| CVE | Vendor / Product | Sev | Risk | CVSS | EPSS | KEV | Published | Description |
|---|---|---|---|---|---|---|---|---|
| CVE-2024-8900 | Hig | 0.49 | 7.5 | 0.00 | Sep 17, 2024 | An attacker could write data to the user's clipboard, bypassing the user prompt, during a certain sequence of navigational events. This vulnerability affects Firefox < 129, Firefox ESR < 128.3, and Thunderbird < 128.3. | ||
| CVE-2024-43460 | Hig | 0.53 | 8.1 | 0.01 | Sep 17, 2024 | Improper authorization in Dynamics 365 Business Central resulted in a vulnerability that allows an authenticated attacker to elevate privileges over a network. | ||
| CVE-2024-8944 | Hig | 0.48 | 7.3 | 0.01 | Sep 17, 2024 | A vulnerability, which was classified as critical, was found in code-projects Hospital Management System 1.0. This affects an unknown part of the file check_availability.php. The manipulation of the argument email leads to sql injection. It is possible to initiate the attack… | ||
| CVE-2024-45682 | — | Hig | 0.57 | 8.8 | 0.02 | Sep 17, 2024 | There is a command injection vulnerability that may allow an attacker to inject malicious input on the device's operating system. | |
| CVE-2024-42503 | Hig | 0.47 | 7.2 | 0.01 | Sep 17, 2024 | Authenticated command execution vulnerability exist in the ArubaOS command line interface (CLI). Successful exploitation of this vulnerabilities result in the ability to run arbitrary commands as a priviledge user on the underlying operating system. | ||
| CVE-2024-42502 | Hig | 0.47 | 7.2 | 0.02 | Sep 17, 2024 | Authenticated command injection vulnerability exists in the ArubaOS command line interface. Successful exploitation of this vulnerability result in the ability to inject shell commands on the underlying operating system. | ||
| CVE-2024-42501 | Hig | 0.47 | 7.2 | 0.01 | Sep 17, 2024 | An authenticated Path Traversal vulnerabilities exists in the ArubaOS. Successful exploitation of this vulnerability allows an attacker to install unsigned packages on the underlying operating system, enabling the threat actor to execute arbitrary code or install implants. | ||
| CVE-2024-38813 | Hig | 0.62 | 7.5 | 0.17 | KEV | Sep 17, 2024 | The vCenter Server contains a privilege escalation vulnerability. A malicious actor with network access to vCenter Server may trigger this vulnerability to escalate privileges to root by sending a specially crafted network packet. | |
| CVE-2024-8768 | Hig | 0.42 | 7.5 | 0.01 | Sep 17, 2024 | A flaw was found in the vLLM library. A completions API request with an empty prompt will crash the vLLM API server, resulting in a denial of service. | ||
| CVE-2024-7788 | Hig | 0.51 | 7.8 | 0.00 | Sep 17, 2024 | Improper Digital Signature Invalidation vulnerability in Zip Repair Mode of The Document Foundation LibreOffice allows Signature forgery vulnerability in LibreOfficeThis issue affects LibreOffice: from 24.2 before < 24.2.5. | ||
| CVE-2021-27916 | Hig | 0.46 | 8.1 | 0.01 | Sep 17, 2024 | Prior to the patched version, logged in users of Mautic are vulnerable to Relative Path Traversal/Arbitrary File Deletion. Regardless of the level of access the Mautic user had, they could delete files other than those in the media folders such as system files, libraries or… | ||
| CVE-2024-47049 | Hig | 0.46 | 8.2 | 0.01 | Sep 17, 2024 | The czim/file-handling package before 1.5.0 and 2.x before 2.3.0 (used with PHP Composer) does not properly validate URLs within makeFromUrl and makeFromAny, leading to SSRF, and to directory traversal for the reading of local files. | ||
| CVE-2024-47047 | — | Hig | 0.42 | 7.5 | 0.00 | Sep 17, 2024 | An issue was discovered in the powermail extension through 12.4.0 for TYPO3. It fails to validate the mail parameter of the createAction, resulting in Insecure Direct Object Reference (IDOR) in some configurations. An unauthenticated attacker can use this to display… | |
| CVE-2024-22303 | Hig | 0.57 | 8.8 | 0.00 | Sep 17, 2024 | Incorrect Privilege Assignment vulnerability in favethemes Houzez allows Privilege Escalation.This issue affects Houzez: from n/a through 3.2.4. | ||
