arbitrary Post Deletion Vulnerability in Post Expirator WordPress Plugin CSRF Vulnerability in WP Admin Logo Changer WordPress Plugin Cross-Site Scripting Vulnerability in Great Quotes WordPress Plugin SQL Injection Vulnerability in Download Monitor WordPress Plugin Cross-Site Scripting Vulnerability in Sprout Invoices WordPress Plugin (Version < 19.9.7) Arbitrary Category Manipulation Vulnerability in Batch Cat WordPress Plugin Cross-Site Scripting (XSS) Vulnerability in Flat Preloader WordPress Plugin MySQL Server Denial of Service Vulnerability Unauthenticated Arbitrary Data Deletion and PHP Object Injection in Contact Form Advanced Database WordPress Plugin SQL Injection Vulnerability in Header Footer Code Manager WordPress Plugin Stored Cross-Site Scripting in Shiny Buttons WordPress Plugin Cross-Site Scripting (XSS) Vulnerability in WPeMatico RSS Feed Fetcher WordPress Plugin Cross-Site Scripting Vulnerability in Connections Business Directory WordPress Plugin CSRF Vulnerability in Filter Portfolio Gallery WordPress Plugin Cross-Site Scripting (XSS) Vulnerability in My Tickets WordPress Plugin Cross-Site Scripting (XSS) Vulnerability in Tickera WordPress Plugin Reflected Cross-Site Scripting in WP Header Images WordPress Plugin CSRF Vulnerability in Far Future Expiry Header WordPress Plugin Unauthenticated Remote Code Execution Vulnerability in Oracle HTTP Server (Web Listener) Unauthenticated User Can Edit Any Comment in DW Question & Answer Pro WordPress Plugin Unauthenticated AJAX Actions and Stored Cross-Site Scripting in WP Survey Plus WordPress Plugin CSRF Vulnerability in Colorful Categories WordPress Plugin Vulnerability: Unprotected CSRF Allows Arbitrary Admin Account Creation and Takeover Unauthenticated Settings Modification Vulnerability in Simple JWT Login WordPress Plugin CSRF Vulnerability in DW Question & Answer Pro WordPress Plugin CSRF Vulnerability in wpDiscuz WordPress Plugin (Versions before 7.3.4) Cross-Site Scripting (XSS) Vulnerability in Support Board WordPress Plugin Reflected Cross-Site Scripting in BP Better Messages WordPress Plugin CSRF Vulnerability in BP Better Messages WordPress Plugin MySQL Server Vulnerability: Unauthorized Hang and Crash (CVE-XXXX-XXXX) Unescaped Field Editor Settings in WP Event Manager Plugin Allow for Cross-Site Scripting Attacks Cross-Site Scripting Vulnerability in Shop Page WP WordPress Plugin Stored Cross-Site Scripting Vulnerability in BetterLinks WordPress Plugin Cross-Site Scripting Vulnerability in Events Made Easy WordPress Plugin Improper Content-Type Handling in WordPress GDPR Plugin Allows for Remote Code Execution Cross-Site Scripting Vulnerability in Accept Donations with PayPal WordPress Plugin Unrestricted Media File Renaming Vulnerability in Phoenix Media Rename WordPress Plugin Cross-Site Scripting Vulnerability in Ultimate NoFollow WordPress Plugin CSRF Vulnerability in WP Limits WordPress Plugin Allows Unauthorized Settings Modification Insufficient Authorization in Page/Post Content Shortcode WordPress Plugin Oracle Payables Vulnerability: Unauthorized Access and Data Manipulation Path Traversal and Local File Inclusion Vulnerability in Cost Calculator WordPress Plugin Stored Cross-Site Scripting Vulnerability in Cost Calculator WordPress Plugin Unauthenticated Stored Cross-Site Scripting Vulnerability in Stylish Cost Calculator WordPress Plugin CSRF Vulnerability in Support Board WordPress Plugin Allows Arbitrary File Deletion Arbitrary Post Metadata Disclosure Vulnerability in Custom Content Shortcode WordPress Plugin Arbitrary File Display and Local File Inclusion Vulnerability in Custom Content Shortcode WordPress Plugin Unescaped Custom Fields Vulnerability in Custom Content Shortcode WordPress Plugin Unauthenticated SQL Injection in Asgaros Forum WordPress Plugin (<= 1.15.13) Cross-Site Scripting Vulnerability in Mortgage Calculator / Loan Calculator WordPress Plugin SQL Injection Vulnerability in Visitor Traffic Real Time Statistics WordPress Plugin Vulnerability in Oracle Content Manager of Oracle E-Business Suite: Unauthorized Access and Data Manipulation Cross-Site Scripting Vulnerability in Advanced Access Manager WordPress Plugin Unauthenticated Access and Data Manipulation Vulnerability in Tab WordPress Plugin CSRF Vulnerability in WP SEO Redirect 301 WordPress Plugin Stored Cross-Site Scripting Vulnerability in YOP Poll WordPress Plugin Stored Cross-Site Scripting Vulnerability in YOP Poll WordPress Plugin SQL Injection Vulnerability in WCFM – Frontend Manager for WooCommerce Plugin Vulnerability: Lack of Authorization and CSRF Checks in Temporary Login Without Password WordPress Plugin Cross-Site Scripting (XSS) Vulnerability in Passster WordPress Plugin Open Redirect Vulnerability in AnyComment WordPress Plugin Unauthenticated Arbitrary Ticket Deletion in SupportCandy WordPress Plugin Vulnerability in Oracle Operations Intelligence: Unauthorized Access and Data Manipulation Unauthenticated Access to Private and Scheduled Posts in Squaretype WordPress Theme Unsanitized Settings in Helpful WordPress Plugin Allows Cross-Site Scripting Attacks Unrestricted Access and Manipulation of Private Post Titles and Dates in Bulk Datetime Change WordPress Plugin CSRF Vulnerability in SupportCandy WordPress Plugin Allows Arbitrary Ticket Deletion SQL Injection Vulnerability in Affiliates Manager WordPress Plugin Arbitrary Content Access Vulnerability in Improved Include Page WordPress Plugin SQL Injection Vulnerability in Ni WooCommerce Custom Order Status Plugin SQL Injection Vulnerability in SEO Redirection Plugin – 301 Redirect Manager WordPress Plugin SQL Injection Vulnerability in Mediamatic WordPress Plugin SQL Injection Vulnerability in WCFM Marketplace WordPress Plugin (<= 3.4.12) Oracle Trade Management Product Vulnerability: Unauthorized Data Access and Modification Cross-Site Scripting (XSS) Vulnerability in Insert Pages WordPress Plugin Arbitrary Access to Content and Metadata in Insert Pages WordPress Plugin CSRF Vulnerability in MouseWheel Smooth Scroll WordPress Plugin Unauthenticated Users Can Modify QR Redirect Response Status Code in QR Redirector WordPress Plugin Stored Cross-Site Scripting Vulnerability in QR Redirector WordPress Plugin Cross-Site Scripting Vulnerability in Display Post Metadata WordPress Plugin Cross-Site Scripting Vulnerability in Shared Files WordPress Plugin PHP Object Injection Vulnerability in ToTop Link WordPress Plugin Authenticated SQL Injection in Cookie Notification Plugin for WordPress Plugin User Meta Shortcodes WordPress Plugin Allows Unauthorized Access to User Metadata and Password Hashes SQL Injection Vulnerability in BSK PDF Manager WordPress Plugin SQL Injection Vulnerability in Quotes Collection WordPress Plugin SQL Injection Vulnerability in RegistrationMagic WordPress Plugin SQL Injection Vulnerability in WP Block and Stop Bad Bots Plugin SQL Injection Vulnerability in WP Cloudy Weather Plugin SQL Injection Vulnerability in Advanced Custom Fields: Extended WordPress Plugin SQL Injection Vulnerability in WP Data Access WordPress Plugin Backdoored Plugins and Themes: AccessPress Themes Vendor Compromised Title Enumeration Vulnerability in Document Embedder WordPress Plugin SQL Injection Vulnerability in WP Fastest Cache WordPress Plugin WP Fastest Cache WordPress Plugin Cross-Site Scripting Vulnerability Cross-Site Scripting Vulnerability in Get Custom Field Values WordPress Plugin Unvalidated Permissions in Get Custom Field Values WordPress Plugin Reflected Cross-Site Scripting in Tutor LMS WordPress Plugin (<=1.9.11) Reflected Cross-Site Scripting Vulnerability in Sendinblue WordPress Plugin Reflected Cross-Site Scripting in eCommerce Product Catalog Plugin for WordPress Reflected Cross-Site Scripting in Registrations for the Events Calendar WordPress Plugin SQL Injection Vulnerability in MainWP Child WordPress Plugin Reflected Cross-Site Scripting in SupportCandy WordPress Plugin Arbitrary Filter XSS Vulnerability in SupportCandy WordPress Plugin Cross-Site Scripting (XSS) Vulnerability in SupportCandy WordPress Plugin Passster WordPress Plugin Unauthenticated Access Vulnerability Cross-Site Scripting Vulnerability in Slideshow Gallery WordPress Plugin Cross-Site Scripting Vulnerability in Popup Anything WordPress Plugin HTML Injection and Remote Code Execution in Formidable Form Builder WordPress Plugin Reflected Cross-Site Scripting in YOP Poll WordPress Plugin Cross-Site Scripting Vulnerability in ImageBoss WordPress Plugin SQL Injection Vulnerability in Ninja Forms Contact Form WordPress Plugin Arbitrary PHP Code Injection Vulnerability in Scripts Organizer WordPress Plugin DOM Cross-Site Scripting Vulnerability in Elementor Website Builder WordPress Plugin Vulnerability: Insecure Direct Object Reference in Advanced Forms (Free & Pro) Edit Function Denial of Service Vulnerability in Stars Rating WordPress Plugin Denial of Service Vulnerability in Reviews Plus WordPress Plugin Cross-Site Scripting Vulnerability in Cybersoldier WordPress Plugin Cross-Site Scripting Vulnerability in Caldera Forms WordPress Plugin Cross-Site Scripting Vulnerability in Add Subtitle WordPress Plugin Cross-Site Scripting Vulnerability in EditableTable WordPress Plugin Cross-Site Scripting (XSS) Vulnerability in Media-Tags WordPress Plugin Unsanitized Table Fields in Ninja Tables WordPress Plugin Allow for Cross-Site Scripting Attacks Cross-Site Scripting Vulnerability in Security Audit WordPress Plugin Cross-Site Scripting Vulnerability in Typebot WordPress Plugin Unsanitized Gallery Settings in GRAND FlaGallery WordPress Plugin Allow Cross-Site Scripting Attacks Stored Cross-Site Scripting Vulnerability in Mortgage Calculators WP WordPress Plugin Arbitrary File Deletion Vulnerability in Advanced Contact Form 7 DB WordPress Plugin Unauthenticated Deactivation Vulnerability in Protect WP Admin WordPress Plugin Reflected Cross-Site Scripting in Contact Form, Drag and Drop Form Builder for WordPress Plugin Reflected Cross-Site Scripting in Check & Log Email WordPress Plugin Reflected Cross-Site Scripting in ACF Photo Gallery Field WordPress Plugin Reflected Cross-Site Scripting in Transposh WordPress Translation Plugin Stored Cross-Site Scripting Vulnerability in Transposh WordPress Translation Plugin Stored Cross-Site Scripting Vulnerability in Transposh WordPress Translation Plugin Arbitrary Media Manipulation in Logo Showcase with Slick Slider WordPress Plugin Tawk.To Live Chat WordPress Plugin Authenticated User Vulnerability Unauthenticated SQL Injection and User Data Exposure in Contest Gallery WordPress Plugin Arbitrary Email Sending Vulnerability in Qubely WordPress Plugin Unauthenticated Access to Secret Login Page in WPS Hide Login WordPress Plugin Unauthenticated JavaScript Injection in Smash Balloon Social Post Feed WordPress Plugin SQL Injection Vulnerability in Wicked Folders WordPress Plugin Cross-Site Scripting Vulnerability in StatCounter WordPress Plugin Reflected Cross-Site Scripting in Advanced Database Cleaner WordPress Plugin Cross-Site Scripting and CSRF Vulnerability in Pixel Cat WordPress Plugin Reflected Cross-Site Scripting in Sendinblue WordPress Plugin Reflected Cross-Site Scripting in Email Log WordPress Plugin 2.4.8 and earlier Reflected Cross-Site Scripting in Modern Events Calendar Lite WordPress Plugin Reflected Cross-Site Scripting in Domain Check WordPress Plugin Reflected Cross-Site Scripting in My Calendar WordPress Plugin SQL Injection and Arbitrary Post Modification Vulnerability in Rearrange Woocommerce Products WordPress Plugin Stored Cross-Site Scripting Vulnerability in WordPress Online Booking and Scheduling Plugin SQL Injection Vulnerability in Secure Copy Content Protection and Content Locking WordPress Plugin Reflected Cross-Site Scripting in Auto Featured Image WordPress Plugin Reflected Cross-Site Scripting in Dynamic Widgets WordPress Plugin Reflected Cross-Site Scripting in Visual CSS Style Editor WordPress Plugin Reflected Cross-Site Scripting in WP Google Fonts WordPress Plugin Cross-Site Scripting (XSS) Vulnerability in WP Extra File Types WordPress Plugin Reflected Cross-Site Scripting in Asset CleanUp: Page Speed Booster WordPress Plugin Reflected Cross-Site Scripting Vulnerability in WOOCS WordPress Plugin Reflected Cross-Site Scripting in LoginWP WordPress Plugin Reflected Cross-Site Scripting in Persian Woocommerce WordPress Plugin Reflected Cross-Site Scripting in Popups, Welcome Bar, Optins and Lead Generation Plugin WordPress Plugin Arbitrary PHP Code Execution Vulnerability in Menu Item Visibility Control WordPress Plugin Unauthenticated SQL Injection in Registrations for