Alloy Rs
Products
1- 19 CVEs
Recent CVEs
19| CVE | Vendor / Product | Sev | Risk | CVSS | EPSS | KEV | Published | Description |
|---|---|---|---|---|---|---|---|---|
| CVE-2026-48899 | Cri | 0.64 | 9.8 | 0.00 | May 26, 2026 | An improper access check allows privilege escalation through the com_users batch task. | ||
| CVE-2025-62370 | Hig | 0.42 | 7.5 | 0.00 | Oct 15, 2025 | Alloy Core libraries at the root of the Rust Ethereum ecosystem. Prior to 0.8.26 and 1.4.1, an uncaught panic triggered by malformed input to alloy_dyn_abi::TypedData could lead to a denial-of-service (DoS) via eip712_signing_hash(). Software with high availability requirements… | ||
| CVE-2022-29776 | 0.01 | — | 0.07 | Jun 1, 2022 | Onlyoffice Document Server v6.0.0 and below and Core 6.1.0.26 and below were discovered to contain a stack overflow via the component DesktopEditor/common/File.cpp. | |||
| CVE-2022-33269 | 0.00 | — | 0.00 | Apr 4, 2023 | Memory corruption due to integer overflow or wraparound in Core while DDR memory assignment. | |||
| CVE-2022-40516 | 0.00 | — | 0.01 | Jan 6, 2023 | Memory corruption in Core due to stack-based buffer overflow. | |||
| CVE-2010-1433 | 0.00 | — | 0.01 | Jun 21, 2021 | Joomla! Core is prone to a vulnerability that lets attackers upload arbitrary files because the application fails to properly verify user-supplied input. An attacker can exploit this vulnerability to upload arbitrary code and run it in the context of the webserver process. This… | |||
| CVE-2010-1432 | 0.00 | — | 0.01 | Jun 21, 2021 | Joomla! Core is prone to an information disclosure vulnerability. Attackers can exploit this issue to obtain sensitive information that may help in launching further attacks. Joomla! Core versions 1.5.x ranging from 1.5.0 and up to and including 1.5.15 are vulnerable. | |||
| CVE-2020-28645 | 0.00 | — | 0.01 | Feb 9, 2021 | Deleting users with certain names caused system files to be deleted. Risk is higher for systems which allow users to register themselves and have the data directory in the web root. This affects ownCloud/core versions < 10.6. | |||
| CVE-2020-28644 | 0.00 | — | 0.00 | Feb 9, 2021 | The CSRF (Cross Site Request Forgery) token check was improperly implemented on cookie authenticated requests against some ocs API endpoints. This affects ownCloud/core version < 10.6. | |||
| CVE-2020-35269 | 0.00 | — | 0.02 | Dec 23, 2020 | Nagios Core application version 4.2.4 is vulnerable to Site-Wide Cross-Site Request Forgery (CSRF) in many functions, like adding – deleting for hosts or servers. | |||
| CVE-2020-15235 | 0.00 | — | 0.01 | Oct 5, 2020 | In RACTF before commit f3dc89b, unauthenticated users are able to get the value of sensitive config keys that would normally be hidden to everyone except admins. All versions after commit f3dc89b9f6ab1544a289b3efc06699b13d63e0bd(3/10/20) are patched. | |||
| CVE-2020-11933 | 0.00 | — | 0.00 | Jul 29, 2020 | cloud-init as managed by snapd on Ubuntu Core 16 and Ubuntu Core 18 devices was run without restrictions on every boot, which a physical attacker could exploit by crafting cloud-init user-data/meta-data via external media to perform arbitrary changes on the device to bypass… | |||
| CVE-2020-15506 | 0.00 | — | 0.03 | Jul 7, 2020 | An authentication bypass vulnerability in MobileIron Core & Connector versions 10.3.0.3 and earlier, 10.4.0.0, 10.4.0.1, 10.4.0.2, 10.4.0.3, 10.5.1.0, 10.5.2.0 and 10.6.0.0 that allows remote attackers to bypass authentication mechanisms via unspecified vectors. | |||
| CVE-2020-15507 | 0.00 | — | 0.02 | Jul 7, 2020 | An arbitrary file reading vulnerability in MobileIron Core versions 10.3.0.3 and earlier, 10.4.0.0, 10.4.0.1, 10.4.0.2, 10.4.0.3, 10.5.1.0, 10.5.2.0 and 10.6.0.0 that allows remote attackers to read files on the system via unspecified vectors. | |||
| CVE-2014-6262 | 0.00 | — | 0.07 | Feb 12, 2020 | Multiple format string vulnerabilities in the python module in RRDtool, as used in Zenoss Core before 4.2.5 and other products, allow remote attackers to execute arbitrary code or cause a denial of service (application crash) via a crafted third argument to the rrdtool.graph… | |||
| CVE-2012-1562 | 0.00 | — | 0.01 | Jan 15, 2020 | Joomla! core before 2.5.3 allows unauthorized password change. | |||
| CVE-2019-16752 | 0.00 | — | 0.00 | Dec 4, 2019 | An issue was discovered in Decentralized Anonymous Payment System (DAPS) through 2019-08-26. It is possible to force wallets to send HTTP requests to arbitrary locations, both on the local network and on the internet. This is a serious threat to user privacy, since it can… | |||
| CVE-2012-5665 | 0.00 | — | 0.02 | Jan 3, 2013 | ownCloud 4.0.x before 4.0.10 and 4.5.x before 4.5.5 does not properly restrict access to settings.php, which allows remote attackers to edit app configurations of user_webdavauth and user_ldap by editing this file. | |||
| CVE-2009-4371 | 0.00 | — | 0.01 | Dec 21, 2009 | Cross-site scripting (XSS) vulnerability in the Locale module (modules/locale/locale.module) in Drupal Core 6.14, and possibly other versions including 6.15, allows remote authenticated users with "administer languages" permissions to inject arbitrary web script or HTML via the… |
- risk 0.64cvss 9.8epss 0.00
An improper access check allows privilege escalation through the com_users batch task.