| CVE-2024-21743 | Hig | 0.57 | 8.8 | 0.00 | Sep 17, 2024 | Privilege Escalation vulnerability in favethemes Houzez Login Register houzez-login-register.This issue affects Houzez Login Register: from n/a through 3.2.5. | ||
| CVE-2021-27915 | Hig | 0.42 | 7.6 | 0.01 | Sep 17, 2024 | Prior to the patched version, there is an XSS vulnerability in the description fields within the Mautic application which could be exploited by a logged in user of Mautic with the appropriate permissions. This could lead to the user having elevated access to the system. | ||
| CVE-2024-46362 | Hig | 0.57 | 8.8 | 0.00 | Sep 17, 2024 | FrogCMS V0.9.5 was discovered to contain a Cross-Site Request Forgery (CSRF) vulnerability via /admin/?/plugin/file_manager/create_directory | ||
| CVE-2024-46085 | Hig | 0.57 | 8.8 | 0.00 | Sep 17, 2024 | FrogCMS V0.9.5 was discovered to contain a Cross-Site Request Forgery (CSRF) vulnerability via /admin/?/plugin/file_manager/rename | ||
| CVE-2024-5998 | Hig | 0.44 | 7.8 | 0.00 | Sep 17, 2024 | A vulnerability in the FAISS.deserialize_from_bytes function of langchain-ai/langchain allows for pickle deserialization of untrusted data. This can lead to the execution of arbitrary commands via the os.system function. The issue affects the latest version of the product. | ||
| CVE-2024-8761 | Hig | 0.40 | 7.2 | 0.00 | Sep 17, 2024 | The Share This Image plugin for WordPress is vulnerable to Open Redirect in all versions up to, and including, 2.03. This is due to insufficient validation on the redirect url supplied via the link parameter. This makes it possible for unauthenticated attackers to redirect users… | ||
| CVE-2024-8490 | Hig | 0.50 | 8.8 | 0.00 | Sep 17, 2024 | The PropertyHive plugin for WordPress is vulnerable to Cross-Site Request Forgery in all versions up to, and including, 2.0.19. This is due to missing or incorrect nonce validation on the 'save_account_details' function. This makes it possible for unauthenticated attackers to… | ||
| CVE-2024-8110 | Hig | 0.49 | 7.5 | 0.00 | Sep 17, 2024 | Denial of Service (DoS) vulnerability has been found in Dual-redundant Platform for Computer. If a computer on which the affected product is installed receives a large number of UDP broadcast packets in a short period, occasionally that computer may restart. If both the active… | ||
| CVE-2024-44189 | Hig | 0.49 | 7.5 | 0.01 | Sep 17, 2024 | The issue was addressed with improved checks. This issue is fixed in macOS Sequoia 15. A logic issue existed where a process may be able to capture screen contents without user consent. | ||
| CVE-2024-44165 | Hig | 0.49 | 7.5 | 0.01 | Sep 17, 2024 | A logic issue was addressed with improved checks. This issue is fixed in iOS 17.7 and iPadOS 17.7, iOS 18 and iPadOS 18, macOS Sequoia 15, macOS Sonoma 14.7, macOS Ventura 13.7, visionOS 2. Network traffic may leak outside a VPN tunnel. | ||
| CVE-2024-44164 | Hig | 0.46 | 7.1 | 0.00 | Sep 17, 2024 | This issue was addressed with improved checks. This issue is fixed in iOS 17.7 and iPadOS 17.7, macOS Sequoia 15, macOS Sonoma 14.7, macOS Ventura 13.7. An app may be able to bypass Privacy preferences. | ||
| CVE-2024-44162 | Hig | 0.51 | 7.8 | 0.00 | Sep 17, 2024 | This issue was addressed by enabling hardened runtime. This issue is fixed in Xcode 16. A malicious application may gain access to a user's Keychain items. | ||
| CVE-2024-44152 | Hig | 0.49 | 7.5 | 0.01 | Sep 17, 2024 | A privacy issue was addressed with improved private data redaction for log entries. This issue is fixed in macOS Sequoia 15. An app may be able to access user-sensitive data. | ||
| CVE-2024-44149 | Hig | 0.49 | 7.5 | 0.01 | Sep 17, 2024 | A permissions issue was addressed with additional restrictions. This issue is fixed in macOS Sequoia 15. An app may be able to access protected user data. | ||
| CVE-2024-44132 | Hig | 0.57 | 8.8 | 0.00 | Sep 17, 2024 | This issue was addressed with improved handling of symlinks. This issue is fixed in macOS Sequoia 15. An app may be able to break out of its sandbox. | ||
| CVE-2024-40861 | Hig | 0.51 | 7.8 | 0.00 | Sep 17, 2024 | The issue was addressed with improved checks. This issue is fixed in macOS Sequoia 15. An app may be able to gain root privileges. | ||