the Events Calendar WordPress Plugin Cross-Site Scripting Vulnerability in Custom Dashboard & Login Page WordPress Plugin Unauthenticated User Data Leakage in LikeBtn WordPress Plugin Unauthenticated SQL Injection in Modern Events Calendar Lite WordPress Plugin Arbitrary File Read Vulnerability in RVM WordPress Plugin Unauthenticated Information Disclosure in Plus Addons for Elementor - Pro WordPress Plugin SQL Injection Vulnerability in WP Search Filters Widget of The Plus Addons for Elementor - Pro WordPress Plugin Insight Core WordPress Plugin Vulnerability: Unauthenticated PHP Object Injection and Stored XSS SQL Injection Vulnerability in LearnPress WordPress Plugin SQL Injection Vulnerability in Conversios.io WordPress Plugin Reflected Cross-Site Scripting in Advanced iFrame WordPress Plugin Reflected Cross-Site Scripting in User Registration, Login Form, User Profile & Membership WordPress Plugin Reflected Cross-Site Scripting in User Registration, Login Form, User Profile & Membership WordPress Plugin Reflected Cross-Site Scripting in Blog2Social WordPress Plugin SQL Injection Vulnerability in Advanced Page Visit Counter WordPress Plugin Cross-Site Scripting (XSS) Vulnerability in Meks Easy Photo Feed Widget WordPress Plugin SQL Injection Vulnerability in WP Email Users WordPress Plugin WordPress File Upload Plugin Cross-Site Scripting Vulnerability Cross-Site Scripting Vulnerability in WordPress File Upload Plugin Arbitrary Code Execution via Path Traversal in WordPress File Upload Plugin Reflected Cross-Site Scripting in LiteSpeed Cache WordPress Plugin Unauthenticated Cross-Site Scripting (XSS) via LiteSpeed Cache WordPress Plugin Cross-Site Scripting Vulnerability in Five Star Restaurant Reservations WordPress Plugin Arbitrary File Deletion Vulnerability in Error Log Viewer WordPress Plugin Cross-Site Scripting Vulnerability in Contact Form & Lead Form Elementor Builder WordPress Plugin Unauthenticated User Can Create FAQ and FAQ Questions in Ultimate FAQ WordPress Plugin Cross-Site Scripting (XSS) Vulnerability in WordPress Download Manager Plugin Local File Inclusion Vulnerability in All-in-One Video Gallery WordPress Plugin Vulnerability: Cross-Site Scripting (XSS) and Unauthorized Settings Modification in WP Responsive Menu WordPress Plugin Unescaped Settings Vulnerability in Pixel Cat WordPress Plugin Cross-Site Scripting Vulnerability in Site Reviews WordPress Plugin Stored Cross-Site Scripting Vulnerability in Product Feed PRO for WooCommerce WordPress Plugin Unauthenticated Stored Cross-Site Scripting in NextScripts: Social Networks Auto-Poster WordPress Plugin Reflected Cross-Site Scripting in Smart SEO Tool WordPress Plugin Unauthenticated Arbitrary CSS and Stored XSS Vulnerability in Use Any Font WordPress Plugin Unauthenticated Arbitrary Post Deletion in OSMapper WordPress Plugin Reflected Cross-Site Scripting in Paid Memberships Pro WordPress Plugin Reflected Cross-Site Scripting in Gwolle Guestbook WordPress Plugin Cross-Site Request Forgery to Remote File Upload Vulnerability in Directorist WordPress Plugin Reflected Cross-Site Scripting in Child Theme Generator WordPress Plugin Reflected Cross-Site Scripting in Asset CleanUp: Page Speed Booster WordPress Plugin Reflected Cross-Site Scripting in WPFront User Role Editor WordPress Plugin Reflected Cross-Site Scripting in Easy Forms for Mailchimp WordPress Plugin Reflected Cross-Site Scripting in Post Grid WordPress Plugin Reflected Cross-Site Scripting in Social Share, Social Login and Social Comments Plugin for WordPress Stored XSS vulnerability in WP RSS Aggregator WordPress Plugin CSRF Vulnerability in Accept Donations with PayPal WordPress Plugin Reflected Cross-Site Scripting in WooCommerce PDF Invoices & Packing Slips WordPress Plugin Cross-Site Scripting (XSS) Vulnerability in Smart Floating / Sticky Buttons WordPress Plugin Unauthenticated User Access and Arbitrary Product Manipulation in Ultimate Product Catalog WordPress Plugin Stored Cross-Site Scripting Vulnerability in Migration, Backup, Staging WordPress Plugin Cross-Site Scripting Vulnerability in HTML5 Responsive FAQ WordPress Plugin Reflected Cross-Site Scripting in IDPay for Contact Form 7 WordPress Plugin Unauthenticated Access and Information Disclosure in WP Guppy WordPress Plugin Insecure Password Generation in Simple JWT Login WordPress Plugin Reflected Cross-Site Scripting in Booster for WooCommerce WordPress Plugin Reflected Cross-Site Scripting in Booster for WooCommerce WordPress Plugin Reflected Cross-Site Scripting in Booster for WooCommerce WordPress Plugin Unauthenticated Access to Orders Data in Tipsacarrier WordPress Plugin Remote Code Execution (RCE) Vulnerability in WPCargo Track & Trace WordPress Plugin Arbitrary File Download Vulnerability in SEUR Oficial WordPress Plugin Unsanitized Settings in SEUR Oficial WordPress Plugin 1.7.0 Allow Cross-Site Scripting Attacks Reflected Cross-Site Scripting in MOLIE WordPress Plugin Unvalidated Post Parameter SQL Injection in MOLIE WordPress Plugin Reflected Cross-Site Scripting in Code Snippets WordPress Plugin CorreosExpress WordPress Plugin Exposes Sensitive User Data in Publicly Accessible Log Files CSRF and Stored XSS Vulnerabilities in Post Snippets WordPress Plugin Vulnerability: Arbitrary Post Deletion and Settings Modification in Maps Plugin for WordPress Reflected Cross-Site Scripting Vulnerability in Pz-LinkCard WordPress Plugin Arbitrary Post Deletion Vulnerability in Qubely WordPress Plugin Stored Cross-Site Scripting Vulnerability in Ibtana WordPress Plugin Reflected Cross-Site Scripting in myCred WordPress Plugin before 2.4 Reflected Cross-Site Scripting in Chaty WordPress Plugin Reflected Cross-Site Scripting in Tutor LMS WordPress Plugin Arbitrary Settings and Stored XSS Vulnerability in PPOM for WooCommerce WordPress Plugin Reflected Cross-Site Scripting in Squirrly SEO WordPress Plugin Arbitrary Folder Deletion Vulnerability in CAOS | Host Google Analytics Locally WordPress Plugin Arbitrary Folder Deletion Vulnerability in OMGF WordPress Plugin Reflected Cross-Site Scripting in UpdraftPlus WordPress Backup Plugin SQL Injection Vulnerability in Speed Booster Pack ⚡ PageSpeed Optimization Suite WordPress Plugin Reflected Cross-Site Scripting Vulnerability in EventCalendar WordPress Plugin Insufficient Authorization and CSRF Checks in EventCalendar WordPress Plugin Allow Unauthorized Event Creation Cross-Site Scripting Vulnerability in Patreon WordPress Plugin Reflected Cross-Site Scripting in PowerPack Addons for Elementor WordPress Plugin Arbitrary Redirect Vulnerability in Event Tickets WordPress Plugin Unsanitized Course Module Input in CLUEVO LMS Plugin Allows Cross-Site Scripting Attacks SQL Injection Vulnerability in Events Made Easy WordPress Plugin Reflected Cross-Site Scripting in Image Hover Effects Ultimate WordPress Plugin Arbitrary Blog Options Update and Administrator Role Escalation Vulnerability in PublishPress Capabilities WordPress Plugin Open Redirect Vulnerability in WordPress Newsletter Plugin Reflected Cross-Site Scripting Vulnerability in WP User WordPress Plugin Reflected Cross-Site Scripting in WP Time Capsule WordPress Plugin Privilege Escalation Vulnerability in All in One SEO WordPress Plugin Authenticated SQL Injection Vulnerability in All in One SEO WordPress Plugin Reflected Cross-Site Scripting in WordPress Multisite User Sync/Unsync Plugin Reflected Cross-Site Scripting in WordPress Multisite Content Copier/Updater Plugin Reflected Cross-Site Scripting in Booking Calendar WordPress Plugin Reflected Cross-Site Scripting (XSS) Vulnerability in Photo Gallery by 10Web WordPress Plugin Vulnerability: Unauthenticated IP Address Exclusion and Cross-Site Scripting in WP Visitor Statistics Plugin Reflected Cross-Site Scripting in WOOCS WordPress Plugin (<= 1.3.7.3) Reflected Cross-Site Scripting in Cryptocurrency Pricing List and Ticker WordPress Plugin SQL Injection Vulnerability in Asgaros Forum WordPress Plugin Stored XSS Vulnerability in Modern Events Calendar Lite WordPress Plugin Reflected Cross-Site Scripting (XSS) Vulnerability in 10Web Social Photo Feed WordPress Plugin Arbitrary Profile Creation and Cross-Site Scripting Vulnerability in KingComposer WordPress Plugin Cross-Site Scripting Vulnerability in Mobile Events Manager WordPress Plugin Cross-Site Scripting Vulnerability in Remove Footer Credit WordPress Plugin Arbitrary File Inclusion and Remote Code Execution Vulnerability in Modal Window WordPress Plugin Arbitrary File Inclusion and Remote Code Execution Vulnerability in Button Generator WordPress Plugin Arbitrary File Inclusion Vulnerability in WP Coder WordPress Plugin (CSRF RCE) Authenticated SQL Injection in WPcalc WordPress Plugin Reflected Cross-Site Scripting (XSS) Vulnerability in FeedWordPress Plugin Cross-Site Scripting (XSS) Vulnerability in Ninja Forms Contact Form WordPress Plugin Authenticated Stored Cross-Site Scripting (XSS) in Translation Exchange WordPress Plugin Authenticated Stored Cross Site Scripting (XSS) Vulnerability in Buffer Button WordPress Plugin Privilege Escalation Vulnerability in Download Plugin WordPress Plugin Unauthenticated Access and Stored XSS Vulnerabilities in Five Star Business Profile and Schema WordPress Plugin Reflected XSS Vulnerability in WP Booking System WordPress Plugin Reflected Cross-Site Scripting in Orders Tracking for WooCommerce WordPress Plugin Reflected Cross-Site Scripting in Skins for Contact Form 7 WordPress Plugin Authenticated SQL Injection in Wow Countdowns WordPress Plugin Reflected XSS Vulnerability in Smash Balloon Social Post Feed WordPress Plugin Unsanitized Data Import Vulnerability in Ninja Forms Contact Form WordPress Plugin Reflected XSS Vulnerability in Landing Page Builder WordPress Plugin SQL Injection Vulnerability in Sync WooCommerce Product Feed to Google Shopping WordPress Plugin SQL Injection and Reflected Cross-Site Scripting Vulnerability in Download Manager WordPress Plugin SQL Injection Vulnerability in Block Bad Bots WordPress Plugin Reflected Cross-Site Scripting in WordPress Plugin through 2.0.1 CSRF Vulnerability in NextScripts: Social Networks Auto-Poster WordPress Plugin CSRF Vulnerability in WP125 WordPress Plugin Allows Unauthorized Deletion of Ads Open Redirect Vulnerability in WebP Converter for Media WordPress Plugin Stored Cross-Site Scripting and CSRF Vulnerability in Duplicate Page or Post WordPress Plugin SQL Injection and Reflected Cross-Site Scripting Vulnerability in WP User Frontend WordPress Plugin Reflected Cross-Site Scripting in Store Toolkit for WooCommerce WordPress Plugin Cross-Site Scripting (XSS) Vulnerability in Affiliates Manager WordPress Plugin Unsanitized Parameters in Contact Form Entries WordPress Plugin Cross-Site Scripting Vulnerability in Contact Form Entries WordPress Plugin CSRF Vulnerability in Maps Plugin for WordPress Allows Arbitrary Post Deletion and Settings Modification Local File Inclusion and Remote Code Execution Vulnerability in Popup Builder WordPress Plugin Reflected Cross-Site Scripting in Registrations for the Events Calendar WordPress Plugin Unauthenticated User Authorization Bypass in Advanced Cron Manager WordPress Plugin Reflected Cross-Site Scripting in WOOF WordPress Plugin (<=1.2.6.3) Cross-Site Scripting Vulnerability in Advanced Page Visit Counter WordPress Plugin Unauthenticated Access to Sensitive Information in Download Manager WordPress Plugin Cross-Site Scripting Vulnerability in XML Sitemaps WordPress Plugin Reflected Cross-Site Scripting in UpdraftPlus WordPress Backup Plugin Vulnerability: Unauthenticated AJAX Actions and Cross-Site Scripting in Portfolio Gallery Plugin Reflected Cross-Site Scripting in Link Library WordPress Plugin CSRF Vulnerability in Link Library WordPress Plugin Allows Arbitrary Settings Reset Unauthenticated Arbitrary Link Deletion Vulnerability in Link Library WordPress Plugin Unauthenticated File Upload and PHP Shell Execution Vulnerability in Tatsu WordPress Plugin IP2Location Country Blocker WordPress Plugin Allows Arbitrary Country Blocking Bypassing IP2Location Country Blocker WordPress Plugin 2.26.5 Vulnerability: Inadequate Authorization and CSRF Check in LabTools WordPress Plugin Allows Arbitrary Publication Deletion CSRF Vulnerability in Pricing Tables WordPress Plugin Allows Arbitrary Post Removal Reflected Cross-Site Scripting in GiveWP WordPress Plugin before 2.17.3 Reflected Cross-Site Scripting in GiveWP WordPress Plugin (<=2.17.3) Reflected Cross-Site Scripting Vulnerability in Anti-Malware Security and Brute-Force Firewall WordPress Plugin Arbitrary Redirect and Cross-Site Scripting Vulnerability in All In