Assistant Security Vulnerabilities
Atos Unify OpenScape 4000 Assistant V10 R1 before V10 R1.42.0 and V10 R1.34.8 and Manager V10 R1 before V10 R1.42.0 and V10 R1.34.8 allow command injection by authenticated users, aka...
8.8CVSS
8.8AI Score
0.001EPSS
A vulnerability classified as critical was found in KylinSoft youker-assistant on KylinOS. Affected by this vulnerability is the function delete_file in the library dbus.SystemBus of the component Arbitrary File Handler. The manipulation leads to improper access controls. It is possible to launch.....
7.1CVSS
6.9AI Score
0.0004EPSS
A vulnerability classified as critical has been found in KylinSoft youker-assistant on KylinOS. Affected is the function restore_all_sound_file. The manipulation leads to path traversal: '../filedir'. Attacking locally is a requirement. The exploit has been disclosed to the public and may be used.....
7.8CVSS
7.6AI Score
0.0004EPSS
Improper authorization in the Intel(R) EMA software before version 1.9.0.0 may allow an authenticated user to potentially enable denial of service via local...
5.5CVSS
5.3AI Score
0.0004EPSS
Improper authorization in Intel(R) EMA Configuration Tool before version 1.0.4 and Intel(R) MC before version 2.4 software may allow an authenticated user to potentially enable denial of service via local...
5.5CVSS
5.3AI Score
0.0004EPSS
Improper Neutralization of Special Elements used in an SQL Command ('SQL Injection') vulnerability in Veragroup Mobile Assistant allows SQL Injection.This issue affects Mobile Assistant: before...
9.8CVSS
9.7AI Score
0.001EPSS
A vulnerability classified as critical was found in KylinSoft youker-assistant on KylinOS. Affected by this vulnerability is the function adjust_cpufreq_scaling_governer. The manipulation leads to os command injection. It is possible to launch the attack on the local host. The exploit has been...
7.8CVSS
8AI Score
0.001EPSS
homeassistant is an open source home automation tool. A remotely exploitable vulnerability bypassing authentication for accessing the Supervisor API through Home Assistant has been discovered. This impacts all Home Assistant installation types that use the Supervisor 2023.01.1 or older....
10CVSS
9.4AI Score
0.034EPSS
The Media Library Assistant WordPress plugin before 3.06 does not properly sanitise and escape a parameter before using it in a SQL statement, leading to a SQL injection exploitable by high privilege users such as...
7.2CVSS
7.3AI Score
0.001EPSS
Improper neutralization in the Intel(R) EMA software before version 1.8.1.0 may allow a privileged user to potentially enable escalation of privilege via network...
5.3CVSS
5.6AI Score
0.0004EPSS
Description: Race condition in the Intel(R) DSA software before version 22.4.26 may allow an authenticated user to potentially enable escalation of privilege via local...
7.5CVSS
7AI Score
0.0004EPSS
Protection mechanism failure in the Intel(R) DSA software before version 22.4.26 may allow an authenticated user to potentially enable escalation of privilege via local...
7.8CVSS
7.7AI Score
0.0004EPSS
Untrusted search path vulnerability in ELECOM Camera Assistant 1.00 and QuickFileDealer Ver.1.2.1 and earlier allows an attacker to gain privileges via a Trojan horse DLL in an unspecified...
7.8CVSS
7.7AI Score
0.001EPSS
Potential security vulnerabilities have been identified in HP Support Assistant. These vulnerabilities include privilege escalation, compromise of integrity, allowed communication with untrusted clients, and unauthorized modification of...
7.8CVSS
7.9AI Score
0.0004EPSS
Potential security vulnerabilities have been identified in HP Support Assistant. These vulnerabilities include privilege escalation, compromise of integrity, allowed communication with untrusted clients, and unauthorized modification of...
7.8CVSS
7.9AI Score
0.0004EPSS
Potential security vulnerabilities have been identified in HP Support Assistant. These vulnerabilities include privilege escalation, compromise of integrity, allowed communication with untrusted clients, and unauthorized modification of...
7.8CVSS
7.9AI Score
0.0004EPSS
A command injection vulnerability has been identified in Atos Unify OpenScape 4000 Assistant and Unify OpenScape 4000 Manager (8 before R2.22.18, 10 before 0.28.13, and 10 R1 before R1.34.4) that may allow an unauthenticated attacker to upload arbitrary files and achieve administrative access to...
9.8CVSS
9.7AI Score
0.001EPSS
HP Support Assistant uses HP Performance Tune-up as a diagnostic tool. HP Support Assistant uses Fusion to launch HP Performance Tune-up. It is possible for an attacker to exploit the DLL hijacking vulnerability and elevate privileges when Fusion launches the HP Performance...
7.8CVSS
7.5AI Score
0.001EPSS
Unauthenticated Error Log Disclosure vulnerability in Media Library Assistant plugin <= 3.00 on...
5.3CVSS
5.2AI Score
0.001EPSS
Cross-site scripting in the Intel(R) EMA software before version 1.8.0 may allow a privileged user to potentially enable escalation of privilege via local...
7.8CVSS
7.4AI Score
0.0004EPSS
Insufficiently protected credentials in software in Intel(R) AMT SDK before version 16.0.4.1, Intel(R) EMA before version 1.7.1 and Intel(R) MC before version 2.3.2 may allow an authenticated user to potentially enable escalation of privilege via network...
8.8CVSS
8.8AI Score
0.001EPSS
Trolltech Qt Assistant 1.0 in Trolltech Qt 3.0.3, when loaded from the Designer, opens port 7358 for interprocess communication, which allows remote attackers to open arbitrary HTML pages and cause a denial of...
