Lucene search

K

Assistant Security Vulnerabilities

cve
cve

CVE-2023-35032

Atos Unify OpenScape 4000 Assistant V10 R1 before V10 R1.42.0 and V10 R1.34.8 and Manager V10 R1 before V10 R1.42.0 and V10 R1.34.8 allow command injection by authenticated users, aka...

8.8CVSS

8.8AI Score

0.001EPSS

2023-06-12 02:15 AM
15
cve
cve

CVE-2023-3099

A vulnerability classified as critical was found in KylinSoft youker-assistant on KylinOS. Affected by this vulnerability is the function delete_file in the library dbus.SystemBus of the component Arbitrary File Handler. The manipulation leads to improper access controls. It is possible to launch.....

7.1CVSS

6.9AI Score

0.0004EPSS

2023-06-05 07:15 AM
18
cve
cve

CVE-2023-3098

A vulnerability classified as critical has been found in KylinSoft youker-assistant on KylinOS. Affected is the function restore_all_sound_file. The manipulation leads to path traversal: '../filedir'. Attacking locally is a requirement. The exploit has been disclosed to the public and may be used.....

7.8CVSS

7.6AI Score

0.0004EPSS

2023-06-05 07:15 AM
20
cve
cve

CVE-2022-45128

Improper authorization in the Intel(R) EMA software before version 1.9.0.0 may allow an authenticated user to potentially enable denial of service via local...

5.5CVSS

5.3AI Score

0.0004EPSS

2023-05-10 02:15 PM
14
cve
cve

CVE-2022-41610

Improper authorization in Intel(R) EMA Configuration Tool before version 1.0.4 and Intel(R) MC before version 2.4 software may allow an authenticated user to potentially enable denial of service via local...

5.5CVSS

5.3AI Score

0.0004EPSS

2023-05-10 02:15 PM
17
cve
cve

CVE-2023-1723

Improper Neutralization of Special Elements used in an SQL Command ('SQL Injection') vulnerability in Veragroup Mobile Assistant allows SQL Injection.This issue affects Mobile Assistant: before...

9.8CVSS

9.7AI Score

0.001EPSS

2023-04-17 12:15 PM
15
cve
cve

CVE-2023-2091

A vulnerability classified as critical was found in KylinSoft youker-assistant on KylinOS. Affected by this vulnerability is the function adjust_cpufreq_scaling_governer. The manipulation leads to os command injection. It is possible to launch the attack on the local host. The exploit has been...

7.8CVSS

8AI Score

0.001EPSS

2023-04-15 09:15 AM
22
cve
cve

CVE-2023-27482

homeassistant is an open source home automation tool. A remotely exploitable vulnerability bypassing authentication for accessing the Supervisor API through Home Assistant has been discovered. This impacts all Home Assistant installation types that use the Supervisor 2023.01.1 or older....

10CVSS

9.4AI Score

0.034EPSS

2023-03-08 06:15 PM
30
cve
cve

CVE-2023-0279

The Media Library Assistant WordPress plugin before 3.06 does not properly sanitise and escape a parameter before using it in a SQL statement, leading to a SQL injection exploitable by high privilege users such as...

7.2CVSS

7.3AI Score

0.001EPSS

2023-02-27 04:15 PM
41
cve
cve

CVE-2022-38056

Improper neutralization in the Intel(R) EMA software before version 1.8.1.0 may allow a privileged user to potentially enable escalation of privilege via network...

5.3CVSS

5.6AI Score

0.0004EPSS

2023-02-16 09:15 PM
18
cve
cve

CVE-2022-32764

Description: Race condition in the Intel(R) DSA software before version 22.4.26 may allow an authenticated user to potentially enable escalation of privilege via local...

7.5CVSS

7AI Score

0.0004EPSS

2023-02-16 08:15 PM
22
cve
cve

CVE-2022-30530

Protection mechanism failure in the Intel(R) DSA software before version 22.4.26 may allow an authenticated user to potentially enable escalation of privilege via local...