| CVE-2024-40856 | Hig | 0.49 | 7.5 | 0.01 | Sep 17, 2024 | An integrity issue was addressed with Beacon Protection. This issue is fixed in iOS 18 and iPadOS 18, macOS Sequoia 15, tvOS 18. An attacker may be able to force a device to disconnect from a secure network. | ||
| CVE-2024-40848 | Hig | 0.49 | 7.5 | 0.01 | Sep 17, 2024 | A downgrade issue was addressed with additional code-signing restrictions. This issue is fixed in macOS Sequoia 15, macOS Sonoma 14.7, macOS Ventura 13.7. An attacker may be able to read sensitive information. | ||
| CVE-2024-40770 | Hig | 0.49 | 7.5 | 0.00 | Sep 17, 2024 | A permissions issue was addressed with additional restrictions. This issue is fixed in macOS Sequoia 15. A non-privileged user may be able to modify restricted network settings. | ||
| CVE-2024-27879 | Hig | 0.49 | 7.5 | 0.01 | Sep 17, 2024 | The issue was addressed with improved bounds checks. This issue is fixed in iOS 17.7 and iPadOS 17.7, iOS 18 and iPadOS 18. An attacker may be able to cause unexpected app termination. | ||
| CVE-2024-27874 | Hig | 0.49 | 7.5 | 0.01 | Sep 17, 2024 | This issue was addressed through improved state management. This issue is fixed in iOS 18 and iPadOS 18. A remote attacker may be able to cause a denial-of-service. | ||
| CVE-2024-27795 | Hig | 0.49 | 7.5 | 0.01 | Sep 17, 2024 | A permissions issue was addressed with additional restrictions. This issue is fixed in macOS Sequoia 15. A camera extension may be able to access the internet. | ||
| CVE-2024-45416 | Hig | 0.53 | 8.1 | 0.01 | Sep 16, 2024 | The HTTPD binary in multiple ZTE routers has a local file inclusion vulnerability in session_init function. The session -LUA- files are stored in the directory /var/lua_session, the function iterates on all files in this directory and executes them using the function dofile… | ||
| CVE-2024-45413 | Hig | 0.53 | 8.1 | 0.00 | Sep 16, 2024 | The HTTPD binary in multiple ZTE routers has a stack-based buffer overflow vulnerability in rsa_decrypt function. This function is an API wrapper for LUA to decrypt RSA encrypted ciphertext, the decrypted data is stored on the stack without checking its length. An authenticated… | ||
| CVE-2024-42798 | Hig | 0.49 | 7.6 | 0.00 | Sep 16, 2024 | An Incorrect Access Control vulnerability was found in /music/index.php?page=user_list and /music/index.php?page=edit_user in Kashipara Music Management System v1.0. This allows a low privileged attacker to take over the administrator account. | ||
| CVE-2024-45801 | Hig | 0.41 | 7.3 | 0.01 | Sep 16, 2024 | DOMPurify is a DOM-only, super-fast, uber-tolerant XSS sanitizer for HTML, MathML and SVG. It has been discovered that malicious HTML using special nesting techniques can bypass the depth checking added to DOMPurify in recent releases. It was also possible to use Prototype… | ||
| CVE-2024-45799 | Hig | 0.47 | 7.3 | 0.00 | Sep 16, 2024 | FluxCP is a web-based Control Panel for rAthena servers written in PHP. A javascript injection is possible via venders/buyers list pages and shop names, that are currently not sanitized. This allows executing arbitrary javascript code on the user's browser just by visiting the… | ||
| CVE-2023-45854 | Hig | 0.49 | 7.5 | 0.00 | Sep 16, 2024 | A Business Logic vulnerability in Shopkit 1.0 allows an attacker to add products with negative quantities to the shopping cart via the qtd parameter in the add-to-cart function. | ||
| CVE-2024-23599 | Hig | 0.51 | 7.9 | 0.00 | Sep 16, 2024 | Race condition in Seamless Firmware Updates for some Intel(R) reference platforms may allow a privileged user to potentially enable denial of service via local access. | ||
| CVE-2024-21871 | Hig | 0.49 | 7.5 | 0.00 | Sep 16, 2024 | Improper input validation in UEFI firmware for some Intel(R) Processors may allow a privileged user to potentially enable escalation of privilege via local access. | ||
| CVE-2024-21829 | Hig | 0.49 | 7.5 | 0.00 | Sep 16, 2024 | Improper input validation in UEFI firmware error handler for some Intel(R) Processors may allow a privileged user to potentially enable escalation of privilege via local access. | ||
