‼ CVE-2021-27788 ‼
📖 Read
via "National Vulnerability Database".
HCL Verse is susceptible to a Cross Site Scripting (XSS) vulnerability. By tricking a user into clicking a crafted URL, a remote unauthenticated attacker could execute script in a victim's web browser to perform operations as the victim and/or steal the victim's cookies, session tokens, or other sensitive information.📖 Read
via "National Vulnerability Database".
‼ CVE-2022-22075 ‼
📖 Read
via "National Vulnerability Database".
Information Disclosure in Graphics during GPU context switch.📖 Read
via "National Vulnerability Database".
‼ CVE-2022-40540 ‼
📖 Read
via "National Vulnerability Database".
Memory corruption due to buffer copy without checking the size of input while loading firmware in Linux Kernel.📖 Read
via "National Vulnerability Database".
‼ CVE-2022-40530 ‼
📖 Read
via "National Vulnerability Database".
Memory corruption in WLAN due to integer overflow to buffer overflow in WLAN during initialization phase.📖 Read
via "National Vulnerability Database".
‼ CVE-2022-33254 ‼
📖 Read
via "National Vulnerability Database".
Transient DOS due to reachable assertion in Modem while processing SIB1 Message.📖 Read
via "National Vulnerability Database".
‼ CVE-2022-44574 ‼
📖 Read
via "National Vulnerability Database".
An improper authentication vulnerability exists in Avalanche version 6.3.x and below allows unauthenticated attacker to modify properties on specific port.📖 Read
via "National Vulnerability Database".
‼ CVE-2022-33278 ‼
📖 Read
via "National Vulnerability Database".
Memory corruption due to buffer copy without checking the size of input in HLOS when input message size is larger than the buffer capacity.📖 Read
via "National Vulnerability Database".
‼ CVE-2022-37939 ‼
📖 Read
via "National Vulnerability Database".
A potential security vulnerability has been identified in HPE Superdome Flex and Superdome Flex 280 servers. The vulnerability could be locally exploited to allow disclosure of information. HPE has made the following software to resolve the vulnerability in HPE Superdome Flex Servers v3.65.8 and Superdome Flex 280 Servers v1.45.8.📖 Read
via "National Vulnerability Database".
‼ CVE-2023-27898 ‼
📖 Read
via "National Vulnerability Database".
Jenkins 2.270 through 2.393 (both inclusive), LTS 2.277.1 through 2.375.3 (both inclusive) does not escape the Jenkins version a plugin depends on when rendering the error message stating its incompatibility with the current version of Jenkins, resulting in a stored cross-site scripting (XSS) vulnerability exploitable by attackers able to provide plugins to the configured update sites and have this message shown by Jenkins instances.📖 Read
via "National Vulnerability Database".
‼ CVE-2022-33256 ‼
📖 Read
via "National Vulnerability Database".
Memory corruption due to improper validation of array index in Multi-mode call processor.📖 Read
via "National Vulnerability Database".
‼ CVE-2022-40527 ‼
📖 Read
via "National Vulnerability Database".
Transient DOS due to reachable assertion in WLAN while processing PEER ID populated by TQM.📖 Read
via "National Vulnerability Database".
‼ CVE-2022-47453 ‼
📖 Read
via "National Vulnerability Database".
In wcn service, there is a possible missing params check. This could lead to local denial of service in wcn service.📖 Read
via "National Vulnerability Database".
‼ CVE-2022-33272 ‼
📖 Read
via "National Vulnerability Database".
Transient DOS in modem due to reachable assertion.📖 Read
via "National Vulnerability Database".
‼ CVE-2022-33250 ‼
📖 Read
via "National Vulnerability Database".
Transient DOS due to reachable assertion in modem when network repeatedly sent invalid message container for NR to LTE handover.📖 Read
via "National Vulnerability Database".
‼ CVE-2022-25705 ‼
📖 Read
via "National Vulnerability Database".
Memory corruption in modem due to integer overflow to buffer overflow while handling APDU response📖 Read
via "National Vulnerability Database".
‼ CVE-2022-43399 ‼
📖 Read
via "National Vulnerability Database".
** REJECT ** DO NOT USE THIS CANDIDATE NUMBER. ConsultIDs: none. Reason: This candidate is unused by its CNA. Notes: none.📖 Read
via "National Vulnerability Database".
‼ CVE-2022-47455 ‼
📖 Read
via "National Vulnerability Database".
In wlan driver, there is a possible missing params check. This could lead to local denial of service in wlan services.📖 Read
via "National Vulnerability Database".
‼ CVE-2022-33257 ‼
📖 Read
via "National Vulnerability Database".
Memory corruption in Core due to time-of-check time-of-use race condition during dump collection in trust zone.📖 Read
via "National Vulnerability Database".
‼ CVE-2023-27530 ‼
📖 Read
via "National Vulnerability Database".
A DoS vulnerability exists in Rack <v3.0.4.2, <v2.2.6.3, <v2.1.4.3 and <v2.0.9.3 within in the Multipart MIME parsing code in which could allow an attacker to craft requests that can be abuse to cause multipart parsing to take longer than expected.📖 Read
via "National Vulnerability Database".
‼ CVE-2023-25143 ‼
📖 Read
via "National Vulnerability Database".
An uncontrolled search path element vulnerability in the Trend Micro Apex One Server installer could allow an attacker to achieve a remote code execution state on affected products.📖 Read
via "National Vulnerability Database".
‼ CVE-2022-47484 ‼
📖 Read
via "National Vulnerability Database".
In telephony service, there is a missing permission check. This could lead to local denial of service in telephone service with no additional execution privileges needed.📖 Read
via "National Vulnerability Database".