| CVE |
Vendors |
Products |
Updated |
CVSS v3.1 |
| Nsauditor 3.0.28 and 3.2.1.0 contains a buffer overflow vulnerability in the DNS Lookup tool that allows attackers to execute arbitrary code by overwriting memory. Attackers can craft a malicious DNS query payload to trigger a three-byte overwrite, bypass ASLR, and execute shellcode through a carefully constructed exploit. |
| P5 FNIP-8x16A FNIP-4xSH 1.0.20 contains a cross-site request forgery vulnerability that allows attackers to perform administrative actions without user interaction. Attackers can craft malicious web pages to add new admin users, change passwords, and modify system configurations by tricking authenticated users into loading a specially crafted page. |
| jizhiCMS 1.6.7 contains a file download vulnerability in the admin plugins update endpoint that allows authenticated administrators to download arbitrary files. Attackers can exploit the vulnerability by sending crafted POST requests with malicious filepath and download_url parameters to trigger unauthorized file downloads. |
| Tanium addressed a documentation issue in Engage. |
| An Improper Certificate Validation vulnerability in TP-Link Tapo H100 v1 and Tapo P100 v1 allows an on-path attacker on the same network segment to intercept and modify encrypted device-cloud communications. This may compromise the confidentiality and integrity of device-to-cloud communication, enabling manipulation of device data or operations. |
| A truncated 802.15.4 packet can lead to an assert, resulting in a denial of service. |
| Tanium addressed an improper access controls vulnerability in Reputation. |
| Tanium addressed an incorrect default permissions vulnerability in Benchmark. |
| Tanium addressed an incorrect default permissions vulnerability in Comply. |
| Tanium addressed an incorrect default permissions vulnerability in Discover. |
| Tanium addressed an incorrect default permissions vulnerability in Performance. |
| Tanium addressed an information disclosure vulnerability in Threat Response. |
| Tanium addressed an improper access controls vulnerability in Deploy. |
| Tanium addressed an incorrect default permissions vulnerability in Patch. |
| Tanium addressed an improper access controls vulnerability in Patch. |
| Tanium addressed an improper input validation vulnerability in Discover. |
| Tanium addressed an improper certificate validation vulnerability in Tanium Appliance. |
| Tanium addressed an improper input validation vulnerability in Tanium Appliance. |
| Tanium addressed an improper access controls vulnerability in Interact. |
| The html.Parse function in golang.org/x/net/html has quadratic parsing complexity when processing certain inputs, which can lead to denial of service (DoS) if an attacker provides specially crafted HTML content. |