| CVE-2024-21781 | Hig | 0.47 | 7.2 | 0.00 | Sep 16, 2024 | Improper input validation in UEFI firmware for some Intel(R) Processors may allow a privileged user to enable information disclosure or denial of service via local access. | ||
| CVE-2023-43626 | Hig | 0.49 | 7.5 | 0.00 | Sep 16, 2024 | Improper access control in UEFI firmware for some Intel(R) Processors may allow a privileged user to potentially enable escalation of privilege via local access. | ||
| CVE-2023-42772 | Hig | 0.53 | 8.2 | 0.00 | Sep 16, 2024 | Untrusted pointer dereference in UEFI firmware for some Intel(R) reference processors may allow a privileged user to potentially enable escalation of privilege via local access. | ||
| CVE-2023-41833 | Hig | 0.49 | 7.5 | 0.00 | Sep 16, 2024 | A race condition in UEFI firmware for some Intel(R) processors may allow a privileged user to potentially enable escalation of privilege via local access. | ||
| CVE-2024-8752 | Hig | 0.50 | 7.5 | 0.12 | Sep 16, 2024 | The Windows version of WebIQ 2.15.9 is affected by a directory traversal vulnerability that allows remote attackers to read any file on the system. |
- risk 0.49cvss 7.5epss 0.00
An attacker could write data to the user's clipboard, bypassing the user prompt, during a certain sequence of navigational events. This vulnerability affects Firefox < 129, Firefox ESR < 128.3, and Thunderbird < 128.3.
- risk 0.53cvss 8.1epss 0.01
Improper authorization in Dynamics 365 Business Central resulted in a vulnerability that allows an authenticated attacker to elevate privileges over a network.
- risk 0.48cvss 7.3epss 0.01
A vulnerability, which was classified as critical, was found in code-projects Hospital Management System 1.0. This affects an unknown part of the file check_availability.php. The manipulation of the argument email leads to sql injection. It is possible to initiate the attack…
- risk 0.57cvss 8.8epss 0.02
There is a command injection vulnerability that may allow an attacker to inject malicious input on the device's operating system.
- risk 0.47cvss 7.2epss 0.01
Authenticated command execution vulnerability exist in the ArubaOS command line interface (CLI). Successful exploitation of this vulnerabilities result in the ability to run arbitrary commands as a priviledge user on the underlying operating system.
- risk 0.47cvss 7.2epss 0.02
Authenticated command injection vulnerability exists in the ArubaOS command line interface. Successful exploitation of this vulnerability result in the ability to inject shell commands on the underlying operating system.
- risk 0.47cvss 7.2epss 0.01
An authenticated Path Traversal vulnerabilities exists in the ArubaOS. Successful exploitation of this vulnerability allows an attacker to install unsigned packages on the underlying operating system, enabling the threat actor to execute arbitrary code or install implants.
- risk 0.62cvss 7.5epss 0.17
The vCenter Server contains a privilege escalation vulnerability. A malicious actor with network access to vCenter Server may trigger this vulnerability to escalate privileges to root by sending a specially crafted network packet.
- risk 0.42cvss 7.5epss 0.01
A flaw was found in the vLLM library. A completions API request with an empty prompt will crash the vLLM API server, resulting in a denial of service.
- risk 0.51cvss 7.8epss 0.00
Improper Digital Signature Invalidation vulnerability in Zip Repair Mode of The Document Foundation LibreOffice allows Signature forgery vulnerability in LibreOfficeThis issue affects LibreOffice: from 24.2 before < 24.2.5.
- risk 0.46cvss 8.1epss 0.01
Prior to the patched version, logged in users of Mautic are vulnerable to Relative Path Traversal/Arbitrary File Deletion. Regardless of the level of access the Mautic user had, they could delete files other than those in the media folders such as system files, libraries or…
- risk 0.46cvss 8.2epss 0.01
The czim/file-handling package before 1.5.0 and 2.x before 2.3.0 (used with PHP Composer) does not properly validate URLs within makeFromUrl and makeFromAny, leading to SSRF, and to directory traversal for the reading of local files.