One WP Security & Firewall Plugin Reflected Cross-Site Scripting in Translate WordPress with GTranslate WordPress Plugin Reflected Cross-Site Scripting in Ocean Extra WordPress Plugin before 1.9.5 Cross-Site Scripting Vulnerability in Ivory Search WordPress Plugin Vulnerability: Unauthenticated User Update and Stored Cross-Site Scripting in WPLegalPages WordPress Plugin Cross-Site Scripting (XSS) Vulnerability in Form Store to DB WordPress Plugin CSRF Vulnerability in IP2Location Country Blocker WordPress Plugin SQL Injection and Cross-Site Scripting (XSS) Vulnerability in Futurio Extra WordPress Plugin User Email Address Extraction Vulnerability in Futurio Extra WordPress Plugin Open Redirect Vulnerability in English WordPress Admin WordPress Plugin Reflected Cross-Site Scripting in WHMCS Bridge WordPress Plugin Vulnerability: Unauthenticated Settings Modification and Stored XSS in Dropdown Menu Widget WordPress Plugin SQL Injection Vulnerability in Paid Memberships Pro WordPress Plugin Stored Cross-Site Scripting (XSS) Vulnerability in WP Photo Album Plus WordPress Plugin Arbitrary Asset Deletion and Post Manipulation Vulnerability in Enqueue Anything WordPress Plugin Unsanitized postratings_image Parameter in WP-PostRatings Plugin Yoast SEO WordPress Plugin Path Disclosure Vulnerability Arbitrary File Upload and Remote Code Execution Vulnerability in AGIL WordPress Plugin Reflected Cross-Site Scripting Vulnerability in Easy Social Feed WordPress Plugins Denial of Service Vulnerability in Rating by BestWebSoft WordPress Plugin Apache Tomcat Vulnerability: Request Header and Body Duplication in h2c Connection Handling Local Buffer Overflow Vulnerability in HPE Cloudline Server BMC Firmware Local Path Traversal Vulnerability in HPE Cloudline Server BMC Firmware Local Path Traversal Vulnerability in HPE Cloudline Server BMC Firmware Local Buffer Overflow Vulnerability in HPE Cloudline Server BMC Firmware Local Buffer Overflow Vulnerability in HPE Cloudline Server BMC Firmware Local Path Traversal Vulnerability in HPE Cloudline BMC Firmware Local Path Traversal Vulnerability in HPE Cloudline BMC Firmware Local Buffer Overflow Vulnerability in HPE Cloudline Server BMC Firmware Local Buffer Overflow Vulnerability in HPE Cloudline Server BMC Firmware Local Buffer Overflow Vulnerability in HPE Cloudline Server BMC Firmware Local Buffer Overflow Vulnerability in HPE Cloudline Server BMC Firmware Local Buffer Overflow Vulnerability in HPE Cloudline Server BMC Firmware Local Buffer Overflow Vulnerability in HPE Cloudline Server BMC Firmware Local Buffer Overflow Vulnerability in HPE Cloudline Server BMC Firmware Local Buffer Overflow Vulnerability in HPE Cloudline Server BMC Firmware Local Buffer Overflow Vulnerability in HPE Cloudline Server BMC Firmware Title: Remote Code Execution Vulnerability in HPE Moonshot Provisioning Manager v1.20 Remote Code Execution and Directory Traversal Vulnerability in HPE Moonshot Provisioning Manager v1.20 Title: HPE and Aruba L2/L3 Switch Firmware Vulnerability: Local Denial of Service Exploitation Local Buffer Overflow in HPE Apollo 70 System BMC Firmware Aruba Instant Access Point (IAP) Remote Denial of Service (DoS) Vulnerability Aruba Instant Access Point Remote Buffer Overflow Vulnerability Aruba Instant Access Point (IAP) Remote Unauthorized Disclosure of Information Vulnerability Aruba Instant Access Point (IAP) Remote Command Execution Vulnerability Aruba AirWave Management Platform Remote Authentication Restriction Bypass Vulnerability Aruba Instant Access Point (IAP) Remote Arbitrary File Modification Vulnerability Aruba Instant Access Point Remote Buffer Overflow Vulnerability Aruba Instant Access Point (IAP) Products Remote Command Execution Vulnerability Aruba AirWave Management Platform Remote Insecure Deserialization Vulnerability Aruba AirWave Management Platform Remote Insecure Deserialization Vulnerability Aruba AirWave Management Platform Remote SQL Injection Vulnerability Aruba AirWave Management Platform Remote Escalation of Privilege Vulnerability Aruba Instant Access Point (IAP) Remote Arbitrary File Modification Vulnerability Aruba Instant Access Point (IAP) Remote Arbitrary Directory Create Vulnerability Aruba Instant Access Point (IAP) Remote Arbitrary File Read Vulnerability Aruba Instant Access Point (IAP) Products Remote Arbitrary File Read Vulnerability Aruba Instant Access Point (IAP) Remote Arbitrary File Modification Vulnerability Aruba Instant Access Point (IAP) Remote Arbitrary File Modification Vulnerability Aruba Instant Access Point (IAP) Products Remote XSS Vulnerability Aruba Instant Access Point (IAP) Remote Command Execution Vulnerability Aruba AirWave Management Platform Remote XML External Entity Vulnerability Aruba AirWave Management Platform Remote XML External Entity Vulnerability Aruba AirWave Management Platform Remote XML External Entity Vulnerability Aruba AirWave Management Platform Remote Unauthorized Access Vulnerability Aruba AirWave Management Platform Remote Unauthorized Access Vulnerability Local Buffer Overflow in HPE Apollo 70 System BMC Firmware Local Buffer Overflow in HPE Apollo 70 System BMC Firmware Local Buffer Overflow in HPE Apollo 70 System BMC Firmware Local Buffer Overflow in HPE Apollo 70 System BMC Firmware Command Injection Vulnerability in HPE Apollo 70 System BMC Firmware Memory Allocation Vulnerability in Open Design Alliance Drawings SDK Memory Corruption Vulnerability in Open Design Alliance Drawings SDK Type Conversion Issue in Open Design Alliance Drawings SDK Allows for Denial of Service Attack NULL Pointer Dereference Vulnerability in Open Design Alliance Drawings SDK Type Confusion Vulnerability in Open Design Alliance Drawings SDK Stack-based Buffer Overflow Vulnerability in Open Design Alliance Drawings SDK SolarWinds Serv-U before 15.2 Vulnerability: Cross Site Scripting (XSS) via HTTP Host Header Windows PKU2U Privilege Escalation Vulnerability Arbitrary Code Injection via Search Parameter in SourceCodester Content Management System v 1.0 Arbitrary Code Execution via File Upload in SourceCodester Learning Management System v1.0 SQL Injection Vulnerability in Learning Management System v1.0: Remote Code Execution and Database Information Disclosure SQL Injection Vulnerability in SourceCodester Sales and Inventory System v1.0 Arbitrary Code Execution via File Upload in Victor CMS v1.0 Arbitrary Web Script Injection Vulnerability in SourceCodester E-Commerce Website v 1.0 SQL Injection Vulnerability in SourceCodester E-Commerce Website V 1.0: Arbitrary SQL Statement Execution via empViewUpdate.php Arbitrary Code Execution via File Upload in SourceCodester Responsive Ordering System v1.0 Arbitrary Code Execution via File Upload in SourceCodester E-Commerce Website v1.0 Arbitrary Code Execution via File Upload in SourceCodester Travel Management System v1.0 SQL Injection Vulnerability in SourceCodester Theme Park Ticketing System v1.0 Arbitrary Code Execution via File Upload in SourceCodester Alumni Management System v1.0 Arbitrary Code Execution via File Upload in SourceCodester Ordering System v1.0 SQL Injection Vulnerability in SourceCodester Alumni Management System v1.0 via id parameter in manage_event.php SQL Injection Vulnerability in SourceCodester Travel Management System v1.0 via catid Parameter in subcat.php BIND IXFR Malformed Packet Vulnerability BIND Denial of Service Vulnerability Vulnerability in BIND Servers with GSS-TSIG Configuration Vulnerability: Crash and Improper Lease Deletion in ISC DHCP BIND 9.16.19, 9.17.16, and 9.16.19-S1 Vulnerability: Assertion Check Failure BIND Vulnerability: Degradation in Resolver Performance due to Flawed Response Processing BIND DNS Server Cache Poisoning Vulnerability Memory Exhaustion Vulnerability in Trend Micro ServerProtect for Linux 3.0 Allows Local Denial-of-Service Memory Exhaustion Vulnerability in Trend Micro ServerProtect for Linux 3.0 Allows Local Denial-of-Service Attack Memory Exhaustion Vulnerability in Trend Micro ServerProtect for Linux 3.0 Memory Exhaustion Vulnerability in Trend Micro Antivirus for Mac 2021 (Consumer) Improper Access Control Vulnerability in Trend Micro Apex One, OfficeScan XG SP1, and Worry-Free Business Security 10.0 SP1 Allows Unauthorized Access to Hotfix History Improper Access Control Vulnerability in Trend Micro Apex One and OfficeScan XG SP1 Improper Access Control Vulnerability in Trend Micro Apex One and OfficeScan XG SP1 Improper Access Control Vulnerability in Trend Micro Apex One, OfficeScan XG SP1, and Worry-Free Business Security 10.0 SP1 Improper Access Control Vulnerability in Trend Micro Apex One and OfficeScan XG SP1 Improper Access Control Vulnerability in Trend Micro Apex One, OfficeScan XG SP1, and Worry-Free Business Security 10.0 SP1 Improper Access Control Vulnerability in Trend Micro Apex One, OfficeScan XG SP1, and Worry-Free Business Security 10.0 SP1 Improper Access Control Vulnerability in Trend Micro Apex One and OfficeScan XG SP1 Server-Side Request Forgery (SSRF) Information Disclosure Vulnerability in Trend Micro OfficeScan XG SP1 and Worry-Free Business Security 10.0 SP1 Improper Access Control Vulnerability in Trend Micro Apex One (On-Prem): Unauthorized Access to Managing Port Information Improper Access Control Information Disclosure Vulnerability in Trend Micro OfficeScan XG SP1 and Worry-Free Business Security 10.0 SP1 Improper Access Control Vulnerability in Trend Micro Apex One, OfficeScan XG SP1, and Worry-Free Business Security 10.0 SP1 Allows Unauthorized Access to x86 Agent Hotfix Information Improper Access Control Vulnerability in Trend Micro Apex One, OfficeScan XG SP1, and Worry-Free Business Security 10.0 SP1: Unauthorized Access to x64 Agent Hofitx Information Server-Side Request Forgery (SSRF) Information Disclosure Vulnerability in Trend Micro Apex One and Worry-Free Business Security 10.0 SP1 Improper Access Control Vulnerability in Trend Micro Apex One, OfficeScan XG SP1, and Worry-Free Business Security 10.0 SP1: Unauthorized Access to Version and Build Information Improper Access Control Vulnerability in Trend Micro Apex One, OfficeScan XG SP1, and Worry-Free Business Security 10.0 SP1: Unauthorized Patch Level Information Disclosure Improper Access Control Vulnerability in Worry-Free Business Security 10.0 SP1 Allows Unauthorized Access to Configuration Information Improper Access Control Vulnerability in Worry-Free Business Security 10.0 SP1 Improper Access Control Information Disclosure Vulnerability in Trend Micro Products DLL Hijacking Vulnerability in Trend Micro HouseCall for Home Networks Out-of-Bounds Read Information Disclosure Vulnerability in Trend Micro Apex One, OfficeScan XG SP1, and Worry-Free Business Security Privilege Escalation Vulnerability in Trend Micro Apex One, OfficeScan XG SP1, and Worry-Free Business Security Privilege Escalation Vulnerability in Trend Micro Apex One and OfficeScan XG SP1 Code Injection Vulnerability in Trend Micro Security 2020 and 2021: Disabling Password Protection and Protection Disabling Memory Exhaustion Vulnerability in Trend Micro's Virus Scan API (VSAPI) and Advanced Threat Scan Engine (ATSE) Privilege Escalation Vulnerability in Trend Micro Apex One and OfficeScan XG SP1 Yandex Browser for Windows Local Privilege Escalation Vulnerability Yandex Browser for Windows Local Privilege Escalation Vulnerability Arbitrary Code Execution Vulnerability in Sophos Endpoint Products for MacOS Remote Code Execution Vulnerability in Sophos Connect Client (Versions prior to 2.1) Insecure Data Storage Vulnerability in Sophos Authenticator and Intercept X for Mobile Sophos Firewall Webadmin Privilege Escalation XSS Vulnerability XSS Vulnerabilities in Webadmin: Privilege Escalation in Sophos Firewall Unquoted Service Path Vulnerability in Sophos Intercept X Advanced and Sophos Exploit Prevention Arbitrary Code Execution with Administrator Privileges in HitmanPro.Alert (Build 901 and earlier) Arbitrary File Read/Write Vulnerability in HitmanPro (Build 318 and earlier) Stored XSS Vulnerability in Sophos UTM (before version 9.706) Allows Administrator-Level Execution in Quarantined Email Detail View Remote Arbitrary Code Execution in SolarWinds Orion Platform SolarWinds Orion Platform Database Credential Disclosure Vulnerability SolarWinds Serv-U Directory Traversal and Privilege Escalation Vulnerability Cross-Site Scripting (XSS) Vulnerability in FTAPI 4.0 - 4.10 File Submission Component Cross-Site Scripting (XSS) Vulnerability in FTAPI 4.0 - 4.10 Background Image Upload Feature Remote Code Execution via Unauthorized Wheel Modules in SaltStack Salt Directory Traversal