| CVE |
Vendors |
Products |
Updated |
CVSS v3.1 |
| FreeSWITCH is a Software Defined Telecom Stack enabling the digital transformation from proprietary telecom switches to a software implementation that runs on any commodity hardware. Prior to version 1.11.1, a single unauthenticated WebSocket frame containing a deeply nested JSON document crashes the FreeSWITCH process via stack overflow, terminating all calls and sessions on the host. The recursion drives the worker thread's stack pointer into the stack guard page, raising SIGSEGV from the kernel before any usable write primitive develops. This issue has been patched in version 1.11.1. |
| A heap buffer overflow flaw was found in 389 Directory Server. When audit logging is enabled, the create_masked_entry_string() function in auditlog.c copies a fixed-length password mask into a precisely-sized heap buffer without checking available space. If a short cleartext password is logged (requiring non-default CLEAR password storage or a compromised replication peer), the copy overflows the buffer, corrupting heap memory and audit log output. |
| Improper neutralization of special elements used in an SQL command ('SQL injection') vulnerability in MOSK Information Technologies Ltd. CBS Platform allows SQL Injection.
This issue affects CBS Platform: through 09062026. NOTE: The vendor was contacted and it was learned that the product is not supported. |
| Waves Central for macOS versions 13.0.9 through 16.5.5 contain a local privilege escalation vulnerability. A trusted XPC client component included with the product is signed with hardened runtime entitlements that permit dynamic library injection. A local attacker can set the DYLD_INSERT_LIBRARIES environment variable to inject an attacker-controlled dynamic library into the trusted client process at launch. The injected code runs within the signed process and can connect to the product's privileged helper service to invoke privileged operations, resulting in arbitrary code execution as root. The issue is fixed in version 16.6.2. |
| Waves Central for macOS versions 13.0.9 through 16.5.5 contain a local privilege escalation vulnerability in the privileged helper service. The helper validates connecting XPC clients using the client process identifier (PID) to verify code-signing identity. Because process identifiers can be reused, a local attacker can exploit a race condition between the time a connection request is made and the time the helper performs validation, causing the helper to trust an attacker-controlled process. This allows the attacker to invoke privileged operations, resulting in arbitrary code execution as root. The issue is fixed in version 16.6.2. |
| A vulnerability in the affected NETGEAR gaming routers allows attackers with the ability to intercept and tamper traffic between the router and the Internet, to execute code on the device. |
| Unauthenticated users on the local network can cause the router to become unavailable by sending specially crafted requests. |
| An unauthenticated user on the local network can gain control of the router and make unauthorized changes to its operation. |
| Insufficient input validation vulnerability in the listed NETGEAR models allows authenticated administrators connected to the local network to make unauthorized modification of router software and functionality. |
| Insufficient input validation vulnerability in NETGEAR devices allows
authenticated administrators connected to the local network to tamper with
the router's integrity. |
| Insufficient configuration management in the listed devices allows authenticated administrators connected to the local network
to tamper with the system. |
| Insufficient input validation of buffers vulnerability in the listed NETGEAR models allows authenticated administrators connected to the local network to make unauthorized modification of router software and functionality. |
| Insufficient input validation vulnerability in the listed NETGEAR models allows authenticated administrators connected to the local network to make unauthorized modification of router software and functionality. |
| Insufficient input validation vulnerability in the listed NETGEAR models allows authenticated administrators connected to the local network to make unauthorized modification of router software and functionality. |
| An information disclosure vulnerability in the NETGEAR Orbi satellites could allow a user connected to your network to gain administrator access to the Orbi router. The listed NETGEAR models are affected by this vulnerability.
Orbi WiFi Systems without satellite devices are not impacted by this issue. |
| Insufficient authentication and input validation in the listed NETGEAR models allow users connected to the local network to execute commands impacting product's confidentiality or change certain configurations. |
| md-fileserver allows for local viewing of markdown files in a browser. Prior to version 1.10.3, a cross-site scripting (XSS) vulnerability exists in the application’s Markdown rendering logic. When user-supplied Markdown content is rendered, embedded raw HTML—including <script> tags—is processed and injected into the resulting page without sanitization, allowing arbitrary JavaScript execution in the context of the affected domain. This issue has been patched in version 1.10.3. |
| Omnissa Workspace ONE® Assist for macOS contains a Local Privilege Escalation Vulnerability. |
| Deserialization of untrusted data in Nuance PowerScribe allows an unauthorized attacker to execute code over a network. |
| Use after free in Windows Deployment Services allows an unauthorized attacker to execute code over a network. |