- risk 0.42cvss 7.5epss 0.00
An issue was discovered in the powermail extension through 12.4.0 for TYPO3. It fails to validate the mail parameter of the createAction, resulting in Insecure Direct Object Reference (IDOR) in some configurations. An unauthenticated attacker can use this to display…
- risk 0.57cvss 8.8epss 0.00
Incorrect Privilege Assignment vulnerability in favethemes Houzez allows Privilege Escalation.This issue affects Houzez: from n/a through 3.2.4.
- risk 0.57cvss 8.8epss 0.00
Privilege Escalation vulnerability in favethemes Houzez Login Register houzez-login-register.This issue affects Houzez Login Register: from n/a through 3.2.5.
- risk 0.42cvss 7.6epss 0.01
Prior to the patched version, there is an XSS vulnerability in the description fields within the Mautic application which could be exploited by a logged in user of Mautic with the appropriate permissions. This could lead to the user having elevated access to the system.
- risk 0.57cvss 8.8epss 0.00
FrogCMS V0.9.5 was discovered to contain a Cross-Site Request Forgery (CSRF) vulnerability via /admin/?/plugin/file_manager/create_directory
- risk 0.57cvss 8.8epss 0.00
FrogCMS V0.9.5 was discovered to contain a Cross-Site Request Forgery (CSRF) vulnerability via /admin/?/plugin/file_manager/rename
- risk 0.44cvss 7.8epss 0.00
A vulnerability in the FAISS.deserialize_from_bytes function of langchain-ai/langchain allows for pickle deserialization of untrusted data. This can lead to the execution of arbitrary commands via the os.system function. The issue affects the latest version of the product.
- risk 0.40cvss 7.2epss 0.00
The Share This Image plugin for WordPress is vulnerable to Open Redirect in all versions up to, and including, 2.03. This is due to insufficient validation on the redirect url supplied via the link parameter. This makes it possible for unauthenticated attackers to redirect users…
- risk 0.50cvss 8.8epss 0.00
The PropertyHive plugin for WordPress is vulnerable to Cross-Site Request Forgery in all versions up to, and including, 2.0.19. This is due to missing or incorrect nonce validation on the 'save_account_details' function. This makes it possible for unauthenticated attackers to…
- risk 0.49cvss 7.5epss 0.00
Denial of Service (DoS) vulnerability has been found in Dual-redundant Platform for Computer. If a computer on which the affected product is installed receives a large number of UDP broadcast packets in a short period, occasionally that computer may restart. If both the active…
- risk 0.49cvss 7.5epss 0.01
The issue was addressed with improved checks. This issue is fixed in macOS Sequoia 15. A logic issue existed where a process may be able to capture screen contents without user consent.
- risk 0.49cvss 7.5epss 0.01
A logic issue was addressed with improved checks. This issue is fixed in iOS 17.7 and iPadOS 17.7, iOS 18 and iPadOS 18, macOS Sequoia 15, macOS Sonoma 14.7, macOS Ventura 13.7, visionOS 2. Network traffic may leak outside a VPN tunnel.
- risk 0.46cvss 7.1epss 0.00
This issue was addressed with improved checks. This issue is fixed in iOS 17.7 and iPadOS 17.7, macOS Sequoia 15, macOS Sonoma 14.7, macOS Ventura 13.7. An app may be able to bypass Privacy preferences.
- risk 0.51cvss 7.8epss 0.00
This issue was addressed by enabling hardened runtime. This issue is fixed in Xcode 16. A malicious application may gain access to a user's Keychain items.
- risk 0.49cvss 7.5epss 0.01
A privacy issue was addressed with improved private data redaction for log entries. This issue is fixed in macOS Sequoia 15. An app may be able to access user-sensitive data.
- risk 0.49cvss 7.5epss 0.01
A permissions issue was addressed with additional restrictions. This issue is fixed in macOS Sequoia 15. An app may be able to access protected user data.
- risk 0.57cvss 8.8epss 0.00
This issue was addressed with improved handling of symlinks. This issue is fixed in macOS Sequoia 15. An app may be able to break out of its sandbox.
- risk 0.51cvss 7.8epss 0.00
The issue was addressed with improved checks. This issue is fixed in macOS Sequoia 15. An app may be able to gain root privileges.