Vulnerability in SaltStack Salt's salt.wheel.pillar_roots.write Method Server Side Template Injection Vulnerability in SaltStack Salt Credentials Leakage in SaltStack Salt Out-of-Bounds Read Vulnerability in Pillow's J2kDecode Out-of-Bounds Read Vulnerability in Pillow's J2kDecode Heap-based Buffer Overflow in TiffDecode when Decoding Crafted YCbCr Files Negative-offset memcpy with invalid size in TiffDecode.c Out-of-Bounds Read Vulnerability in Pillow's TiffDecode.c Regular Expression Denial of Service (ReDoS) Vulnerability in Pillow PDF Parser Out-of-Bounds Read Vulnerability in Pillow's SGIRleDecode.c Remote Code Execution in OpenCATS through 0.9.5-3 via Unsafe Deserialization Multiple Cross-site Scripting (XSS) Vulnerabilities in OpenCATS through 0.9.5-3 OS Command Injection in Nagios XI version xi-5.7.5 OS Command Injection in Nagios XI version xi-5.7.5 OS Command Injection in Nagios XI version xi-5.7.5 via cloud-vm.inc.php Cross-Site Scripting (XSS) Vulnerability in Nagios XI version xi-5.7.5 Buffer Overflow Vulnerability in Gigaset DX600A v41.00-175: Remote Reboot Exploit Lack of Lockout and Throttling Functionality in Gigaset DX600A v41.00-175 Telnet Administrator Service Remote Command Execution in Belkin Linksys WRT160NL 1.0.04.002_US_20130619 Directory Traversal Vulnerability in HTCondor's condor_credd User Impersonation Vulnerability in HTCondor IDTOKENS Authentication Method Cross-site Scripting (XSS) Vulnerability in Rancher Versions Prior to 2.5.6 Insecure Permissions Vulnerability in hawk2 of SUSE Linux Enterprise High Availability CWE-287: Improper Authentication in SUSE Linux Enterprise Server 15 SP 3 and openSUSE Tumbleweed Insecure Temporary File Vulnerability in s390-tools: Disrupting VM Live Migrations Incorrect Default Permissions Vulnerability in CUPS Packaging of SUSE Linux Enterprise Server 11-SP4-LTSS, SUSE Manager Server 4.0, SUSE OpenStack Cloud Crowbar 9; openSUSE Leap 15.2, Factory Improper Permission Assignment in Rancher Allows Unauthorized Resource Modification Privilege Escalation Vulnerability in openSUSE Factory VirtualBox Improper Access Control in Rancher Allows Unauthorized Cloud Provider Requests UNIX Symbolic Link (Symlink) Following Vulnerability in arpwatch: Local Privilege Escalation Privilege Escalation Vulnerability in python-HyperKitty of openSUSE Leap 15.2 and Factory Insecure Password Change Process in MISP 2.4.136 Stored XSS Vulnerability in MISP 2.4.136 Galaxy Cluster View XSS Vulnerability in MISP 2.4.136 via Galaxy Cluster Element Values Incorrect Access Control Vulnerability in Skyworth Digital Technology RN510 V.3.1.0.4: Disclosure of SSID and Web UI Passwords Cross-Site Request Forgery (CSRF) Vulnerability in Skyworth Digital Technology RN510 V.3.1.0.4 Buffer Overflow Vulnerability in Skyworth Digital Technology RN510 V.3.1.0.4: Potential DoS and Code Execution Incomplete Fix for CVE-2020-9484 in Apache Tomcat 10.0.0-M1 to 10.0.0, 9.0.0.M1 to 9.0.41, 8.5.0 to 8.5.61, and 7.0.0 to 7.0.107 Unauthenticated Provider Hijacking Vulnerability in MobileWips Application (SMR Feb-2021 Release 1) Unauthorized Access to Balance Information in Samsung Pay Mini Application Unauthorized Access to Contacts Information in Samsung Pay Mini Application Unauthorized Access to Balance Information in Samsung Pay Mini Application Denial of Service Vulnerability in Samsung Mobile Devices' Wallpaper Service Cocktailbar Service Vulnerability: Unauthorized Access to Hidden Notification Contents on Lockscreen Improper Access Control in NotificationManagerService on Samsung Mobile Devices Clipboard Service Vulnerability in Samsung Mobile Devices Memory Write Vulnerability in RKP EL2 Memory Region in Samsung Mobile Devices Address Validation Vulnerability in HArx Allows Memory Corruption in Samsung Mobile Devices Improper Access Control Vulnerability in Samsung Keyboard: Arbitrary Settings Modification Unauthenticated Provider Hijacking Vulnerability in S Assistant (prior to version 6.5.01.22) SMP SDK Prior to Version 3.0.9 Vulnerability: Unauthorized Actions and Denial of Service Attack via Provider Hijacking Vulnerability: Unauthorized Actions and Denial of Service Attack in Samsung Members Unauthenticated Access to Device Serial Number in knox_custom Service Kernel Panic Vulnerability in hwcomposer: Unsupported Format during Video Format Conversion Arbitrary Memory Overwrite Vulnerability in Quram Library (SMR Jan-2021 Release 1) Allows Arbitrary Code Execution Critical Hijacking Vulnerability in Samsung Email App Prior to SMR Feb-2021 Release 1 Unauthorized Access to Internal Storage in Samsung Internet (CVE-2021-25356) Hijacking PendingIntent Vulnerability in Slow Motion Editor (prior to version 3.5.18.5) Samsung Account Information Exposure Vulnerability Improper Access Control in EmailValidationView in Samsung Account: Unauthorized Account Logout Vulnerability Bixby Voice Implicit Intent Hijacking Vulnerability Hijacking PendingIntent in Galaxy Themes Allows Unauthorized Access to Private File Directories Improper Input Check in Samsung Internet: Exploiting Non-Exported Activity via Malicious Deeplink Hijacking PendingIntent Vulnerability in Samsung Notes (prior to version 4.2.00.22) Improper Caller Check Vulnerability in Managed Provisioning Allows Unauthorized Application Installation and Device Admin Privileges PendingIntent Hijacking Vulnerability in Create Movie App Allows Unauthorized Access to Contact Information Improper Storage of IMSI Values in SMR APR-2021 Release 1: Local Unauthorized Access Vulnerability Local Privilege Escalation Vulnerability in SELinux Policy Arbitrary Code Execution Vulnerability in libswmfextractor Library Improper Access Control Vulnerability in stickerCenter Allows Local Attackers to Read/Write Arbitrary System Files Vulnerability: Improper Permission Management in CertInstaller Allows Untrusted Applications to Delete Local Files Improper Access Control in ActivityManagerService Allows Unauthorized Process Access and File Deletion Secure Folder PendingIntent Hijacking Vulnerability: Unauthorized Access to Contact Information Improper Exception Control in softsimd: Unprivileged API Access Vulnerability Bypassing Secret Mode Authentication in Samsung Internet Prior to Version 13.2.1.70 Path Traversal Vulnerability in Samsung Notes: Unauthorized Access to Local Files Samsung Cloud Hijacking Vulnerability: Intercepting Provider Execution in Versions Prior to 4.7.0.3 Improper Access Control Vulnerability in sec_log File Exposes Sensitive Kernel Information File Descriptor Handling Vulnerability in DPU Driver Prior to SMR Mar-2021 Release 1 Arbitrary ELF Library Loading Vulnerability in DSP Driver Boundary Check Vulnerability in DSP Driver: Out-of-Bounds Memory Access Hijacking Vulnerability in Customization Service Prior to Android R(11.0) Improper Authorization Vulnerability in Samsung Members samsungrewards Scheme Allows Unauthorized Access to User Data Predictable Index Vulnerability in Samsung Email Allows Remote Access to Attachments Improper Synchronization Logic in Samsung Email Allows Plain Text Message Leakage Intent Redirection Vulnerability in Samsung Experience Service Remote Denial of Service Vulnerability in SmartThings (prior to version 1.7.63.6) due to Improper Access Control Intent Redirection Vulnerability in Gallery Prior to Version 5.4.16.1: Exploiting Privileged Actions Bixby Prior to Version 3.0.53.02 Vulnerability: Unauthorized Execution of User-Registered Actions Hijacking Vulnerability in Samsung Account PendingIntent Debugging Command Vulnerability in Secure Folder Allows Unauthorized Access to Contents Arbitrary Code Execution Vulnerability in libsapeextractor Library Arbitrary Code Execution Vulnerability in libsdffextractor Library Arbitrary Code Execution Vulnerability in libsdffextractor Library Arbitrary Code Execution Vulnerability in libsdffextractor Library Arbitrary Code Execution Vulnerability in libsflacextractor Library Arbitrary App Installation Vulnerability in Knox Core prior to SMR MAY-2021 Release 1 S Secure Vulnerability: Unauthorized Access to Locked Apps without Authentication Intent Redirection Vulnerability in PhotoTable: Exploiting Privileged Actions Intent Redirection Vulnerability in Secure Folder: Exploiting Privileged Actions Improper Protection of Backup Path Configuration in Samsung Dex: Local Attackers Exploit Vulnerability to Access Sensitive Information Local Privilege Escalation in SecSettings: Exploiting Improper Sanitization of Incoming Intent Race Condition Exploit in MFC Charger Driver: Arbitrary Write via Use After Free Vulnerability Race Condition Vulnerability in MFC Charger Driver Allows Signature Check Bypass Arbitrary Memory Write and Code Execution Vulnerability in NPU Firmware Improper Access Control Vulnerability in TelephonyUI Allows Arbitrary File Writing Intent Redirection Vulnerability in Bixby Voice: Unauthorized Access to Contacts File Access Vulnerability in Smart Manager prior to version 11.0.05.0 Intent Redirection Vulnerability in Samsung Internet: Privileged Action Execution Intent Redirection Vulnerability in Samsung Health Prior to Version 6.16: Exploiting Privileged Actions Samsung Notes Information Exposure Vulnerability Intent Redirection Vulnerability in Samsung Account Allows Unauthorized Access to Contacts and File Provider SmartThings Information Exposure Vulnerability: Unauthorized Access to User Information via Log Improper Access Control Vulnerability in Samsung Notes Allows Unauthorized File Access Gear S Plugin Information Exposure Vulnerability Arbitrary Memory Write Vulnerability in NPU Driver Prior to SMR JUN-2021 Release 1 Buffer Overflow Vulnerability in NPU Driver: Arbitrary Memory Write and Code Execution Notification Spoofing Vulnerability Arbitrary File Access Vulnerability in CallBGProvider Prior to SMR JUN-2021 Release 1 Address Validation Vulnerability in RKP API Prior to SMR JUN-2021 Release 1: Exploiting Read-Only Kernel Memory Write Access Improper Access Control Vulnerability in GenericSSOService Allows Local Attackers to Execute Protected Activity with System Privilege via Untrusted Applications Unsanitized Intent Vulnerability in Samsung Contacts Allows Unauthorized Data Access Arbitrary File Copy/Overwrite Vulnerability in Samsung Contacts Improper Address Validation in RKP Allows Local Attackers to Remap EL2 Memory as Writable Improper Address Validation in RKP Allows Creation of Executable Kernel Page Outside Code Area Unauthorized Access to Internal Storage in SDP SDK Prior to SMR JUN-2021 Release 1 Improper Component Protection Vulnerability in Samsung Internet: Arbitrary Activity Execution URL Spoofing Vulnerability in Samsung Internet Prior to Version 14.0.1.62 Wi-Fi Password Leakage Vulnerability in Galaxy Watch PlugIn Wi-Fi Password Leakage Vulnerability in Galaxy Watch3 PlugIn Wi-Fi Password Leakage Vulnerability in Watch Active PlugIn Wi-Fi Password Leakage Vulnerability in Watch Active2 PlugIn Critical Bluetooth Takeover Vulnerability in Tizen bluetooth-frwk Improper Check Vulnerability in Samsung Health: Unauthorized Access to Internal Cache Data Improper Component Protection Vulnerability in Samsung Message App Allows Unauthorized Access to Message Files Unauthenticated Access to Paired Device Information via SQL Injection in Bluetooth (SMR July-2021 Release 1) Untrusted Applications Exploit Dangerous Permissions in PackageManager Vulnerability Bluetooth Privilege Escalation Vulnerability Bluetooth Application Vulnerability: Unauthorized Access to Bluetooth Information Improper Access Control Vulnerability in Cameralyzer Samsung Members Information Exposure Vulnerability Tizen Factory Reset Policy Vulnerability: Unauthorized Factory Reset via dbus Signal Arbitrary Code Execution Vulnerability in Tizen Bootloader Prior to JUL-2021 Firmware Update Arbitrary Code Execution Vulnerability in Tizen Bootloader Prior to JUL-2021 Firmware Update Arbitrary Code Execution Vulnerability in Tizen FOTA Service via Samsung Accessory Protocol Arbitrary Code Execution Vulnerability in Tizen FOTA Service Prior to JUL-2021 Firmware Update Local File Inclusion Vulnerability in Samsung Members App Improper Access Control Vulnerability in Samsung Members App Allows Arbitrary Webpage Loading FactoryCameraFB: Improper Access Control Vulnerability AR Emoji Editor Arbitrary File Access Vulnerability KME Module Vulnerability: Bypassing Knox Manage Authentication Use After Free Vulnerability in conn_gadget Driver: Exploiting SMR AUG-2021 Release 1 IV Reuse Vulnerability in Keymaster: Decryption of Custom Keyblob with Privileged Process Unprotected Component Vulnerability: Unauthorized Access