| CVE |
Vendors |
Products |
Updated |
CVSS v3.1 |
| Out-of-bounds array read/write vulnerability in the kernel module
Impact: Successful exploitation of this vulnerability may affect availability. |
| Vulnerability of insufficient information protection in the media library module
Impact: Successful exploitation of this vulnerability may affect service confidentiality. |
| Permission control vulnerability in the media library module
Impact: Successful exploitation of this vulnerability may affect service confidentiality. |
| Bypass vulnerability in the network search instruction authentication module
Impact: Successful exploitation of this vulnerability can bypass authentication and enable access to some network search functions. |
| Null pointer dereference vulnerability in the USB HDI driver module
Impact: Successful exploitation of this vulnerability may affect availability. |
| Impact varies for each individual vulnerability in the application. For generation of accounts, it may be possible, depending on the amount of system resources available, to create a DoS event in the server. These accounts still need to be activated; however, it is possible to identify the output Status Code to separate accounts that are generated and waiting for email verification. \n\nFor the sign in directories, it is possible to brute force login attempts to either login portal, which could lead to account compromise. |
| Untrusted Search Path vulnerability in LiteSpeed Technologies OpenLiteSpeed Web Server and LiteSpeed Web Server Container allows Privilege Escalation. This affects versions from 1.6.15 before 1.7.16.1.
|
| Directory Traversal vulnerability in LiteSpeed Technologies OpenLiteSpeed Web Server and LiteSpeed Web Server dashboards allows Path Traversal. This affects versions from 1.5.11 through 1.5.12, from 1.6.5 through 1.6.20.1, from 1.7.0 before 1.7.16.1 |
| Memory corruption while encoding JPEG format. |
| Memory corruption during concurrent buffer access due to modification of the reference count. |
| Memory corruption when blob structure is modified by user-space after kernel verification. |
| Memory corruption during concurrent access to server info object due to incorrect reference count update. |
| Memory corruption while handling schedule request in Camera Request Manager(CRM) due to invalid link count in the corresponding session. |
| An attacker can use the unrestricted LDAP queries to determine configuration entries |
| Memory corruption during concurrent SSR execution due to race condition on the global maps list. |
| Memory corruption due to improper bounds check while command handling in camera-kernel driver. |
| Memory corruption may occur during IO configuration processing when the IO port count is invalid. |
| Yordam Library Information Document Automation product before version 19.02 has an unauthenticated reflected XSS vulnerability. |
| Sourcecodester School Task Manager 1.0 allows SQL Injection via the 'subject' parameter. |
| Versions of the package svix before 1.17.0 are vulnerable to Authentication Bypass due to an issue in the verify function where signatures of different lengths are incorrectly compared. An attacker can bypass signature verification by providing a shorter signature that matches the beginning of the actual signature.
**Note:**
The attacker would need to know a victim uses the Rust library for verification,no easy way to automatically check that; and uses webhooks by a service that uses Svix, and then figure out a way to craft a malicious payload that will actually include all of the correct identifiers needed to trick the receivers to cause actual issues. |