7AI Score
0.007EPSS
The WIL-A module in Cisco TelePresence VX Clinical Assistant 1.2 before 1.21 changes the admin password to an empty password upon a reboot, which makes it easier for remote attackers to obtain access via the administrative interface, aka Bug ID...
6.9AI Score
0.003EPSS
Improper access control in the Intel(R) DSA software for before version 22.2.14 may allow an authenticated user to potentially enable escalation of privilege via adjacent...
8CVSS
8AI Score
0.0004EPSS
IBM Engineering Requirements Quality Assistant On-Premises (All versions) is vulnerable to cross-site scripting. This vulnerability allows users to embed arbitrary JavaScript code in the Web UI thus altering the intended functionality potentially leading to credentials disclosure within a trusted.....
5.4CVSS
5.2AI Score
0.001EPSS
IBM Engineering Requirements Quality Assistant On-Premises (All versions) could allow an authenticated user to obtain sensitive information due to improper client side validation. IBM X-Force ID:...
6.5CVSS
6AI Score
0.001EPSS
IBM Engineering Requirements Quality Assistant On-Premises (All versions) is vulnerable to cross-site scripting. This vulnerability allows users to embed arbitrary JavaScript code in the Web UI thus altering the intended functionality potentially leading to credentials disclosure within a trusted.....
5.4CVSS
5.2AI Score
0.001EPSS
IBM Engineering Requirements Quality Assistant On-Premises (All versions) is vulnerable to cross-site request forgery which could allow an attacker to execute malicious and unauthorized actions transmitted from a user that the website trusts. IBM X-Force Id:...
6.5CVSS
6.4AI Score
0.001EPSS
The lyubolp/Barry-Voice-Assistant repository through 2021-01-18 on GitHub allows absolute path traversal because the Flask send_file function is used...
9.3CVSS
9.3AI Score
0.002EPSS
Due to improper error handling an authenticated user can crash CLA assistant instance. This could impact the availability of the...
6.5CVSS
6.3AI Score
0.001EPSS
7.8CVSS
7.9AI Score
0.005EPSS
A Spring MVC or Spring WebFlux application running on JDK 9+ may be vulnerable to remote code execution (RCE) via data binding. The specific exploit requires the application to run on Tomcat as a WAR deployment. If the application is deployed as a Spring Boot executable jar, i.e. the default, it...
IBM Engineering Requirements Quality Assistant prior to 3.1.3 could allow an authenticated user to cause a denial of service. IBM X-Force ID:...
6.5CVSS
6.4AI Score
0.001EPSS
An information leak in Nabu Casa Home Assistant Operating System and Home Assistant Supervised 2022.03 allows a DNS operator to gain knowledge about internal network resources via the hardcoded DNS resolver...
7.5CVSS
7.4AI Score
0.003EPSS
Potential security vulnerabilities including compromise of integrity, and allowed communication with untrusted clients has been identified in HP Support Assistant...
7.8CVSS
7.8AI Score
0.001EPSS
Potential security vulnerabilities including compromise of integrity, and allowed communication with untrusted clients has been identified in HP Support Assistant...
5.5CVSS
5.7AI Score
0.001EPSS
Potential security vulnerabilities including compromise of integrity, and allowed communication with untrusted clients has been identified in HP Support Assistant...
7.8CVSS
7.8AI Score
0.001EPSS
Potential security vulnerabilities including compromise of integrity, and allowed communication with untrusted clients has been identified in HP Support Assistant...
7.8CVSS
7.8AI Score
0.001EPSS
Potential security vulnerabilities including compromise of integrity, and allowed communication with untrusted clients has been identified in HP Support Assistant...
7.8CVSS
7.8AI Score
0.001EPSS
Potential security vulnerabilities including compromise of integrity, and allowed communication with untrusted clients has been identified in HP Support Assistant...
7.8CVSS
7.8AI Score
0.001EPSS
Potential arbitrary file deletion vulnerability has been identified in HP Support Assistant...
5.5CVSS
5.5AI Score
0.0004EPSS
Improper access control vulnerability in S Assistant prior to version 7.5 allows attacker to remotely get senstive...
5.3CVSS
5.3AI Score
0.001EPSS
UiPath Assistant 21.4.4 will load and execute attacker controlled data from the file path supplied to the --dev-widget argument of the URI handler for uipath-assistant://. This allows an attacker to execute code on a victim's machine or capture NTLM credentials by supplying a networked or WebDAV...
9.8CVSS
9.6AI Score
0.003EPSS
An issue was discovered in UiPath Assistant 21.4.4. User-controlled data supplied to the --process-start argument of the URI handler for uipath-assistant:// is not correctly encoded, resulting in attacker-controlled content being injected into the error message displayed (when the injected content....
9.8CVSS
9.4AI Score
0.002EPSS
5.5CVSS
5.7AI Score
0.0004EPSS
5CVSS
5.4AI Score
0.0004EPSS
Improper input validation for Intel(R) EMA before version 1.5.0 may allow an unauthenticated user to potentially enable denial of service via network...
7.5CVSS
7.5AI Score
0.001EPSS
IBM Jazz Team Server products is vulnerable to server-side request forgery (SSRF). This may allow an authenticated attacker to send unauthorized requests from the system, potentially leading to network enumeration or facilitating other...
8.8CVSS
8.7AI Score
0.001EPSS
7.3CVSS
7.3AI Score
0.001EPSS
IBM Jazz Foundation products are vulnerable to server side request forgery (SSRF). This may allow an authenticated attacker to send unauthorized requests from the system, potentially leading to network enumeration or facilitating other attacks. IBM X-Force ID:...
6.3CVSS
6.3AI Score
0.001EPSS