to Internal Files in Samsung Internet Arbitrary Webpage Loading Vulnerability in SmartThings Local File Inclusion Vulnerability in SmartThings (prior to version 1.7.67.25) Allows Untrusted Applications to Access Webview Arbitrary Webpage Loading Vulnerability in Smart Touch Call Arbitrary Code Execution Vulnerability in libsapeextractor Library Path Traversal Vulnerability in FactoryAirCommnadManger: Remote File Write via Socket IMSI Data Exposure: PendingIntent Hijacking Vulnerability in NetworkPolicyManagerService Improper Input Validation Vulnerability in DSP Driver Allows Permanent Denial of Service Improper Access Control in Bluetooth APIs: Untrusted Application Access to Bluetooth Information Remote DoS Vulnerability in libsaacextractor.so Library Arbitrary Address Access Vulnerability in libsaviextractor.so Library Arbitrary Address Execution via OOB Read Vulnerability in libswmfextractor.so Improper Input Validation Vulnerability in DSP Driver Allows Local Attackers to Obtain Limited Kernel Memory Information Memory Corruption Exploit: NULL Pointer Dereference Vulnerability in ION Driver Improper Access Control Vulnerability in sspInit() in BlockchainTZService Improper Access Control Vulnerability in sspExit() Allows Attackers to Terminate BlockchainTZService Stack-Based Buffer Overflow in APAService prior to SMR Sep-2021 Release 1 due to Improper Length Check SMR Sep-2021 Release 1 NPU Driver Vulnerability: NULL Pointer Dereference Leading to Memory Corruption Arbitrary Webpage Loading Vulnerability in PENUP (prior to version 3.8.00.18) Sensitive Information Leak Vulnerability in SamsungCapture 4.8.02 and Earlier Samsung Themes Vulnerability: Improper Scheme Check Enables Man-in-the-Middle Attack Samsung Internet Vulnerability: Man-in-the-Middle Attack Exploiting Improper Scheme Check Privilege Escalation via Buffer Overflow in Vision DSP Kernel Driver Widevine Trustlet Vulnerability: Arbitrary Memory Address Read Stack-Based Buffer Overflow Vulnerability in Widevine Trustlet Allows Arbitrary Code Execution Improper Caller Check Logic Vulnerability in TEEGRIS Secure OS Replay Attack Vulnerability in Security Mode Command Process: Denial of Service and Battery Depletion Risk Improper Access Control Vulnerability in BluetoothSettingsProvider: Untrusted Applications Can Overwrite Bluetooth Information Improper Exception Handling in SystemUI Allows Permanent Denial of Service Before Factory Reset Improper Exception Handling in SystemUI Allows Permanent Denial of Service Before Factory Reset Heap-Based Buffer Overflow Vulnerability in DSP Kernel Driver Prior to SMR Oct-2021 Release 1 Widevine TA Log Information Disclosure Vulnerability Mediatek RRC Protocol Stack Vulnerability: Modem Crash and Remote Denial of Service Exynos CP Chipset Stack-Based Buffer Overflow Vulnerability: Arbitrary Memory Write and Code Execution Exynos CP Chipset Heap-Based Buffer Overflow Vulnerability Allowing Arbitrary Memory Write and Code Execution Remote Denial of Service Vulnerability in Qualcomm Modem: Lack of Replay Attack Protection in GUTI REALLOCATION COMMAND Message Process Exynos CP Booting Driver Vulnerability: Bypassing Secure Memory Protector CMFA Framework Prior to SMR Oct-2021 Release 1: SQL Injection Vulnerability Allows Unauthorized Information Overwrite Out-of-Bounds Read Vulnerability in livfivextractor Library Touch Event Monitoring Vulnerability in InputManagerService Path Traversal Vulnerability in FactoryAirCommnadManger: Unauthorized File Write via BT Remote Socket Information Leakage Vulnerability in ipcdump Prior to SMR Oct-2021 Release 1 Buffer Overflow Vulnerability in Modem Interface Driver (SMR Oct-2021 Release 1) Out-of-Bounds Read Vulnerability in Modem Interface Driver's recv_data() Function Format String Bug in Modem Interface Driver: Vulnerability Exploitation via Radio Permission Keymaster Keyblob Downgrade Attack: Exploiting IV Reuse Vulnerability in Pre-SMR Oct-2021 Release 1 Memory Corruption Vulnerability in MFC Driver: NULL-Pointer Dereference Out-of-Bounds Read Vulnerability in Samsung Notes Library Out-of-Bounds Read Vulnerability in Samsung Notes Library Buffer Overflow Vulnerability in libSPenBase Library of Samsung Notes Heap Buffer Overflow Vulnerability in libSPenBase Library of Samsung Notes Buffer Overflow Vulnerability in maetd_dec_slice of libSPenBase Library in Samsung Notes Buffer Overflow Vulnerability in maetd_cpy_slice of libSPenBase Library in Samsung Notes Buffer Overflow Vulnerability in maetd_eco_cb_mode of libSPenBase Library in Samsung Notes Intent Redirection Vulnerability in SamsungAccountSDKSigninActivity of Galaxy Store HDCP LDFW Vulnerability: Overwriting TZASC for TEE Compromise Improper Access Control Vulnerability in SCloudBnRReceiver Allows Untrusted Application to Call Protected Providers Insecure Storage of Sensitive Information in Property Settings: Unauthorized Access to ESN Value Arbitrary Code Execution Vulnerability in HDCP (SMR Nov-2021 Release 1) Intent Redirection Vulnerability in Group Sharing: Unauthorized Access to Contact Information Samsung Pass Vulnerability: Unauthorized App Access without Authentication Samsung Health Prior to 6.19.1.0001 Vulnerability: Non-existent Provider Access and Denial of Service Unauthorized Access to Secure Folder Notifications in Samsung Flow Mobile Application API Key Privilege Escalation Vulnerability in SmartThings (prior to 1.7.73.22) Arbitrary File Overwrite Vulnerability in Samsung Flow Windows Application Improper Validation Vulnerability in FilterProvider Allows Local Arbitrary Code Execution Arbitrary File Write Vulnerability in FilterProvider (SMR Dec-2021 Release 1) Telephony Improper Validation Vulnerability in SMR Dec-2021 Release 1 Unauthorized Access to Device Data on Lockscreen in Apps Edge Application Improper Intent Redirection Handling in Tags: Accessing Sensitive Information Vulnerability Improper Implicit Intent Usage in SemRewardManager Allows Unauthorized Access to BSSID Location Tracking Vulnerability in Exynos Baseband Arbitrary Code Execution Vulnerability in LDFW Prior to SMR Dec-2021 Release 1 Arbitrary Memory Write and Code Execution Vulnerability in LDFW and BL31 Improper Access Control Vulnerability in CPLC Prior to SMR Dec-2021 Release 1 Insecure Caller Check and Input Validation Vulnerabilities in SearchKeyword Deeplink Logic Insecure Caller Check Vulnerability in Samsung Internet 16.0.2 Insecure Storage of Sensitive Images in Smart Capture: Unauthorized Access Vulnerability Samsung Dialer Vulnerability: Unauthorized Access to Samsung Account ID Samsung Contacts App Vulnerability: Unauthorized Access to Samsung Account ID NFC Bypass Vulnerability in Samsung Pay (US only) prior to version 4.0.65 Intent Redirection Vulnerability in Samsung Blockchain Wallet: Privileged Action Execution Unauthenticated Access to Bill Pay and Recharge Menu in Samsung Pay (India) Prior to Version 4.1.77 Privilege Escalation Vulnerability in loolforkit Denylist Bypass Vulnerability in LibreOffice 7-1 and 7-0 Series Improper Certificate Validation in LibreOffice Allows Manipulation of Digital Signatures Improper Certificate Validation in LibreOffice Allows Bogus Signature Timestamp Insertion Improper Certificate Validation in LibreOffice 7.2 versions prior to 7.2.5 Apache Dubbo Open Redirect and SSRF Vulnerability Dubbo Server Serialization ID Tampering Vulnerability Arbitrary Command Execution in Apache Hadoop YARN's ZKConfigurationStore Credentials Leakage in Couchbase Server Authentication Information Leakage in Couchbase Server REST API Credential Leakage in Couchbase Server Arbitrary Code Execution in Apache Druid Stored XSS Vulnerability in Testes de Codigo Mobile Application v11.3 and Prior Vulnerability: Unauthorized Access to Administrative Interface and Premium Features in Testes de Codigo Mobile Application Information Disclosure Vulnerability in Avaya Aura Utility Services: Unauthorized Access to System Functionality and Configuration Avaya Aura Utility Services Privilege Escalation Vulnerability Avaya Aura Utility Services Privilege Escalation Vulnerability Local User Information Disclosure Vulnerability in Avaya Aura Appliance Virtualization Platform Utilities (AVPU) Avaya Aura Appliance Virtualization Platform Utilities Privilege Escalation Vulnerability Arbitrary Code Execution Vulnerability in Avaya Aura Device Services (Versions 7.0-8.1.4.0) URL Redirection Vulnerability in Avaya Aura Experience Portal Service Menu Component Stored XSS Injection Vulnerabilities in Avaya Aura Experience Portal Web Management Privilege Escalation Vulnerability in Avaya IP Office Admin Lite and USB Creator Denial-of-Service Vulnerability in Automation License Manager Out-of-Bounds Memory Access Vulnerability in SIMATIC HMI and WinCC Runtime Out-of-Bounds Memory Access Vulnerability in SIMATIC HMI and WinCC Runtime Denial-of-Service Vulnerability in SIMATIC HMI and WinCC Runtime Software IPv6 Extension Header Length Validation Vulnerability IPv6 Hop-by-Hop Extension Header Length Field Vulnerability Out-of-Bounds Write Vulnerability in Simcenter STAR-CCM+ Viewer (ZDI-CAN-13700) ARP Packet Denial-of-Service Vulnerability in SCALANCE W780 and W740 (IEEE 802.11n) Family Stack-Based Buffer Overflow Vulnerability in RUGGEDCOM and SCALANCE Devices Allows for Remote Code Execution Heap Write Out-of-Bounds Vulnerability in SCALANCE X-Series Devices Stack Overflow Vulnerability in SCALANCE X Series Network Devices Out-of-Bounds Write Vulnerability in Tecnomatix RobotExpert (ZDI-CAN-12608) ARP Packet Denial-of-Service Vulnerability in RWG1.M12 and RWG1.M8 (All versions < V1.16.16) Account Takeover Vulnerability in Mendix Forgot Password Appstore Module (All Versions < V3.2.1) Denial-of-Service Vulnerability in SIMATIC S7-PLCSIM V5.4 Denial-of-Service Vulnerability in SIMATIC S7-PLCSIM V5.4 Denial-of-Service Vulnerability in SIMATIC S7-PLCSIM V5.4 Multiple Failed SSH Authentication Attempts Vulnerability Leading to Temporary Denial-of-Service and Automatic Reboot Vulnerability: DNS Transaction ID Randomization Issue Out-of-Bounds Write Vulnerability in Solid Edge SE2020 and SE2021 (ZDI-CAN-12529) Vulnerability: Authenticated Stored XSS in AdTran Personal Phone Manager Software Vulnerability: Reflected Cross-Site Scripting (XSS) in AdTran Personal Phone Manager Software AdTran Personal Phone Manager 10.8.1 Software DNS Exfiltration Vulnerability Improper Parsing of /proc/pid/status File in get_pid_info() Function Improper Parsing of /proc/pid/stat File in get_starttime() Function FIFO Hanging Read Vulnerability in Apport Sensitive Password Logging in Teradici PCoIP Agents Remote Code Execution Vulnerability in Teradici PCoIP Soft Client Null Pointer Dereference Vulnerability in Teradici PCoIP Soft Client Insecure Logging of Sensitive Smart Card Data in Teradici's PCoIP Connection Manager and Security Gateway Null Pointer Dereference Vulnerability in Teradici PCoIP Agent Insecure DLL Validation in Teradici PCoIP Graphics Agent for Windows prior to 21.03 Privilege Escalation Vulnerability in Teradici PCOIP Software Agent's USB vHub Privilege Escalation Vulnerability in Teradici PCoIP Standard Agent Privilege Escalation Vulnerability in Teradici PCoIP Software Client Denial of Service Vulnerability in fUSBHub Driver of PCoIP Software Client Vulnerability: Bypassing Validating Admission Webhook for Node Updates in kube-apiserver Kube-proxy Vulnerability: Unintentional Traffic Forwarding to Local Processes Vulnerability: Pod Traffic Redirection to Private Networks in Kubernetes Kubernetes Java Client Library YAML Code Execution Vulnerability Kubernetes Vulnerability: Exploiting Confused Deputy Attack for Unauthorized Network Traffic Kubernetes Subpath Volume Mount Vulnerability Ingress-nginx Vulnerability: Unauthorized Access to Cluster Secrets via Custom Snippets Unsanitized Output Vulnerability in kubectl Ingress-nginx Vulnerability: Unauthorized Access to Ingress Controller Credentials Ingress-nginx Controller Credential Exposure Vulnerability Ingress-nginx Credential Exposure via Newline Bypass Privilege Escalation Vulnerability in Windows Container Workloads Session ID Exposure Vulnerability in JetBrains Code With Me Insecure HTTP Links in JetBrains IntelliJ IDEA: A Vulnerability Open Redirect Vulnerability in JetBrains Hub before 2020.1.12629 Insecure Deserialization in JetBrains IntelliJ IDEA: Local Code Execution Vulnerability Authentication Bypass Vulnerability in JetBrains Hub Allows Unauthorized Deletion of 2FA Settings Information Disclosure Vulnerability in JetBrains Hub Public API Birthday Attack Vulnerability in JetBrains Ktor SessionStorage Key HTTP