A vulnerability was found in olbookmarks. It has been rated as critical. Affected by this issue is some unknown functionality of the file themes/frames1.php.... weiterlesen

A vulnerability was found in olbookmarks. It has been declared as critical. Affected by this vulnerability is an unknown functionality of the file themes/default.php.... weiterlesen

A vulnerability was found in olbookmarks. It has been classified as critical. Affected is an unknown function of the file themes/blackorange.php. The... weiterlesen

A vulnerability was found in QuickTalk forum and classified as critical. This issue affects some unknown processing of the file qtf_j_exists.php. The... weiterlesen

A vulnerability has been found in QuickTalk forum and classified as critical. This vulnerability affects unknown code of the file qtf_j_birth.php. The... weiterlesen

A vulnerability, which was classified as problematic, has been found in StoreSprite. Affected by this issue is some unknown functionality of the file... weiterlesen

A vulnerability classified as problematic was found in StoreSprite. Affected by this vulnerability is an unknown functionality of the file secure/register.php.... weiterlesen

A vulnerability classified as problematic has been found in StoreSprite. Affected is an unknown function of the file secure/editshipdetails.php. The manipulation... weiterlesen

A vulnerability was found in Bilder Galerie. It has been rated as critical. This issue affects some unknown processing of the file anzagien.php. The manipulation... weiterlesen

A vulnerability was found in Bilder Galerie. It has been declared as critical. This vulnerability affects unknown code of the file galerie.php. The manipulation... weiterlesen

A vulnerability classified as problematic has been found in VisionProject. This affects an unknown part of the file ProjectIssues.do. The manipulation... weiterlesen

A vulnerability was found in VisionProject. It has been rated as problematic. Affected by this issue is some unknown functionality of the file ProjectDocuments.do.... weiterlesen

A vulnerability was found in VisionProject. It has been declared as problematic. Affected by this vulnerability is an unknown functionality of the file... weiterlesen

A vulnerability, which was classified as problematic, was found in activeWeb contentserver. Affected is an unknown function. The manipulation of the argument... weiterlesen

A vulnerability classified as problematic has been found in Mini Web Shop. This affects an unknown part of the file sendmail.php. The manipulation of... weiterlesen

A vulnerability was found in phpMUR. It has been declared as critical. Affected by this vulnerability is an unknown functionality of the file web/phpinfo.php.... weiterlesen

A vulnerability was found in ACP3 and classified as critical. This issue affects some unknown processing of the file newsletter/create/index.php. The... weiterlesen

A vulnerability, which was classified as critical, was found in ACP3. This affects an unknown part of the file news/list/index.php. The manipulation of... weiterlesen

A vulnerability, which was classified as critical, has been found in ACP3. Affected by this issue is some unknown functionality of the file modules/dl/download.php.... weiterlesen

A vulnerability classified as critical was found in ACP3. Affected by this vulnerability is an unknown functionality of the file search/list/action_search/index.php.... weiterlesen

A vulnerability classified as critical has been found in ACP3. Affected is an unknown function of the file search/list/action_search/index.php. The manipulation... weiterlesen

A vulnerability was found in ACP3. It has been rated as critical. This issue affects some unknown processing of the file news/details/id_*/action_create/index.php.... weiterlesen

A vulnerability was found in ACP3. It has been declared as critical. This vulnerability affects unknown code of the file news/list/index.php. The manipulation... weiterlesen

A vulnerability, which was classified as critical, has been found in eVisit Analyst. This issue affects some unknown processing of the file einsite_director.pl.... weiterlesen

A vulnerability classified as critical was found in eVisit Analyst. This vulnerability affects unknown code of the file ip.pl. The manipulation of the... weiterlesen

A vulnerability was found in WinImage. It has been rated as critical. Affected by this issue is some unknown functionality. The manipulation leads to... weiterlesen

A vulnerability was found in EQdkp. It has been declared as critical. Affected by this vulnerability is an unknown functionality of the file stats.php.... weiterlesen

A vulnerability has been found in PhpConcept Library and classified as critical. This vulnerability affects unknown code of the file lib/pcltar.lib.php.... weiterlesen

The Gumstix Overo SBC on the VSKS board through 2022-08-09, as used on the Orlan-10 and other platforms, allows unrestricted remapping of the NOR flash... weiterlesen

TEE_Malloc in Samsung mTower through 0.3.0 allows a trusted application to achieve Excessive Memory Allocation via a large len value, as demonstrated by... weiterlesen

In Varnish Cache 7.0.0, 7.0.1, 7.0.2, and 7.1.0, it is possible to cause the Varnish Server to assert and automatically restart through forged HTTP/1 backend... weiterlesen

The AOD module has a vulnerability in permission assignment. Successful exploitation of this vulnerability may cause permission escalation and unauthorized... weiterlesen