- risk 0.49cvss 7.5epss 0.01
An integrity issue was addressed with Beacon Protection. This issue is fixed in iOS 18 and iPadOS 18, macOS Sequoia 15, tvOS 18. An attacker may be able to force a device to disconnect from a secure network.
- risk 0.49cvss 7.5epss 0.01
A downgrade issue was addressed with additional code-signing restrictions. This issue is fixed in macOS Sequoia 15, macOS Sonoma 14.7, macOS Ventura 13.7. An attacker may be able to read sensitive information.
- risk 0.49cvss 7.5epss 0.00
A permissions issue was addressed with additional restrictions. This issue is fixed in macOS Sequoia 15. A non-privileged user may be able to modify restricted network settings.
- risk 0.49cvss 7.5epss 0.01
The issue was addressed with improved bounds checks. This issue is fixed in iOS 17.7 and iPadOS 17.7, iOS 18 and iPadOS 18. An attacker may be able to cause unexpected app termination.
- risk 0.49cvss 7.5epss 0.01
This issue was addressed through improved state management. This issue is fixed in iOS 18 and iPadOS 18. A remote attacker may be able to cause a denial-of-service.
- risk 0.49cvss 7.5epss 0.01
A permissions issue was addressed with additional restrictions. This issue is fixed in macOS Sequoia 15. A camera extension may be able to access the internet.
- risk 0.53cvss 8.1epss 0.01
The HTTPD binary in multiple ZTE routers has a local file inclusion vulnerability in session_init function. The session -LUA- files are stored in the directory /var/lua_session, the function iterates on all files in this directory and executes them using the function dofile…
- risk 0.53cvss 8.1epss 0.00
The HTTPD binary in multiple ZTE routers has a stack-based buffer overflow vulnerability in rsa_decrypt function. This function is an API wrapper for LUA to decrypt RSA encrypted ciphertext, the decrypted data is stored on the stack without checking its length. An authenticated…
- risk 0.49cvss 7.6epss 0.00
An Incorrect Access Control vulnerability was found in /music/index.php?page=user_list and /music/index.php?page=edit_user in Kashipara Music Management System v1.0. This allows a low privileged attacker to take over the administrator account.
- risk 0.41cvss 7.3epss 0.01
DOMPurify is a DOM-only, super-fast, uber-tolerant XSS sanitizer for HTML, MathML and SVG. It has been discovered that malicious HTML using special nesting techniques can bypass the depth checking added to DOMPurify in recent releases. It was also possible to use Prototype…
- risk 0.47cvss 7.3epss 0.00
FluxCP is a web-based Control Panel for rAthena servers written in PHP. A javascript injection is possible via venders/buyers list pages and shop names, that are currently not sanitized. This allows executing arbitrary javascript code on the user's browser just by visiting the…
- risk 0.49cvss 7.5epss 0.00
A Business Logic vulnerability in Shopkit 1.0 allows an attacker to add products with negative quantities to the shopping cart via the qtd parameter in the add-to-cart function.
- risk 0.51cvss 7.9epss 0.00
Race condition in Seamless Firmware Updates for some Intel(R) reference platforms may allow a privileged user to potentially enable denial of service via local access.
- risk 0.49cvss 7.5epss 0.00
Improper input validation in UEFI firmware for some Intel(R) Processors may allow a privileged user to potentially enable escalation of privilege via local access.
- risk 0.49cvss 7.5epss 0.00
Improper input validation in UEFI firmware error handler for some Intel(R) Processors may allow a privileged user to potentially enable escalation of privilege via local access.
- risk 0.47cvss 7.2epss 0.00
Improper input validation in UEFI firmware for some Intel(R) Processors may allow a privileged user to enable information disclosure or denial of service via local access.
- risk 0.49cvss 7.5epss 0.00
Improper access control in UEFI firmware for some Intel(R) Processors may allow a privileged user to potentially enable escalation of privilege via local access.
- risk 0.53cvss 8.2epss 0.00
Untrusted pointer dereference in UEFI firmware for some Intel(R) reference processors may allow a privileged user to potentially enable escalation of privilege via local access.
- risk 0.49cvss 7.5epss 0.00
A race condition in UEFI firmware for some Intel(R) processors may allow a privileged user to potentially enable escalation of privilege via local access.
- risk 0.50cvss 7.5epss 0.12
The Windows version of WebIQ 2.15.9 is affected by a directory traversal vulnerability that allows remote attackers to read any file on the system.