Request Smuggling Vulnerability in JetBrains Ktor before 1.4.3 Default Weak Cipher Suites Enabled in JetBrains Ktor before 1.4.2 Code Injection Vulnerability in JetBrains PhpStorm before 2020.3 CSRF Vulnerability in JetBrains YouTrack before 2020.4.4701 via Attachment Upload Improper Resource Access Checks in JetBrains YouTrack before 2020.4.4701 Disclosure of Issue Existence in JetBrains YouTrack via Command Execution Improper Permissions Checking in JetBrains YouTrack Allows Unauthorized Attachment Actions YouTrack Administrator Attachment Access Vulnerability Server-Side Template Injection (SSTI) Vulnerability in JetBrains YouTrack before 2020.5.3123 Project Information Disclosure Vulnerability in JetBrains YouTrack Server Integration DoS Vulnerability in JetBrains TeamCity Reflected XSS Vulnerability in JetBrains TeamCity (pre-2020.2) GitHub Access Token Exposure in JetBrains TeamCity User Access Token Vulnerability in JetBrains TeamCity Exposure of ECR Token in JetBrains TeamCity Builds Parameters Improper Permission Check during Token Removal in JetBrains TeamCity (CVE-2020-26259) Improper Permission Checking in JetBrains TeamCity User Deletion SQL Injection Vulnerability in Baby Care System v1.0 via 'id' Parameter on contentsectionpage.php Arbitrary File Upload Vulnerability in Baby Care System 1.0 Allows Remote Command Execution Blind SQL Injection Vulnerability in Taocms v2.5Beta5's Article Search Function Blind SQL Injection Vulnerability in Taocms v2.5Beta5's Edit Article Function Cross-Site Scripting (XSS) Vulnerability in Taocms v2.5Beta5 via Component Management Column Remote Code Execution Vulnerability in QPDF 10.0.4 Multiple Stored XSS Vulnerabilities in House Rental and Property Listing 1.0 Register Module Stored XSS Vulnerabilities in Update Profile Module of Online Doctor Appointment System 1.0 Buffer Overflow Vulnerability in VideoLAN VLC Media Player 3.0.11's __Parse_indx Component Buffer Overflow Vulnerability in AVI_ExtractSubtitle Component of VideoLAN VLC Media Player 3.0.11 Out-of-Bounds Read Vulnerability in VideoLAN VLC Media Player 3.0.11 via Crafted .avi File NULL-pointer dereference vulnerability in Open function in avi.c of VideoLAN VLC Media Player 3.0.11 leading to denial of service (DOS) Arbitrary Code Execution Vulnerability in Bludit 3.13.1 Backup Plugin Physical Path Leakage Vulnerability in UCMS 1.5.0 XSS Vulnerability in MERCUSYS Mercury X18G 1.0.5 Devices via Crafted Values in 'src_dport_start', 'src_dport_end', and 'dest_port' Parameters Denial of Service Vulnerability in MERCUSYS Mercury X18G 1.0.5 Devices China Mobile An Lianbao WF-1 1.01 Command Injection Vulnerability Emby Server < 4.7.12.0 Login Bypass Vulnerability Emby Server < 4.6.0.50 XSS Vulnerability via Crafted GET Request Denial of Service Vulnerability in ONLYOFFICE DocumentServer v4.0.0-9-v5.6.3 Remote Code Execution Vulnerability in ONLYOFFICE DocumentServer Remote Code Execution Vulnerability in ONLYOFFICE DocumentServer Heap Buffer Overflow Vulnerability in BMP Image Processing of ONLYOFFICE DocumentServer v4.0.0-9-v6.0.0 Arbitrary File Overwriting and Remote Code Execution in ONLYOFFICE DocumentServer Transaction Replay Vulnerability in Cosmos Network Ethermint <= v0.4.0 EVM Module Cross-Chain Transaction Replay Vulnerability in Cosmos Network Ethermint <= v0.4.0 Cache Lifecycle Inconsistency in Cosmos Network Ethermint <= v0.4.0: Exploitable Honeypot Contract Vulnerability Cache Lifecycle Inconsistency in Cosmos Network Ethermint <= v0.4.0: Enabling Arbitrary Mint Token Attacks Cross-Site Scripting (XSS) Vulnerability in MintHCM RELEASE 3.0.8 Import Function Weak Password Requirement Vulnerability in MintHCM RELEASE 3.0.8 Denial of Service Vulnerability in Moxa Camera VPort 06EC-2V Series Denial of Service Vulnerability in Moxa Camera VPort 06EC-2V Series Information Disclosure Vulnerability in Moxa Camera VPort 06EC-2V Series Information Disclosure Vulnerability in Moxa Camera VPort 06EC-2V Series Integer Underflow Vulnerability in Moxa Camera VPort 06EC-2V Series File Deletion Vulnerability in pcmt superMicro-CMS 3.11 via Crafted Image File Arbitrary Code Execution Vulnerability in pcmt superMicro-CMS 3.11 Default Password Vulnerability in Open5GS 2.1.3 Arbitrary File Fetch Vulnerability in node-red-contrib-huemagic 3.0.0 SQL Injection Vulnerability in AVideo/YouPHPTube 10.0 and Prior Reflected Cross-Site Scripting Vulnerabilities in AVideo/YouPHPTube 10.0 and Prior Reflected Cross-Site Scripting Vulnerabilities in AVideo/YouPHPTube 10.0 and Prior Insecure File Write Vulnerability in AVideo/YouPHPTube 10.0 and Prior Reflected Cross-Site Scripting Vulnerabilities in AVideo/YouPHPTube 10.0 and Prior Stored Cross-Site Scripting (XSS) Vulnerability in Magnolia CMS 6.1.3 to 6.2.3 Stored Cross-Site Scripting (XSS) Vulnerability in Magnolia CMS 6.1.3 - 6.2.3 Unencrypted Password Storage in Void Aural Rec Monitor 9.0.0.1 Blind Time-Based SQL Injection in Void Aural Rec Monitor 9.0.0.1 Heap-based Buffer Overflow in SmallVec::insert_many Data Race Vulnerability in Rust's Lazy-Init Crate Double Drop Panic Vulnerability in glsl-layout Crate Dereferencing Raw Pointer Vulnerability in Cache Crate Dereferencing Raw Pointer Vulnerability in av-data Crate Uninitialized Memory Read Vulnerability in bra crate Double Drop Vulnerability in basic_dsp_matrix Crate Double Drop Panic Vulnerability in Containers Crate Double Free Vulnerability in fil-ocl Crate Denial of Service Vulnerability in ZIV Automation 4CCT-EA6-334126BF Firmware Version 3.23.80.27.36371 Cookie Parameter Authentication Bypass Vulnerability in ZIV AUTOMATION 4CCT-EA6-334126BF Title: Critical Prototype Pollution Vulnerability in 'dotty' Versions 0.0.1 - 0.1.0: Remote Code Execution and Denial of Service Prototype Pollution Vulnerability in 'set-or-get' Version 1.0.0 through 1.2.10: Denial of Service and Remote Code Execution Prototype Pollution Vulnerability in 'object-collider' Versions 1.0.0 - 1.0.3: Denial of Service and Remote Code Execution Prototype Pollution Vulnerability in 'changeset' Versions 0.0.1 - 0.2.5: Denial of Service and Remote Code Execution Prototype Pollution Vulnerability in 'patchmerge' Versions 1.0.0 - 1.0.1: Denial of Service and Remote Code Execution Stored Cross-Site Scripting (XSS) Vulnerability in OpenEMR Versions 5.0.2 to 6.0.0 Stored Cross-Site Scripting (XSS) Vulnerability in OpenEMR 5.0.2 to 6.0.0 Stored Cross-Site Scripting (XSS) Vulnerability in OpenEMR Versions 5.0.2 to 6.0.0 OpenEMR Improper Access Control Vulnerability: Unauthorized Message Reading and Sending Stored Cross-Site Scripting (XSS) Vulnerability in OpenEMR Versions 2.7.3-rc1 to 6.0.0 Reflected Cross-Site Scripting (XSS) Vulnerability in OpenEMR 4.2.0 to 6.0.0 Weak Password Requirements in OpenEMR Versions 5.0.0 to 6.0.0.1 Allow for Account Takeover CSRF Vulnerability in GoCD Versions 19.6.0 to 21.1.0 at /go/api/config/backup Endpoint Stored Cross-Site Scripting (XSS) Vulnerability in SiCKRAGE Versions 4.2.0 to 10.0.11.dev1 Reflected Cross-Site Scripting (XSS) Vulnerability in SiCKRAGE's quicksearch Feature Prototype Pollution Vulnerability in 'safe-flat' Versions 2.0.0 - 2.0.1: Denial of Service and Remote Code Execution Critical Prototype Pollution Vulnerability in 'safe-obj' Versions 1.0.0 - 1.0.2: Remote Code Execution and Denial of Service Stored Cross-Site Scripting Vulnerability in OpenNMS Horizon and OpenNMS Meridian CSRF Vulnerability in OpenNMS Horizon and OpenNMS Meridian CSRF Vulnerability in OpenNMS Horizon and OpenNMS Meridian Stored Cross-Site Scripting Vulnerability in OpenNMS Horizon and OpenNMS Meridian Stored Cross-Site Scripting Vulnerability in OpenNMS Horizon and OpenNMS Meridian Stored Cross-Site Scripting Vulnerability in OpenNMS Horizon and OpenNMS Meridian Stored Cross-Site Scripting Vulnerability in OpenNMS Horizon and OpenNMS Meridian ArangoDB Cross-Site Scripting (XSS) Vulnerability ArangoDB SSRF Vulnerability in Foxx Service Download Feature ArangoDB Insufficient Session Expiration Vulnerability Prototype Pollution Vulnerability in 'deep-override' Versions 1.0.0 - 1.0.1: Denial of Service and Remote Code Execution Prototype Pollution Vulnerability in '101' Versions 1.0.0 - 1.6.3: Denial of Service and Remote Code Execution Prototype Pollution Vulnerability in 'deep-defaults' Versions 1.0.0 - 1.0.5: Denial of Service and Remote Code Execution Prototype Pollution Vulnerability in 'js-extend' Versions 0.0.1 - 1.0.1: Denial of Service and Remote Code Execution Prototype Pollution Vulnerability in nconf-toml 0.0.1 - 0.0.2: Denial of Service and Remote Code Execution Prototype Pollution Vulnerability in 'nestie' Versions 0.0.0 through 1.0.0: Denial of Service and Remote Code Execution Prototype Pollution Vulnerability in 'expand-hash' Versions 0.1.0 through 1.0.1: Denial of Service and Remote Code Execution Prototype Pollution Vulnerability in 'set-getter' Version 0.1.0: Denial of Service and Remote Code Execution Denial of Service Vulnerability in XML2Dict 0.2.2 Prototype Pollution Vulnerability in 'just-safe-set' Versions 1.0.0 - 2.2.1: Denial of Service and Remote Code Execution Prototype Pollution Vulnerability in 'putil-merge' Versions 1.0.0 through 3.6.6: Denial of Service and Remote Code Execution Unrestricted Access to Private Note Modification in Dolibarr Application Stored XSS Vulnerability in Dolibarr ERP CRM WYSIWYG Editor Module Allows Account Takeover and Privilege Escalation Account Takeover Vulnerability in Dolibarr Application Account Takeover via Password Reset Functionality in Dolibarr Application Sensitive Table Information Leakage in Apache Ofbiz Reflected Cross-site Scripting (XSS) Vulnerability in OpenCRX Password Reset Functionality CSV Injection Vulnerability in SuiteCRM Account Takeover Vulnerability in SuiteCRM Formula Injection Vulnerability in Shuup Application Reflected Cross-Site Scripting (XSS) Vulnerability in Shuup Versions 1.6.0 - 2.10.8 Stored XSS Vulnerability in Calibre-web Application CSRF Vulnerability in Calibre-web Allows Unauthorized User Role Creation and Application Takeover Improper Session Termination Vulnerability in Orchard Core CMS Stored XSS Vulnerability in CKAN via SVG Profile Picture Upload Stored XSS Vulnerability in OpenCMS Sitemap Functionality Stored XSS Vulnerability in Camaleon CMS Application Session Hijacking Vulnerability in Camaleon CMS 0.1.7 to 2.6.0 Uncaught Exception Vulnerability in Camaleon CMS Media Upload Feature Camaleon CMS 2.1.2.0 to 2.6.0 - Server-Side Request Forgery (SSRF) in Media Upload Feature Improper Access Control in Publify Allows Unauthorized Self-Registration Stored XSS Vulnerability in Publify Versions v8.0 to v9.2.4 Unrestricted File Upload Vulnerability in Publify v8.0 to v9.2.4 Allows for Stored XSS CSRF Vulnerability in PiranhaCMS: Unauthorized Actions via Known ID Stored XSS Vulnerability in PiranhaCMS Versions 7.0.0 to 9.1.1: Improper Sanitization of Page Titles Stored XSS Vulnerability in Apostrophe CMS Versions 2.63.0 to 3.3.1 via Malicious SVG Upload Apostrophe CMS Prior to 3.3.1: Inadequate Session Invalidation Host Header Injection Vulnerability in Talkyard Insufficient Session Expiration in Talkyard: Admin Privilege Escalation Reflected Cross-Site Scripting (XSS) Vulnerability in Factor Forum Plugin Reflected Cross-Site Scripting (XSS) Vulnerability in Factor Forum Plugin Stored Cross-Site Scripting (XSS) Vulnerability in Factor Forum Plugin Session Hijacking Vulnerability in Factor (App Framework & Headless CMS) Stored Cross-Site Scripting (XSS) Vulnerability in Django-wiki Notifications Section Stored XSS Vulnerability in Hexo Versions 0.0.1 to 5.4.0 Stored XSS Vulnerability in ifme Versions 1.0.0 to v7.31.4 via Ally Request in Notifications Section Stored XSS Vulnerability in ifme Markdown Editor Self-Stored XSS Vulnerability in ifme Contacts Field Allows Loading XSS Payloads via Iframe Improper Access Control Vulnerability in Ifme: Admin Self-Ban and Account Deactivation Session Hijacking Vulnerability in Ifme Versions 1.0.0 to v.7.33.2 Stored XSS Vulnerability in Requarks wiki.js Allows Account Takeover Host Header Injection Vulnerability in Userfrosting: Account Takeover via Forgot Password Functionality XSS Vulnerability in Nagios XI 5.8.0 Favorites Component Insecure Direct Object Reference vulnerability in Nagios XI 5.8.0 Favorites Component User Mode Write Access Violation in ACDSee Professional 2021 14.0 1721 via Crafted BMP Image User Mode Write Access Violation in ACDSee Professional 2021 14.0 1721 via Crafted BMP Image Unauthenticated Category Change Vulnerability in Joomla! 3.0.0 through 3.9.24 Arbitrary File Write Vulnerability in Joomla! 