7.8CVSS

7.7AI Score

0.0004EPSS

2023-02-16 08:15 PM
27
cve
cve

CVE-2023-22368

Untrusted search path vulnerability in ELECOM Camera Assistant 1.00 and QuickFileDealer Ver.1.2.1 and earlier allows an attacker to gain privileges via a Trojan horse DLL in an unspecified...

7.8CVSS

7.7AI Score

0.001EPSS

2023-02-15 01:15 AM
21
cve
cve

CVE-2022-23455

Potential security vulnerabilities have been identified in HP Support Assistant. These vulnerabilities include privilege escalation, compromise of integrity, allowed communication with untrusted clients, and unauthorized modification of...

7.8CVSS

7.9AI Score

0.0004EPSS

2023-02-01 07:15 AM
36
cve
cve

CVE-2022-23454

Potential security vulnerabilities have been identified in HP Support Assistant. These vulnerabilities include privilege escalation, compromise of integrity, allowed communication with untrusted clients, and unauthorized modification of...

7.8CVSS

7.9AI Score

0.0004EPSS

2023-02-01 07:15 AM
62
cve
cve

CVE-2022-23453

Potential security vulnerabilities have been identified in HP Support Assistant. These vulnerabilities include privilege escalation, compromise of integrity, allowed communication with untrusted clients, and unauthorized modification of...

7.8CVSS

7.9AI Score

0.0004EPSS

2023-02-01 07:15 AM
43
cve
cve

CVE-2022-46404

A command injection vulnerability has been identified in Atos Unify OpenScape 4000 Assistant and Unify OpenScape 4000 Manager (8 before R2.22.18, 10 before 0.28.13, and 10 R1 before R1.34.4) that may allow an unauthenticated attacker to upload arbitrary files and achieve administrative access to...

9.8CVSS

9.7AI Score

0.001EPSS

2022-12-13 09:15 PM
41
cve
cve

CVE-2022-38395

HP Support Assistant uses HP Performance Tune-up as a diagnostic tool. HP Support Assistant uses Fusion to launch HP Performance Tune-up. It is possible for an attacker to exploit the DLL hijacking vulnerability and elevate privileges when Fusion launches the HP Performance...

7.8CVSS

7.5AI Score

0.001EPSS

2022-12-12 01:15 PM
33
cve
cve

CVE-2022-41618

Unauthenticated Error Log Disclosure vulnerability in Media Library Assistant plugin <= 3.00 on...

5.3CVSS

5.2AI Score

0.001EPSS

2022-11-18 11:15 PM
40
6
cve
cve

CVE-2022-30297

Cross-site scripting in the Intel(R) EMA software before version 1.8.0 may allow a privileged user to potentially enable escalation of privilege via local...

7.8CVSS

7.4AI Score

0.0004EPSS

2022-11-11 04:15 PM
25
5
cve
cve

CVE-2022-26341

Insufficiently protected credentials in software in Intel(R) AMT SDK before version 16.0.4.1, Intel(R) EMA before version 1.7.1 and Intel(R) MC before version 2.3.2 may allow an authenticated user to potentially enable escalation of privilege via network...

8.8CVSS

8.8AI Score

0.001EPSS

2022-11-11 04:15 PM
35
7
cve
cve

CVE-2002-1883

Trolltech Qt Assistant 1.0 in Trolltech Qt 3.0.3, when loaded from the Designer, opens port 7358 for interprocess communication, which allows remote attackers to open arbitrary HTML pages and cause a denial of...

7AI Score

0.007EPSS

2022-10-03 04:23 PM
24
cve
cve

CVE-2013-5558

The WIL-A module in Cisco TelePresence VX Clinical Assistant 1.2 before 1.21 changes the admin password to an empty password upon a reboot, which makes it easier for remote attackers to obtain access via the administrative interface, aka Bug ID...

6.9AI Score

0.003EPSS

2022-10-03 04:14 PM
22
cve
cve

CVE-2022-26017

Improper access control in the Intel(R) DSA software for before version 22.2.14 may allow an authenticated user to potentially enable escalation of privilege via adjacent...

