19 matches found
CVE-2019-20521
ERPNext 11.1.47 allows reflected XSS via the PATHINFO to the api/ URI...
CVE-2020-20521
Cross Site Scripting vulnerability found in KiteCMS v.1.1 allows a remote attacker to execute arbitrary code via the comment parameter...
CVE-2022-20521
creationtimestamp| type| source ---|---|--- 2025-04-23 20:04:42+00:00| seen| https://t.me/DarkWebInformerCVEAlerts/13133...
SUSE-SU-2024:2376-1 Security update for kernel-firmware
This update for kernel-firmware fixes the following issues: Update AMD ucode to 20231030 bsc1215831: - CVE-2022-23820: Failure to validate the AMD SMM communication buffer may allow an attacker to corrupt the SMRAM potentially leading to arbitrary code execution. - CVE-2021-46774: Insufficient...
CVE-2023-20521
creationtimestamp| type| source ---|---|--- 2024-02-13 21:31:42+00:00| seen| https://t.me/ctinow/184224...
SUSE: Security Advisory (SUSE-SU-2023:4665-1)
The remote host is missing an update for the SPDX-FileCopyrightText: 2023 Greenbone AG Some text descriptions might be excerpted from a referenced sources, and are Copyright C by the respective right holders. SPDX-License-Identifier: GPL-2.0-only ifdescription...
SUSE: Security Advisory (SUSE-SU-2023:4654-1)
The remote host is missing an update for the SPDX-FileCopyrightText: 2023 Greenbone AG Some text descriptions might be excerpted from a referenced sources, and are Copyright C by the respective right holders. SPDX-License-Identifier: GPL-2.0-only ifdescription...
CVE-2023-20521
TOCTOU in the ASP Bootloader may allow an attacker with physical access to tamper with SPI ROM records after memory content verification, potentially leading to loss of confidentiality or a denial of service...
CVE-2023-20521
CVE-2023-20521 describes a TOCTOU flaw in the AMD ASP Bootloader that could let an attacker with physical access tamper SPI ROM records after memory verification, risking confidentiality loss and potential DoS. Connected sources (SUSE kernel-firmware updates and AMD/SUSe advisories) confirm this ...
AMD Server Vulnerabilities – Nov 2023
Bulletin ID: AMD-SB-3002 Potential Impact: Varies by CVE, see descriptions below Severity: Varies by CVE, see descriptions below Summary Potential vulnerabilities in the AMD Secure Processor ASP, AMD System Management Unit SMU, AMD Secure Encrypted Virtualization SEV, AMD Secure Encrypted...
CVE-2020-20521
Cross Site Scripting vulnerability found in KiteCMS v.1.1 allows a remote attacker to execute arbitrary code via the comment parameter...
CVE-2020-20521
Cross Site Scripting vulnerability found in KiteCMS v.1.1 allows a remote attacker to execute arbitrary code via the comment parameter...
CVE-2020-20521
Cross Site Scripting vulnerability found in KiteCMS v.1.1 allows a remote attacker to execute arbitrary code via the comment parameter...
CVE-2020-20521
CVE-2020-20521 is a Cross Site Scripting vulnerability in KiteCMS v1.1 that enables a remote attacker to execute arbitrary code via the comment parameter. The CVSS v3.1 base score is 6.1 (Medium); attack vector Network, user interaction Required, with a Changed scope and Confidentiality/Integrity...
CVE-2022-20521
In sdpufindmostspecificserviceuuid of sdputils.cc, there is a possible way to crash Bluetooth due to a missing null check. This could lead to local denial of service with no additional execution privileges needed. User interaction is needed for exploitation.Product: AndroidVersions:...
CVE-2022-20521
CVE-2022-20521 concerns a Bluetooth DoS in Android 13 caused by a missing null check in sdpu_find_most_specific_service_uuid (sdp_utils.cc). The vulnerability can crash Bluetooth, leading to local denial of service with no additional privileges required; exploitation requires user interaction. Do...
CVE-2019-20521
ERPNext 11.1.47 allows reflected XSS via the PATHINFO to the api/ URI...
CVE-2019-20521
ERPNext 11.1.47 allows reflected XSS via the PATHINFO to the api/ URI...
CVE-2019-20521
CVE-2019-20521 affects ERPNext 11.1.47, where a reflected XSS vulnerability can be triggered via PATH_INFO to the api/ URI. The connected documents confirm the existence of this reflected XSS issue and its target product/version, but do not provide concrete exploitation details, specific vulnerab...