3.0.0 through 3.9.24 Form Content Overwrite Vulnerability in Joomla! 1.6.0 through 3.9.24 XSS Vulnerability in Joomla! Default Templates' Logo Parameter on Error Page Inadequate Filters in Joomla! Module Layout Settings Lead to Local File Inclusion (LFI) Vulnerability XSS Vulnerability in Joomla! MediaHelper::canUpload Allows HTML Injection CSRF Vulnerability in Joomla! AJAX Reordering Endpoint CSRF Vulnerability in Joomla! com_banners and com_sysinfo Data Download Endpoints XSS Vulnerability in Joomla! JForm API's Rules Field Input Validation Vulnerability in Joomla! Usergroups Table Session Termination Vulnerability in Joomla! CMS Vulnerability: Lack of ACL Checks in Joomla! com_installer Install Action XSS Vulnerability in Joomla! com_media Imagelist View Insecure File Deletion in Joomla! 4.0.0 Media Manager Sensitive Data Exposure in Atlassian Bamboo /chart Endpoint Template Injection Vulnerability in Atlassian Jira Server for Slack Plugin Information Disclosure Vulnerability in Atlassian Jira Server and Data Center Broken Authentication Vulnerability in Atlassian Jira Server and Data Center Jira Server and Data Center CSRF Vulnerability in SetFeatureEnabled.jspa Resource Blind Server-Side Request Forgery (SSRF) Vulnerability in WidgetConnector Plugin Authentication Bypass in Atlassian Connect Express (ACE) Versions 3.0.2 - 6.6.0 Authentication Bypass in Atlassian Connect Spring Boot (ACSB) Information Disclosure Vulnerability in Jira Importers Plugin Allows Path Disclosure Insecure Cookie Handling in Jira Editor Plugin Allows User Mode Disclosure Authentication Bypass Vulnerability in Atlassian Connect Spring Boot (ACSB) Cross-Site Scripting (XSS) Vulnerability in Jira Server and Jira Data Center Cross-Site Scripting (XSS) Vulnerability in Jira Server and Jira Data Center Cross-Site Scripting (XSS) Vulnerability in EditworkflowScheme.jspa in Jira Server and Jira Data Center Sensitive Data Exposure in Jira Server and Jira Data Center REST API Stored Cross-Site Scripting Vulnerability in Atlassian Jira Server and Jira Data Center Cross-Site Scripting (XSS) Vulnerability in Atlassian Jira Server and Jira Data Center OGNL Injection Vulnerability in Confluence Server and Data Center Pre-Authorization Arbitrary File Read Vulnerability in Atlassian Confluence Server Path Traversal Vulnerability in Atlassian Jira Server and Data Center FSSO Collector Version 5.0.295 and Below: Improper Authentication Vulnerability Privilege Escalation via Improper Symlink Following in FortiClient for Mac 6.4.3 and Below Memory Exhaustion Vulnerability in FortiMail Webmail Reflected Cross-site Scripting (XSS) Vulnerability in FortiOS and FortiProxy Session Management Vulnerability in FortiMail 6.4.0 - 6.4.4 and 6.2.0 - 6.2.6 Heap-based Buffer Overflow in FortiSandbox Command Shell Command Injection Vulnerability in FortiSandbox Web GUI Predictable Session IDs in FortiSandbox RPC API Cryptographic Vulnerability in FortiMail Identity-Based Encryption Service Identity-Based Encryption Vulnerability in FortiMail Cross-Site Request Forgery (CSRF) Vulnerability in FortiProxy and FortiGate SSL VPN Portal Multiple OS Command Injection Vulnerabilities in Fortinet Products Command Injection Vulnerability in FortiAP's Console (Versions 6.2.4 - 6.2.5 and 6.4.1 - 6.4.5) Improper Access Control Vulnerability in FortiManager: Unauthorized Modification of VPN Tunnel Status FortiOS SSLVPN Vulnerability: Retrieval of Hard-Coded Cryptographic Key through Reverse Engineering Integer Overflow Vulnerability in FortiOS SSLVPN Memory Allocator Privilege Escalation Vulnerability in FortiOS Autod Daemon and FortiProxy Memory Exhaustion Vulnerability in FortiSwitch Stack-based Buffer Overflow Vulnerabilities in FortiWAN Network Daemons and Command Line Interpreter Predictable Salt Vulnerability in FortiWAN before 4.5.9 SQL Injection Vulnerabilities in FortiWAN before 4.5.9 Command Injection Vulnerability in FortiAuthenticator Vulnerability: Anonymous Access Bypass in ActiveMQ LDAP Login Module OpenWire Protocol Advisory Message Bypass Vulnerability in Apache ActiveMQ Artemis 2.15.0 Sandbox Escape Vulnerability in Smarty before 3.1.39 Code Injection Vulnerability in Smarty before 3.1.39 via Unexpected Function Name Cross-Site Scripting (XSS) Vulnerability in LivingLogic XIST4C before 0.107.8 via feedback.htm or feedback.wihtm Cross-Site Scripting (XSS) Vulnerability in LivingLogic XIST4C before 0.107.8 via login pages Heap-use-after-free vulnerability in ecma_is_lexical_environment in JerryScript 2.4.0 Heap Buffer Overflow in lexer_parse_number in JerryScript 2.4.0 SEGV Vulnerability in JerryScript 2.4.0: main_print_unhandled_exception in main-utils.c SEVG Vulnerability in JerryScript 2.4.0: ecma_deref_bigint in ecma-helpers.c Heap-use-after-free vulnerability in JerryScript 2.4.0: ecma_bytecode_ref in ecma-helpers.c SQL Injection Vulnerability in Library System 1.0 Allows Unauthorized Access as Admin User SQL Injection Vulnerability in CASAP Automated Enrollment System 1.0 Login Panel Allows for Admin Panel Access Cross-Site Request Forgery (CSRF) Vulnerability in SeedDMS 5.1.x's out.EditDocument.php Cross-Site Request Forgery (CSRF) Vulnerability in SeedDMS 5.1.x's out.EditFolder.php Out-of-Bounds Write Vulnerability in ezxml_toxml Function Out-of-Bounds Write Vulnerability in ezXML's ezxml_new Function Out-of-Bounds Write Vulnerability in ezXML's ezxml_new Function SQL Injection Vulnerability in SourceCodester CASAP Automated Enrollment System v1.0 via id parameter in view_pay.php Cross-Site Scripting (XSS) Vulnerability in SourceCodester Fantastic-Blog-CMS V 1.0 via search.php SQL Injection Vulnerability in SourceCodester CASAP Automated Enrollment System v1.0 via id parameter in edit_user.php Arbitrary Web Script Injection in SourceCodester CASAP Automated Enrollment System v 1.0 SQL Injection Vulnerability in SourceCodester CASAP Automated Enrollment System v1.0 via id parameter in edit_class1.php SQL Injection Vulnerability in SourceCodester CASAP Automated Enrollment System v1.0 via id parameter in edit_stud.php Arbitrary Web Script Injection Vulnerability in SourceCodester CASAP Automated Enrollment System v 1.0 SQL Injection Vulnerability in SourceCodester Fantastic Blog CMS v1.0 via category.php SQL Injection Vulnerability in SourceCodester Simple College Website v1.0 User Mode Write Access Violation Vulnerability in FastStone Image Viewer <= 7.5 User Mode Write Access Violation in FastStone Image Viewer <= 7.5 User Mode Write Access Violation Vulnerability in FastStone Image Viewer <= 7.5 Stack-based Buffer Overflow in FastStone Image Viewer v.<= 7.5 CUR File Parsing Functionality User Mode Write Access Violation in FastStone Image Viewer <= 7.5 Cross-Site Scripting (XSS) Vulnerability in Cacti's Password Change Functionality Unauthorized Owner Assignment Vulnerability in Philips MRI 1.5T and MRI 3T Version 5.x.x Denial of Service Vulnerability in Intel(R) Distribution of OpenVINO(TM) Toolkit Heap Buffer Overflow in htmldoc v1.9.12: Arbitrary Code Execution and Denial of Service Vulnerability DUO MFA Bypass Vulnerability in Splunk Enterprise Denial of Service Vulnerability in Intel(R) PROSet/Wireless WiFi and Killer(TM) WiFi Products Critical Unauthenticated Stored XSS Vulnerability in Survey Maker WordPress Plugin (<= 2.0.6) Buffer Overflow Vulnerability in Intel(R) and Killer(TM) Bluetooth Firmware Escalation of Privilege Vulnerability in Intel(R) Killer(TM) Control Center Software Heap Buffer Overflow in htmldoc v1.9.12: Arbitrary Code Execution and Denial of Service Vulnerability Integer Overflow and Heap-Buffer Overflow Vulnerability in OpenEXR's DwaCompressor (Versions before 3.0.1) Unrestricted Access Vulnerability in Philips MRI 1.5T and MRI 3T Version 5.x.x Arbitrary Web Script Injection in Odoo Community and Enterprise Discuss App DeltaV Distributed Control System Controllers Denial-of-Service Vulnerability Reseller Bypasses Suspension Lock in cPanel (SEC-578) Bypassing Suspension in cPanel (SEC-579) CKEditor 4 before 4.16 Vulnerability: ReDoS Attack via Crafted Text in Styles Input CKEditor 4 Autolink Plugin ReDoS Vulnerability NinjaRMM 5.0.909 Agent Incorrect Access Control Vulnerability Insecure Permissions Vulnerability in NinjaRMM 5.0.909 Agent Command Injection Vulnerability in eslint-fixer Package (CVE-2021-XXXX) Potential Remote Code Execution in GoDaddy node-config-shield Package Improper Handling of PendingIntents in Framework Service: Privilege Escalation Vulnerability Apache Maven Vulnerability: Default Behavior Allows Following of Potentially Malicious Repositories Directory Traversal Vulnerability in AfterLogic Aurora and WebMail Pro Directory Traversal Vulnerability in AfterLogic Aurora and WebMail Pro Apache OFBiz Unsafe Deserialization Vulnerability Cryptographically Weak CSRF Tokens in Apache MyFaces Core Stored XSS Vulnerability in PHPGurukul Daily Expense Tracker System 1.0 via user-profile.php Full Name Field Stored XSS Vulnerability in PHPGurukul Daily Expense Tracker System 1.0 via add-expense.php Item Parameter Heap Memory Access Violation in Deserializer::read_vec Unsound Transmute Calls in raw-cpuid Crate's as_string() Methods Unsound CPUID Instruction Support in raw-cpuid Crate Memory Access Violation in marc Crate Insecure Permissions in TeamCity Plugin for IntelliJ: Information Disclosure Vulnerability TeamCity IntelliJ Plugin DoS Vulnerability Memory Rearrangement Vulnerability in AMD SEV/SEV-ES: Exploiting Hypervisor Access for Arbitrary Code Execution IOMMU TLB Flushing Vulnerability Speculative Code Store Bypass: A Potential Data Leakage Vulnerability Floating Point Value Injection: Exploiting Speculative Execution for Data Leakage Insufficient Verification of Decrypted Firmware Images in AMD Platform Security Processor (PSP) Allows Arbitrary Code Execution Buffer Tampering Vulnerability in BIOS Communication Service Allows Arbitrary Code Execution in SMM Protocol Verification Failure in SMM: Exploiting SPI Flash for Arbitrary Code Execution PREFETCH Side Channel Attack: Unveiling Kernel Address Space Information on AMD CPUs AMD SEV Firmware Denial of Service Vulnerability SEV Firmware Vulnerability: Insufficient ID Command Validation Enables Denial of Service Attack on PSP Vulnerability: Lack of Random IV Protection for Persistent Platform Private Key Memory Integrity Vulnerability in SEV Commands with Active SNP SEV-ES TMR Bug: Memory Integrity Vulnerability for SNP-Active VMs SNP_GUEST_REQUEST Command Vulnerability: Insufficient Input Validation Leading to Data Abort Error and Denial of Service VM_HSAVE_PA Validation Vulnerability Guest Context Validation Vulnerability in SNP Firmware Unverified CPU Execution Mode in SNP_INIT Leads to Memory Integrity Loss in SNP Guests Integer Overflow Vulnerability in AMD System Management Unit (SMU) Heap-based Overflow Vulnerability in AMD System Management Unit (SMU) SMU Mailbox Manipulation Vulnerability SEV-ES FW Vulnerability: Failure to Verify TMR in MMIO Space AMD Platform Security Processor (PSP) Chipset Driver Information Disclosure Vulnerability Privilege Escalation and Ring-0 Code Execution Vulnerability in AMDPowerProfiler.sys Driver Vulnerability: Improper Input and Range Checking in AMD Secure Processor (ASP) Boot Loader Image Header SMU Insufficient Bounds Checking Vulnerability DRAM Address Validation Vulnerability in SMU Leads to SMU Service Disruption SMU Access Control Vulnerability: Exploiting Performance Control Tables in DRAM AMD CPU Core Logic Vulnerability: Potential Denial of Service Exploit TLB Flushing Vulnerability in SEV/SEV-ES Guest VMs Transient Execution Vulnerability in AMD CPUs: Potential Data Leakage through Unconditional Direct Branches TLB Flushing Vulnerability in SEV Guest VMs Insufficient Validation in ASP BIOS and DRTM Commands: A Potential Gateway for Memory Disclosure APCB Token Tampering Vulnerability Integer Overflow Vulnerability in ASP Bootloader Leading to Denial of Service Integer Overflow Vulnerability in ASP Bootloader Leading to Denial of Service IOMMU TLB Flushing Vulnerability Insecure Report ID Assignment Vulnerability TOCTOU Race Condition in SMU: Exploiting Message Port Register for Denial of Service Insufficient DRAM Address Validation in SMU: A Potential Denial of Service Vulnerability SMU PCIe Hot Plug Table Vulnerability: Insufficient Bound Checks SMM Input Validation Failure Leading to Memory Integrity Loss Insufficient Bounds Checking in ASP Allows Arbitrary Memory Initialization SMU Vulnerability: Insufficient Fencing and Checks Leading to Denial-of-Service TOCTOU Vulnerability in ASP Bootloader: Potential for S3 Data Corruption and Information Disclosure Local Access