| CVE |
Vendors |
Products |
Updated |
CVSS v3.1 |
| A truncated 802.15.4 packet can lead to an assert, resulting in a denial of service. |
| Tanium addressed an improper access controls vulnerability in Reputation. |
| Tanium addressed an incorrect default permissions vulnerability in Benchmark. |
| Tanium addressed an incorrect default permissions vulnerability in Comply. |
| Tanium addressed an incorrect default permissions vulnerability in Discover. |
| Tanium addressed an incorrect default permissions vulnerability in Performance. |
| Tanium addressed an information disclosure vulnerability in Threat Response. |
| Tanium addressed an improper access controls vulnerability in Deploy. |
| Tanium addressed an incorrect default permissions vulnerability in Patch. |
| Tanium addressed an improper access controls vulnerability in Patch. |
| Tanium addressed an improper input validation vulnerability in Discover. |
| Tanium addressed an improper certificate validation vulnerability in Tanium Appliance. |
| Tanium addressed an improper input validation vulnerability in Tanium Appliance. |
| Tanium addressed an improper access controls vulnerability in Interact. |
| The html.Parse function in golang.org/x/net/html has quadratic parsing complexity when processing certain inputs, which can lead to denial of service (DoS) if an attacker provides specially crafted HTML content. |
| The html.Parse function in golang.org/x/net/html has an infinite parsing loop when processing certain inputs, which can lead to denial of service (DoS) if an attacker provides specially crafted HTML content. |
| Moxa Arm-based industrial computers running Moxa Industrial Linux Secure use a device-unique bootloader password provided on the device. An attacker with physical access to the device could use this information to access the bootloader menu via a serial interface. Access to the bootloader menu does not allow full system takeover or privilege escalation. The bootloader enforces digital signature verification and only permits flashing of Moxa-signed images. As a result, an attacker cannot install malicious firmware or execute arbitrary code. The primary impact is limited to a potential temporary denial-of-service condition if a valid image is reflashed. Remote exploitation is not possible. |
| An issue in ChestnutCMS v.1.5.8 and before allows a remote attacker to execute arbitrary code via the template creation function |
| Monstra CMS v3.0.4 contains an arbitrary file upload vulnerability in the Files Manager plugin. The application relies on blacklist-based file extension validation and stores uploaded files directly in a web-accessible directory. Under typical server configurations, this can allow an attacker to upload files that are interpreted as executable code, resulting in remote code execution. |
| Axigen Mail Server before 10.5.57 contains multiple stored Cross-Site Scripting (XSS) vulnerabilities in the WebAdmin interface. Three instances exist: (1) the log file name parameter in the Local Services Log page, (2) certificate file content in the SSL Certificates View Usage feature, and (3) the Certificate File name parameter in the WebMail Listeners SSL settings. Attackers can inject malicious JavaScript payloads that execute in administrators' browsers when they access affected pages or features, enabling privilege escalation attacks where low-privileged admins can force high-privileged admins to perform unauthorized actions. |