- risk 0.42cvss 7.5epss 0.00
Alloy Core libraries at the root of the Rust Ethereum ecosystem. Prior to 0.8.26 and 1.4.1, an uncaught panic triggered by malformed input to alloy_dyn_abi::TypedData could lead to a denial-of-service (DoS) via eip712_signing_hash(). Software with high availability requirements…
- CVE-2022-29776Jun 1, 2022risk 0.01cvss —epss 0.07
Onlyoffice Document Server v6.0.0 and below and Core 6.1.0.26 and below were discovered to contain a stack overflow via the component DesktopEditor/common/File.cpp.
- CVE-2022-33269Apr 4, 2023risk 0.00cvss —epss 0.00
Memory corruption due to integer overflow or wraparound in Core while DDR memory assignment.
- CVE-2022-40516Jan 6, 2023risk 0.00cvss —epss 0.01
Memory corruption in Core due to stack-based buffer overflow.
- CVE-2010-1433Jun 21, 2021risk 0.00cvss —epss 0.01
Joomla! Core is prone to a vulnerability that lets attackers upload arbitrary files because the application fails to properly verify user-supplied input. An attacker can exploit this vulnerability to upload arbitrary code and run it in the context of the webserver process. This…
- CVE-2010-1432Jun 21, 2021risk 0.00cvss —epss 0.01
Joomla! Core is prone to an information disclosure vulnerability. Attackers can exploit this issue to obtain sensitive information that may help in launching further attacks. Joomla! Core versions 1.5.x ranging from 1.5.0 and up to and including 1.5.15 are vulnerable.
- CVE-2020-28645Feb 9, 2021risk 0.00cvss —epss 0.01
Deleting users with certain names caused system files to be deleted. Risk is higher for systems which allow users to register themselves and have the data directory in the web root. This affects ownCloud/core versions < 10.6.
- CVE-2020-28644Feb 9, 2021risk 0.00cvss —epss 0.00
The CSRF (Cross Site Request Forgery) token check was improperly implemented on cookie authenticated requests against some ocs API endpoints. This affects ownCloud/core version < 10.6.
- CVE-2020-35269Dec 23, 2020risk 0.00cvss —epss 0.02
Nagios Core application version 4.2.4 is vulnerable to Site-Wide Cross-Site Request Forgery (CSRF) in many functions, like adding – deleting for hosts or servers.
- CVE-2020-15235Oct 5, 2020risk 0.00cvss —epss 0.01
In RACTF before commit f3dc89b, unauthenticated users are able to get the value of sensitive config keys that would normally be hidden to everyone except admins. All versions after commit f3dc89b9f6ab1544a289b3efc06699b13d63e0bd(3/10/20) are patched.
- CVE-2020-11933Jul 29, 2020risk 0.00cvss —epss 0.00
cloud-init as managed by snapd on Ubuntu Core 16 and Ubuntu Core 18 devices was run without restrictions on every boot, which a physical attacker could exploit by crafting cloud-init user-data/meta-data via external media to perform arbitrary changes on the device to bypass…
- CVE-2020-15506Jul 7, 2020risk 0.00cvss —epss 0.03
An authentication bypass vulnerability in MobileIron Core & Connector versions 10.3.0.3 and earlier, 10.4.0.0, 10.4.0.1, 10.4.0.2, 10.4.0.3, 10.5.1.0, 10.5.2.0 and 10.6.0.0 that allows remote attackers to bypass authentication mechanisms via unspecified vectors.
- CVE-2020-15507Jul 7, 2020risk 0.00cvss —epss 0.02
An arbitrary file reading vulnerability in MobileIron Core versions 10.3.0.3 and earlier, 10.4.0.0, 10.4.0.1, 10.4.0.2, 10.4.0.3, 10.5.1.0, 10.5.2.0 and 10.6.0.0 that allows remote attackers to read files on the system via unspecified vectors.
- CVE-2014-6262Feb 12, 2020risk 0.00cvss —epss 0.07
Multiple format string vulnerabilities in the python module in RRDtool, as used in Zenoss Core before 4.2.5 and other products, allow remote attackers to execute arbitrary code or cause a denial of service (application crash) via a crafted third argument to the rrdtool.graph…
- CVE-2012-1562Jan 15, 2020risk 0.00cvss —epss 0.01
Joomla! core before 2.5.3 allows unauthorized password change.
- CVE-2019-16752Dec 4, 2019risk 0.00cvss —epss 0.00
An issue was discovered in Decentralized Anonymous Payment System (DAPS) through 2019-08-26. It is possible to force wallets to send HTTP requests to arbitrary locations, both on the local network and on the internet. This is a serious threat to user privacy, since it can…
- CVE-2012-5665Jan 3, 2013risk 0.00cvss —epss 0.02
ownCloud 4.0.x before 4.0.10 and 4.5.x before 4.5.5 does not properly restrict access to settings.php, which allows remote attackers to edit app configurations of user_webdavauth and user_ldap by editing this file.
- CVE-2009-4371Dec 21, 2009risk 0.00cvss —epss 0.01
Cross-site scripting (XSS) vulnerability in the Locale module (modules/locale/locale.module) in Drupal Core 6.14, and possibly other versions including 6.15, allows remote authenticated users with "administer languages" permissions to inject arbitrary web script or HTML via the…