8CVSS

8AI Score

0.0004EPSS

2022-08-18 08:15 PM
35
5
cve
cve

CVE-2021-29788

IBM Engineering Requirements Quality Assistant On-Premises (All versions) is vulnerable to cross-site scripting. This vulnerability allows users to embed arbitrary JavaScript code in the Web UI thus altering the intended functionality potentially leading to credentials disclosure within a trusted.....

5.4CVSS

5.2AI Score

0.001EPSS

2022-07-18 06:15 PM
46
4
cve
cve

CVE-2021-29799

IBM Engineering Requirements Quality Assistant On-Premises (All versions) could allow an authenticated user to obtain sensitive information due to improper client side validation. IBM X-Force ID:...

6.5CVSS

6AI Score

0.001EPSS

2022-07-18 06:15 PM
37
4
cve
cve

CVE-2021-29790

IBM Engineering Requirements Quality Assistant On-Premises (All versions) is vulnerable to cross-site scripting. This vulnerability allows users to embed arbitrary JavaScript code in the Web UI thus altering the intended functionality potentially leading to credentials disclosure within a trusted.....

5.4CVSS

5.2AI Score

0.001EPSS

2022-07-18 06:15 PM
34
4
cve
cve

CVE-2021-38868

IBM Engineering Requirements Quality Assistant On-Premises (All versions) is vulnerable to cross-site request forgery which could allow an attacker to execute malicious and unauthorized actions transmitted from a user that the website trusts. IBM X-Force Id:...

6.5CVSS

6.4AI Score

0.001EPSS

2022-07-18 06:15 PM
40
4
cve
cve

CVE-2022-31541

The lyubolp/Barry-Voice-Assistant repository through 2021-01-18 on GitHub allows absolute path traversal because the Flask send_file function is used...

9.3CVSS

9.3AI Score

0.002EPSS

2022-07-11 01:15 AM
39
5
cve
cve

CVE-2022-29617

Due to improper error handling an authenticated user can crash CLA assistant instance. This could impact the availability of the...

6.5CVSS

6.3AI Score

0.001EPSS

2022-06-06 08:15 PM
50
6
cve
cve

CVE-2022-24543

Windows Upgrade Assistant Remote Code Execution...

7.8CVSS

7.9AI Score

0.005EPSS

2022-04-15 07:15 PM
128
cve
cve

CVE-2022-22965

A Spring MVC or Spring WebFlux application running on JDK 9+ may be vulnerable to remote code execution (RCE) via data binding. The specific exploit requires the application to run on Tomcat as a WAR deployment. If the application is deployed as a Spring Boot executable jar, i.e. the default, it...

9.8CVSS

8.7AI Score

0.975EPSS

2022-04-01 11:15 PM
1744
In Wild
5
cve
cve

CVE-2021-29899

IBM Engineering Requirements Quality Assistant prior to 3.1.3 could allow an authenticated user to cause a denial of service. IBM X-Force ID:...

6.5CVSS

6.4AI Score

0.001EPSS

2022-03-18 04:15 PM
55
cve
cve

CVE-2020-36517

An information leak in Nabu Casa Home Assistant Operating System and Home Assistant Supervised 2022.03 allows a DNS operator to gain knowledge about internal network resources via the hardcoded DNS resolver...

7.5CVSS

7.4AI Score

0.003EPSS

2022-03-10 05:41 PM
28
cve
cve

CVE-2020-6922

Potential security vulnerabilities including compromise of integrity, and allowed communication with untrusted clients has been identified in HP Support Assistant...

7.8CVSS

7.8AI Score

0.001EPSS

2022-02-16 05:15 PM
35
2
cve
cve

CVE-2020-6920

Potential security vulnerabilities including compromise of integrity, and allowed communication with untrusted clients has been identified in HP Support Assistant...