The com.keysight.tentacle.config.ResourceManager.smsRestoreDatabaseZip() method is used to restore the HSQLDB database used in SMS. It takes the path of... weiterlesen

The chinadrm module has an out-of-bounds read vulnerability. Successful exploitation of this vulnerability may affect the availability. (CVSS:0.0) (Last... weiterlesen

The Settings application has a vulnerability of bypassing the out-of-box experience (OOBE). Successful exploitation of this vulnerability may affect the... weiterlesen

Zoho ManageEngine OpManager, OpManager Plus, OpManager MSP, Network Configuration Manager, NetFlow Analyzer, and OpUtils before 2022-07-29 through 2022-07-30... weiterlesen

The Settings application has an argument injection vulnerability. Successful exploitation of this vulnerability may affect data confidentiality. (CVSS:0.0)... weiterlesen

Permission control vulnerability in the network module. Successful exploitation of this vulnerability may affect service availability. (CVSS:0.0) (Last... weiterlesen

The SystemUI module has a privilege escalation vulnerability. Successful exploitation of this vulnerability can cause malicious applications to pop up... weiterlesen

The diag-router module has a vulnerability in intercepting excessive long and short instructions. Successful exploitation of this vulnerability will cause... weiterlesen

The recovery module has a vulnerability of bypassing the verification of an update package before use. Successful exploitation of this vulnerability may... weiterlesen

A path traversal vulnerability exists in the com.keysight.tentacle.licensing.LicenseManager.addLicenseFile() method in the Keysight Sensor Management Server... weiterlesen

... weiterlesen

Uncontrolled recursion in Unmarshal in encoding/xml before Go 1.17.12 and Go 1.18.4 allows an attacker to cause a panic due to stack exhaustion via unmarshalling... weiterlesen

Uncontrolled recursion in Decoder.Decode in encoding/gob before Go 1.17.12 and Go 1.18.4 allows an attacker to cause a panic due to stack exhaustion via... weiterlesen

Uncontrolled recursion in Glob in path/filepath before Go 1.17.12 and Go 1.18.4 allows an attacker to cause a panic due to stack exhaustion via a path... weiterlesen

Uncontrolled recursion in Reader.Read in compress/gzip before Go 1.17.12 and Go 1.18.4 allows an attacker to cause a panic due to stack exhaustion via... weiterlesen

Uncontrolled recursion in Glob in io/fs before Go 1.17.12 and Go 1.18.4 allows an attacker to cause a panic due to stack exhaustion via a path which contains... weiterlesen

Code injection in Cmd.Start in os/exec before Go 1.17.11 and Go 1.18.3 allows execution of any binaries in the working directory named either "..com" or... weiterlesen

Non-random values for ticket_age_add in session tickets in crypto/tls before Go 1.17.11 and Go 1.18.3 allow an attacker that can observe TLS handshakes... weiterlesen

XML external entity injection(XXE) is a vulnerability that allows an attacker to interfere with an application's processing of XML data. This attack occurs... weiterlesen

In ImageMagick, a crafted file could trigger an assertion failure when a call to WriteImages was made in MagickWand/operation.c, due to a NULL image list.... weiterlesen

A flaw was found in Red Hat Process Automation Manager 7 where an attacker can benefit from a brute force attack against Administration Console as the... weiterlesen

An attacker may be able to execute malicious actions due to the lack of device access protections and device permissions when using the web application.... weiterlesen

Incorrect conversion of certain invalid paths to valid, absolute paths in Clean in path/filepath before Go 1.17.11 and Go 1.18.3 on Windows allows potential... weiterlesen

Uncontrolled recursion in Decoder.Skip in encoding/xml before Go 1.17.12 and Go 1.18.4 allows an attacker to cause a panic due to stack exhaustion via... weiterlesen

A Denial-of-Service (DoS) vulnerability was discovered in F-Secure Atlant whereby the aerdl.dll component used in certain WithSecure products unpacker... weiterlesen

A Stack-based Buffer Overflow Vulnerability in Autodesk 3ds Max 2022, 2021, and 2020 may lead to code execution through the lack of proper validation of... weiterlesen

VMware Workstation (16.x prior to 16.2.4) contains an unprotected storage of credentials vulnerability. A malicious actor with local user privileges to... weiterlesen

Linux deployments of StorageGRID (formerly StorageGRID Webscale) versions 11.6.0 through 11.6.0.2 deployed with a Linux kernel version less than 4.7.0... weiterlesen

In btif_dm_auth_cmpl_evt of btif_dm.cc, there is a possible vulnerability in Cross-Transport Key Derivation due to Weakness in Bluetooth Standard. This... weiterlesen

In get of PacProxyService.java, there is a possible system service crash due to improper input validation. This could lead to local denial of service with... weiterlesen

