| CVE |
Vendors |
Products |
Updated |
CVSS v3.1 |
| Ask Expert Script 3.0.5 contains cross-site scripting and SQL injection vulnerabilities that allow unauthenticated attackers to inject malicious code by manipulating URL parameters. Attackers can inject script tags through the cateid parameter in categorysearch.php or SQL code through the view parameter in list-details.php to execute arbitrary code or extract database information. |
| Memory Corruption when accessing freed memory due to concurrent fence deregistration and signal handling. |
| Cryptographic issue while copying data to a destination buffer without validating its size. |
| Memory Corruption when accessing an output buffer without validating its size during IOCTL processing. |
| Memory Corruption when using deprecated DMABUF IOCTL calls to manage video memory. |
| Memory corruption while preprocessing IOCTL request in JPEG driver. |
| IP TOOLS 2.50 contains a local buffer overflow vulnerability in the SNMP Scanner component that allows local attackers to crash the application by supplying oversized input. Attackers can paste malicious data into the 'From Addr' and 'To Addr' fields and trigger the crash by clicking the Start button, causing denial of service and SEH overwrite. |
| AnyBurn 4.3 x86 contains a denial of service vulnerability that allows local attackers to crash the application by supplying an excessively long string to the image conversion function. Attackers can paste a large buffer into the source or destination image file fields and click Convert Now to trigger a crash. |
| OpenAirInterface V2.2.0 AMF crashes when it receives an NGAP message with invalid procedure code or invalid PDU-type. For example when the message specification requires InitiatingMessage but sent with successfulOutcome. |
| A double free vulnerability exists in librz/bin/format/le/le.c in the function le_load_fixup_record(). When processing malformed or circular LE fixup chains, relocation entries may be freed multiple times during error handling. A specially crafted LE binary can trigger heap corruption and cause the application to crash, resulting in a denial-of-service condition. An attacker with a crafted binary could cause a denial of service when the tool is integrated on a service pipeline. |
| UTT Aggressive HiPER 1200GW v2.5.3-170306 was discovered to contain a buffer overflow in the timeRangeName parameter of the formConfigDnsFilterGlobal function. This vulnerability allows attackers to cause a Denial of Service (DoS) via a crafted input. |
| Memory Corruption when retrieving output buffer with insufficient size validation. |
| Memory Corruption when accessing an output buffer without validating its size during IOCTL processing in a camera sensor driver. |
| Memory Corruption when sending IOCTL requests with invalid buffer sizes during memcpy operations. |
| Memory Corruption when accessing an output buffer without validating its size during IOCTL processing. |
| Memory Corruption when accessing an output buffer without validating its size during IOCTL processing in a camera sensor driver. |
| Memory Corruption when processing auxiliary sensor input/output control commands with insufficient buffer size validation. |
| Transient DOS when receiving a service data frame with excessive length during device matching over a neighborhood awareness network protocol connection. |
| Incorrect access control in Kaleris YMS v7.2.2.1 allows authenticated attackers with only the shipping/receiving role to view the truck's dashboard resources. |
| A stored cross-site scripting (XSS) vulnerability in Bynder v0.1.394 allows attackers to execute arbitrary web scripts or HTML via a crafted payload. |