5.5CVSS

5.7AI Score

0.001EPSS

2022-02-16 05:15 PM
37
2
cve
cve

CVE-2020-6919

Potential security vulnerabilities including compromise of integrity, and allowed communication with untrusted clients has been identified in HP Support Assistant...

7.8CVSS

7.8AI Score

0.001EPSS

2022-02-16 05:15 PM
37
2
cve
cve

CVE-2020-6921

Potential security vulnerabilities including compromise of integrity, and allowed communication with untrusted clients has been identified in HP Support Assistant...

7.8CVSS

7.8AI Score

0.001EPSS

2022-02-16 05:15 PM
35
2
cve
cve

CVE-2020-6918

Potential security vulnerabilities including compromise of integrity, and allowed communication with untrusted clients has been identified in HP Support Assistant...

7.8CVSS

7.8AI Score

0.001EPSS

2022-02-16 05:15 PM
35
2
cve
cve

CVE-2020-6917

Potential security vulnerabilities including compromise of integrity, and allowed communication with untrusted clients has been identified in HP Support Assistant...

7.8CVSS

7.8AI Score

0.001EPSS

2022-02-16 05:15 PM
36
2
cve
cve

CVE-2022-23456

Potential arbitrary file deletion vulnerability has been identified in HP Support Assistant...

5.5CVSS

5.5AI Score

0.0004EPSS

2022-01-28 08:15 PM
62
cve
cve

CVE-2022-22289

Improper access control vulnerability in S Assistant prior to version 7.5 allows attacker to remotely get senstive...

5.3CVSS

5.3AI Score

0.001EPSS

2022-01-10 02:12 PM
42
cve
cve

CVE-2021-44041

UiPath Assistant 21.4.4 will load and execute attacker controlled data from the file path supplied to the --dev-widget argument of the URI handler for uipath-assistant://. This allows an attacker to execute code on a victim's machine or capture NTLM credentials by supplying a networked or WebDAV...

9.8CVSS

9.6AI Score

0.003EPSS

2021-12-14 06:15 PM
29
cve
cve

CVE-2021-44042

An issue was discovered in UiPath Assistant 21.4.4. User-controlled data supplied to the --process-start argument of the URI handler for uipath-assistant:// is not correctly encoded, resulting in attacker-controlled content being injected into the error message displayed (when the injected content....

9.8CVSS

9.4AI Score

0.002EPSS

2021-12-14 06:15 PM
22
cve
cve

CVE-2021-43211

Windows 10 Update Assistant Elevation of Privilege...

5.5CVSS

5.7AI Score

0.0004EPSS

2021-11-24 01:15 AM
27
cve
cve

CVE-2021-42297

Windows 10 Update Assistant Elevation of Privilege...

5CVSS

5.4AI Score

0.0004EPSS

2021-11-24 01:15 AM
31
cve
cve

CVE-2021-0013

Improper input validation for Intel(R) EMA before version 1.5.0 may allow an unauthenticated user to potentially enable denial of service via network...

7.5CVSS

7.5AI Score

0.001EPSS

2021-11-17 08:15 PM
18
cve
cve

CVE-2021-29844

IBM Jazz Team Server products is vulnerable to server-side request forgery (SSRF). This may allow an authenticated attacker to send unauthorized requests from the system, potentially leading to network enumeration or facilitating other...

8.8CVSS

8.7AI Score

0.001EPSS

2021-10-27 04:15 PM
24
cve
cve

CVE-2021-36945

Windows 10 Update Assistant Elevation of Privilege...

7.3CVSS

7.3AI Score

0.001EPSS

2021-08-12 06:15 PM
78
cve
cve

CVE-2020-4974

IBM Jazz Foundation products are vulnerable to server side request forgery (SSRF). This may allow an authenticated attacker to send unauthorized requests from the system, potentially leading to network enumeration or facilitating other attacks. IBM X-Force ID:...

6.3CVSS

6.3AI Score

0.001EPSS

2021-07-28 01:15 PM
21
4
Total number of security vulnerabilities189