In writeToParcel of SurfaceControl.cpp, there is a possible information disclosure due to uninitialized data. This could lead to local information disclosure... weiterlesen

In startSync of AbstractThreadedSyncAdapter.java, there is a possible way to access protected content of content providers due to a missing permission... weiterlesen

In shouldAllowFgsWhileInUsePermissionLocked of ActiveServices.java, there is a possible way to start foreground service from background due to improper... weiterlesen

In setChecked of SecureNfcPreferenceController.java, there is a missing permission check. This could lead to local escalation of privilege from the guest... weiterlesen

In various methods of NotificationManagerService.java, there is a possible way to view notifications while lockdown is enabled due to a permissions bypass.... weiterlesen

In updateState of LocationServicesWifiScanningPreferenceController.java, there is a possible admin restriction bypass due to a missing permission check.... weiterlesen

In onCreate of NotificationAccessConfirmationActivity.java, there is a possible way to trick the victim to grant notification access to the wrong app due... weiterlesen

Uncontrolled recursion in the Parse functions in go/parser before Go 1.17.12 and Go 1.18.4 allow an attacker to cause a panic due to stack exhaustion via... weiterlesen

'remap_pfn_range' here may map out of size kernel memory (for example, may map the kernel area), and because the 'vma->vm_page_prot' can also be controlled... weiterlesen

In updateAudioTrackInfoFromESDS_MPEG4Audio of MPEG4Extractor.cpp, there is a possible out of bounds read due to an incorrect bounds check. This could lead... weiterlesen

In onSaveRingtone of DefaultRingtonePreference.java, there is a possible inappropriate file read due to improper input validation. This could lead to local... weiterlesen

In onAttach of ConnectedDeviceDashboardFragment.java, there is a possible permission bypass due to a confused deputy. This could lead to remote escalation... weiterlesen

In onDefaultNetworkChanged of Vpn.java, there is a possible way to disable VPN due to a logic error in the code. This could lead to local escalation of... weiterlesen

In WifiScanningPreferenceController and BluetoothScanningPreferenceController, there is a possible admin restriction bypass due to a missing permission... weiterlesen

In stealReceiveChannel of EventThread.cpp, there is a possible way to interfere with process communication due to a race condition. This could lead to... weiterlesen

In l2cble_process_sig_cmd of l2c_ble.cc, there is a possible out of bounds write due to a missing bounds check. This could lead to remote code execution... weiterlesen

In addProviderRequestListener of LocationManagerService.java, there is a possible way to learn which packages request location information due to a missing... weiterlesen

Acceptance of some invalid Transfer-Encoding headers in the HTTP/1 client in net/http before Go 1.17.12 and Go 1.18.4 allows HTTP request smuggling if... weiterlesen

Execution unit scheduler contention may lead to a side channel vulnerability found on AMD CPU microarchitectures codenamed “Zen 1�, “Zen... weiterlesen

The video framework has the memory overwriting vulnerability caused by addition overflow. Successful exploitation of this vulnerability may affect the... weiterlesen

... weiterlesen

... weiterlesen

In Task.java, there is a possible escalation of privilege due to a confused deputy. This could lead to local escalation of privilege with no additional... weiterlesen

... weiterlesen

... weiterlesen

An attacker who submits a crafted tar file with size in header struct being 0 may be able to trigger an calling of malloc(0) for a variable gnu_longlink,... weiterlesen

An attacker who submits a crafted tar file with size in header struct being 0 may be able to trigger an calling of malloc(0) for a variable gnu_longname,... weiterlesen

A path traversal vulnerability exists in the com.keysight.tentacle.licensing.LicenseManager.addLicenseFile() method in the Keysight Sensor Management Server... weiterlesen

The com.keysight.tentacle.config.ResourceManager.smsRestoreDatabaseZip() method is used to restore the HSQLDB database used in SMS. It takes the path of... weiterlesen

Zoho ManageEngine OpManager, OpManager Plus, OpManager MSP, Network Configuration Manager, NetFlow Analyzer, and OpUtils before 2022-07-29 through 2022-07-30... weiterlesen

... weiterlesen

The recovery module has a vulnerability of bypassing the verification of an update package before use. Successful exploitation of this vulnerability may... weiterlesen

... weiterlesen

... weiterlesen

The Settings application has a vulnerability of bypassing the out-of-box experience (OOBE). Successful exploitation of this vulnerability may affect the... weiterlesen

The AOD module has a vulnerability in permission assignment. Successful exploitation of this vulnerability may cause permission escalation and unauthorized... weiterlesen

Zoho ManageEngine OpManager, OpManager Plus, OpManager MSP, Network Configuration Manager, NetFlow Analyzer, Firewall Analyzer, and OpUtils before 2022-07-27... weiterlesen