Vulnerability: Unauthorized Modification of SOC Register Security Configuration Memory Exfiltration Vulnerability in ASP Stage 2 Bootloader SMN Register Mapping Vulnerability Vulnerability: Unauthorized Value Manipulation of ASP's Reserved DRAM Leading to Data Exposure SMU Mailbox Register Vulnerability: Potential Denial of Service through Insufficient Bounds Checking Firmware Binary Header Size Values Vulnerability Boot ROM Data Leakage Vulnerability Process Type Check Vulnerability in Trusted OS (TOS) Allows Privilege Escalation and Denial of Service Bootloader Exploit: Out-of-Bounds Memory Access via Malicious UApp or ABL Memory Overwrite Vulnerability in SVC_LOAD_FW_IMAGE_BY_INSTANCE and SVC_LOAD_BINARY_BY_ATTRIB Information Disclosure Vulnerability via Compromised ABL or UApp PCIE Bound Check Vulnerability in SMU Leading to Denial of Service SMU Insufficient Bound Checks Vulnerability SMU GPIO Bounds Check Vulnerability SMU FeatureConfig Vulnerability: Potential Denial of Resources and Service SMU Insufficient Bound Checks Vulnerability SMU Mailbox Data Input Validation Vulnerability Root Account Privileges Allow Unauthorized Firmware Loading into ACP, Leading to Denial of Service SMI Trigger Info Corruption Vulnerability Stage 2 Bootloader Vulnerability: Memory Corruption and Code Execution via Malformed System Call BIOS Directory Validation Vulnerability Bootloader Memory Corruption Vulnerability Multiple Header Signature Verification Vulnerability Vulnerability: Out-of-Bounds Write in 'LoadModule' Allows Privilege Escalation and Code Execution Memory Poisoning Vulnerability in AMD Secure Processor (ASP) Trusted Execution Environment (TEE) Address Mapping Vulnerability in ASP (AMD Secure Processor) Leads to Memory Integrity Loss in SNP Guest Address Validation Vulnerability Insufficient Input Validation in SYS_KEY_DERIVE System Call: Potential Arbitrary Code Execution Speculative Load Vulnerability in AMD Processors: Potential Data Leakage through Memory Re-ordering Insufficient Mitigation of CVE-2017-5715 on Certain AMD CPUs ASP Firmware Vulnerability: Out-of-Bounds Write in BIOS Mailbox Commands Handling SEV Vulnerability: Malicious Hypervisor Disclosure of Launch Secret SEV Firmware Vulnerability: Information Disclosure via Scratch Buffer Leakage Insufficient Validation in Parsing OCA Certificates in SEV and SEV-ES: Potential Host Crash and Denial of Service Vulnerability Random Initialization Vector (IV) Collision Vulnerability: Risk of Information Disclosure SEV-Legacy Firmware Vulnerability: Compromised Guest Migration and Data Loss SEV-ES Vulnerability: Corrupting Reverse Map Table (RMP) Memory and Compromising SNP Memory Integrity Exploiting Internet Explorer's Memory Corruption Vulnerability Critical Remote Code Execution Vulnerability in Microsoft Exchange Server Windows Installer Impersonation Vulnerability DCOM Server Security Feature Bypass Vulnerability Windows Installer Privilege Escalation Vulnerability Hyper-V DoS Vulnerability: Disrupting Windows Virtualization Windows Overlay Filter Information Leakage Vulnerability Unauthenticated Spoofing Vulnerability in Microsoft SharePoint Server Exploiting the Scripting Engine Memory Corruption Vulnerability SharePoint Server Remote Code Execution Vulnerability Identity Spoofing Vulnerability in Skype for Business and Lync Critical Remote Code Execution Vulnerability in Skype for Business and Lync .NET Core and Visual Studio Denial of Service Vulnerability: Exploiting Software to Overwhelm and Disable Systems Critical Windows TCP/IP Remote Code Execution Vulnerability Discovered Windows Event Tracing Privilege Escalation Vulnerability Profile Picture Privilege Escalation Vulnerability in Windows User Accounts Critical Remote Code Execution Vulnerability in Microsoft Exchange Server Azure Sphere Information Leakage Vulnerability Guardian Breached: Azure Sphere Elevation of Privilege Vulnerability Exposed Azure Sphere DoS Vulnerability: Disrupting Service Availability Windows Recovery Environment Agent Privilege Escalation Vulnerability Windows Services for NFS ONCRPC XDR Driver Remote Code Execution Vulnerability Windows Services for NFS ONCRPC XDR Driver Information Disclosure Vulnerability Exploiting Visual Studio's Elevation of Privilege Vulnerability Windows Scripting Engine Memory Corruption Vulnerability: A Critical Security Risk Critical Elevation of Privilege Vulnerability in Microsoft Edge (Chromium-based) Visual Studio Code URL Spoofing Vulnerability Microsoft Edge for Android Information Leakage Vulnerability Storage Spaces Controller Privilege Escalation Vulnerability Windows HTTP.sys Privilege Escalation Vulnerability Exploiting the Microsoft Virtual Machine Bus (VMBus) for Remote Code Execution Azure RTOS Information Disclosure Vulnerability: Exposing Sensitive Data Integer Wrap-Around Vulnerability in Apache Nuttx Versions prior to 10.1.0 Arbitrary Command Execution in VembuBDR and VembuOffsiteDR API Arbitrary OS Command Execution Vulnerability in VembuBDR and VembuOffsiteDR Arbitrary File Write and Remote Code Execution Vulnerability in VembuBDR and VembuOffsiteDR Vulnerability: Non-Blind HTTP-Only Cross Site Request Forgery in Vembu Products Reflected XSS Vulnerability in EPrints 3.4.2 via cgi/cal URI Remote Code Execution in EPrints 3.4.2 via Crafted LaTeX Input Directory Traversal Vulnerability in Foddy node-red-contrib-huemagic 3.0.0: Information Disclosure via hue-magic.js Prototype Pollution Vulnerability in MrSwitch hello.js Version 1.18.6 Remote OOB Write Vulnerability in Cesanta Mongoose HTTP Server 7.0 Remote OOB Write Vulnerability in Cesanta Mongoose HTTPS Server Remote OOB Write Vulnerability in Cesanta Mongoose HTTPS Server 7.0 Internationalized Domain Name (IDN) Bypass in Apostrophe Technologies sanitize-html Bypassing Hostname Whitelist in Apostrophe Technologies sanitize-html Command Injection Vulnerability in gitlog 4.0.4 Command Injection Vulnerability in Wayfair git-parse <=1.0.4 Cross-Site Scripting Vulnerability in Livy Server 0.7.0-incubating Cross-Site Scripting (XSS) Vulnerability in SmartFoxServer 2.17.0 AdminTool Console Cleartext Password Disclosure in SmartFoxServer 2.17.0 via /config/server.xml Arbitrary Python Code Execution and Bypass of Console Module Protection in SmartFoxServer 2.17.0 Octopus Server DLL Side-loading Vulnerability Octopus Tentacle Custom Folder ACL Vulnerability Apache ShardingSphere-UI Deserialization of Untrusted Data Vulnerability Improper Access Control on Configurations Endpoint in Apache Airflow 2.0.0 Cleartext Transmission of Sensitive Information Vulnerability in Synoagentregisterd Arbitrary Code Execution Vulnerability in Synology DiskStation Manager (DSM) Arbitrary Code Execution via syno_finder_site HTTP Header in Synology DiskStation Manager (DSM) Local Privilege Escalation Vulnerability in Synology DiskStation Manager (DSM) before 6.2.4-25553 Cleartext Transmission of Sensitive Information Vulnerability in Synorelayd Cleartext Transmission of Sensitive Information Vulnerability in Synorelayd Insecure Data Insertion Vulnerability in Synorelayd in Synology DiskStation Manager (DSM) Stack-based Buffer Overflow Vulnerability in faad2 2.2.7.1: Arbitrary Code Execution via Filename and Pathname Options Race Condition Vulnerability in iscsi_snapshot_comm_core in Synology DiskStation Manager (DSM) before 6.2.3-25426-3 Local Buffer Overflow in HPE Apollo 70 System BMC Firmware Local Buffer Overflow in HPE Apollo 70 System BMC Firmware Local Buffer Overflow in HPE Apollo 70 System BMC Firmware Local Buffer Overflow in HPE Apollo 70 System BMC Firmware Path Traversal Vulnerability in HPE Apollo 70 System BMC Firmware Path Traversal Vulnerability in HPE Apollo 70 System BMC Firmware Command Injection Vulnerability in HPE Apollo 70 System BMC Firmware Local Buffer Overflow in HPE Apollo 70 System BMC Firmware Remote SQL Injection Vulnerability in HPE Network Orchestrator (NetO) Prior to 2.5 Local Disclosure of Privileged Information in HPE Unified Data Management (UDM) due to Hard-coded Cryptographic Key Remote Cross-Site Scripting (XSS) Vulnerability in HPE iLO Amplifier Pack Remote Denial of Service Vulnerability in HPE Superdome Flex Server Remote Cross-Site Scripting (XSS) Vulnerability in HPE IceWall SSO Domain Gateway Option (Dgfw) Remote Code Execution Vulnerability in HPE iLO Amplifier Pack Remote Cross-Site Scripting Vulnerability in HPE OneView for VMware vCenter (OV4VC) Local Disclosure of Privileged Information Vulnerability in HPE OneView Global Dashboard 2.31 Remote Information Disclosure Vulnerability in HPE Edgeline Infrastructure Manager DOM-based Cross Site Scripting Vulnerability in HPE StoreOnce Remote Code Execution Vulnerability in HPE 3PAR StoreServ, Primera, and Alletra 9000 Storage Array Firmware Remote Cross Site Scripting (XSS) Vulnerability in HPE Superdome Flex Servers Information Disclosure and 2FA Secret Exposure in Directus CMS (Versions 8.x through 8.8.1) Unauthenticated Administrator Role Switching in Directus 8.x through 8.8.1 Information Disclosure Vulnerability in Unsupported Directus CMS Versions Arbitrary Code Execution via Filename Manipulation in Nokia NetAct 18A Arbitrary File Upload Vulnerability in Nokia NetAct 18A Incorrect Access Control in ImpressCMS before 1.4.3: Unauthenticated Attackers Can Access include/findusers.php SQL Injection Vulnerability in ImpressCMS before 1.4.3 via include/findusers.php Authentication Bypass Vulnerability in ImpressCMS before 1.4.3 Directory Traversal Vulnerability in ImpressCMS before 1.4.3 Heap Overflow Vulnerability in ARK Library of Bandisoft Co., Ltd Arbitrary Command Execution Vulnerability in ezPDFReader's JSON-RPC Communication Arbitrary Command Execution Vulnerability in Dream Security's PKI Security Solution Arbitrary Command Execution Vulnerability in NEXACRO17's execDefaultBrowser Method Arbitrary File Download and Execution Vulnerability in HShell.dll SQL-Injection Vulnerability in Mangboard WordPress Plugin Allows Remote User Information Theft Unvalidated File Upload Vulnerability in godomall5 Allows Remote Code Execution Hard-coded Credentials Vulnerability in HejHome GKW-IC052 IP Camera Allows Remote Control Arbitrary File Creation Vulnerability in Nexacro Platform's Copy Method File Copy to Startup Folder Vulnerability in Nexacro Remote Code Execution Vulnerability in IpTime C200 Camera ARK Library Integer Overflow Vulnerability in Ark_NormalizeAndDupPAthNameW Function SecuwaySSL Vulnerability: OS Command Injection via Special Characters Injection Remote Code Execution Vulnerability in Firstmall's navercheckout_add Function Arbitrary File Creation Vulnerability in ToWord of ToOffice Path Traversal Vulnerability in BigFileAgent Allows Remote File Deletion Critical Information Leakage Vulnerability in iptime NAS2dual: Exploiting Insufficient Authentication Buffer Overflow Vulnerability in MEX01 Allows Remote Code Execution Critical Remote Code Execution Vulnerability in Genian NAC Allows Attackers to Execute Arbitrary Code with SYSTEM Privileges Incomplete Parameter Length Check in 'xheader_decode_path_record' Function Leads to Remote Code Execution Vulnerability in Ark Library eScan Anti-Virus Local Privilege Escalation Vulnerability via 'runasroot' Command Arbitrary File Download and Execution Vulnerability in Nexacro Platform Arbitrary Code Execution Vulnerability in XPLATFORM's execBrowser Method Insufficient Authentication on RTSP Port Allows Remote Image Leakage Insufficient Script Validation and File Upload Vulnerability Arbitrary File Creation Vulnerability in XPLATFORM's Runtime Archive Function Arbitrary File Download and Execution Vulnerability in HANDY Groupware’s ActiveX Module Negative Order Amount Manipulation Vulnerability in Mangboard Commerce Package MaxBoard Vulnerabilities: SQL Injection and Local File Inclusion (LFI) - Information Leakage and Privilege Escalation Insufficient Input Validation in Maxboard Allows SQL Injection and File Upload Attacks Stack Buffer Overflow Vulnerability in Ark Library's File Size Verification MaxBoard: Critical Stored XSS and SQL Injection Vulnerability Enables Remote Code Execution and Privilege Escalation Remote Control Vulnerability in SiHAS SGW-300, ACM-300, GCM-300 Firmware and Apps Authentication Bypass and Information Exposure Vulnerability in S&D SmartHome (SmartCare) Application Unauthenticated File Leakage Vulnerability in WISA Smart Wing CMS Arbitrary File Upload Vulnerability in XpressEngine Bulletin Board SQL-Injection Vulnerability in Mangboard Bulletin Board Allows Remote Code Execution Stack-Based Buffer Overflow in dnsproxy in ConnMan: Remote Code Execution Vulnerability