| CVE |
Vendors |
Products |
Updated |
CVSS v3.1 |
| Denial of Service (DoS) in the Z-Wave S0 NonceGet protocol specification in Silicon Labs Z-Wave 500 series allows local attackers to block S0/S2 protected Z-Wave network via crafted S0 NonceGet Z-Wave packages, utilizing included but absent NodeIDs. |
| This affects all versions of package dicer. A malicious attacker can send a modified form to server, and crash the nodejs service. An attacker could sent the payload again and again so that the service continuously crashes. |
| Under certain conditions SAP Business Objects Business Intelligence Platform - versions 420, 430, allows an authenticated attacker to access information which would otherwise be restricted. |
| Improper input validation in some Intel(R) Server System M70KLP Family BIOS firmware before version 01.04.0029 may allow a privileged user to potentially enable escalation of privilege via local access. |
| In JetBrains IntelliJ IDEA before 2021.3.1, local code execution via RLO (Right-to-Left Override) characters was possible. |
| In JetBrains IntelliJ IDEA before 2021.2.4, local code execution (without permission from a user) upon opening a project was possible. |
| In JetBrains TeamCity before 2021.2.1, an unauthenticated attacker can cancel running builds via an XML-RPC request to the TeamCity server. |
| In JetBrains TeamCity before 2021.2.1, the Agent Push feature allowed selection of any private key on the server. |
| In JetBrains Hub before 2021.1.13956, an unprivileged user could perform DoS. |
| Automox Agent prior to version 37 on Windows and Linux and Version 36 on OSX could allow for a non privileged user to obtain sensitive information during the install process. |
| Zoho ManageEngine SharePoint Manager Plus before 4329 is vulnerable to a sensitive data leak that leads to privilege escalation. |
| Pillow before 9.0.1 allows attackers to delete files because spaces in temporary pathnames are mishandled. |
| Certain HP Print devices may be vulnerable to potential information disclosure, denial of service, or remote code execution. |
| Certain HP Print devices may be vulnerable to potential information disclosure, denial of service, or remote code execution. |
| Certain HP Print devices may be vulnerable to potential information disclosure, denial of service, or remote code execution. |
| An issue in /admin/delete_image.php of eliteCMS v1.0 allows attackers to delete arbitrary files. |
| The iTopVPNmini.exe component of iTop VPN 3.2 will try to connect to datastate_iTopVPN_Pipe_Server on a loop. An attacker that opened a named pipe with the same name can use it to gain the token of another user by listening for connections and abusing ImpersonateNamedPipeClient(). |
| phpshe V1.8 is affected by a denial of service (DoS) attack in the registry's verification code, which can paralyze the target service. |
| Kiteworks MFT 7.5 may allow an unauthorized user to reset other users' passwords. This is fixed in version 7.6 and later. |
| The Web Request API in Whale browser before 3.12.129.18 allowed to deny access to the extension store or redirect to any URL when users access the store. |
