Lucene search
K

270 matches found

NVD
NVD
added 2025/01/02 3:15 p.m.7 views

CVE-2022-41995

Missing Authorization vulnerability in Galleryape Gallery Images Ape allows Exploiting Incorrectly Configured Access Control Security Levels.This issue affects Gallery Images Ape: from n/a through 2.2.8...

4.3CVSS0.00321EPSS
Exploits0References1
Vulnrichment
Vulnrichment
added 2025/01/02 2:51 p.m.7 views

CVE-2022-41995 WordPress Photo Gallery – Image Gallery by Ape Plugin <= 2.2.8 is vulnerable to Broken Access Control

Missing Authorization vulnerability in Galleryape Gallery Images Ape allows Exploiting Incorrectly Configured Access Control Security Levels.This issue affects Gallery Images Ape: from n/a through 2.2.8...

4.3CVSS4.7AI score0.00321EPSS
Exploits0References1
CNNVD
CNNVD
added 2025/01/02 12:0 a.m.5 views

WordPress plugin Gallery Images Ape 安全漏洞

WordPress and WordPress plugin are both products of the WordPress Foundation.WordPress is a blogging platform developed in the PHP language. The platform supports setting up personal blog sites on servers with PHP and MySQL.WordPress plugin is an application plugin. A security vulnerability exist...

4.3CVSS6.6AI score0.00321EPSS
Exploits0References1
Positive Technologies
Positive Technologies
added 2025/01/02 12:0 a.m.4 views

PT-2025-1366 · Unknown · Gallery Images Ape

Name of the Vulnerable Software and Affected Versions: Gallery Images Ape versions 2.2.8 and earlier Description: The issue is related to a Missing Authorization vulnerability in Galleryape Gallery Images Ape, which allows exploiting incorrectly configured access control security levels...

4.3CVSS6.9AI score0.00321EPSS
Exploits0References5
ICS
ICS
added 2024/07/09 12:0 a.m.71 views

Siemens RUGGEDCOM APE 1808

As of January 10, 2023, CISA will no longer be updating ICS security advisories for Siemens product vulnerabilities beyond the initial advisory. For the most up-to-date information on vulnerabilities in this advisory, please see Siemens' ProductCERT Security Advisories CERT Services | Services |...

7.8CVSS6.8AI score0.03469EPSS
Exploits1References10
vulnersOsv
vulnersOsv
added 2024/04/25 7:53 p.m.3 views

ape-dasy (=0.1.0) potentially affected by CVE-2024-32481 via vyper (=0.3.9)

vyper PYPI version =0.3.9 is affected by a known vulnerability. The following packages have a transitive dependency on vyper and may be impacted: - ape-dasy =0.1.0 Source cves: CVE-2024-32481 Source advisory: OSV:GHSA-PPX5-Q359-PVWJ...

5.3CVSS6AI score0.00791EPSS
Exploits1
vulnersOsv
vulnersOsv
added 2024/02/26 8:11 p.m.3 views

2vyper (=0.3.0), ape-dasy (=0.1.0) +28 more potentially affected by CVE-2024-24564 via vyper (>=0.1.0b12 <=0.3.9)

vyper PYPI version =0.1.0b12, =0.7.1, =0.1.0, =0.0.0, =0.0.0, =0.0.5, =0.1.0, =0.1.0, =0.7.2, =0.1.10.0, =1.0.1, =0.1.0, =1.4.0, =1.20.6 and more Source cves: CVE-2024-24564 Source advisory: OSV:GHSA-4HWQ-4CPM-8VMX...

5.3CVSS5.5AI score0.00561EPSS
Exploits1
vulnersOsv
vulnersOsv
added 2024/02/26 8:11 p.m.5 views

2vyper (=0.3.0), ape-dasy (=0.1.0) +28 more potentially affected by CVE-2024-26149 via vyper (>=0.1.0b12 <=0.3.9)

vyper PYPI version =0.1.0b12, =0.7.1, =0.1.0, =0.0.0, =0.0.0, =0.0.5, =0.1.0, =0.1.0, =0.7.2, =0.1.10.0, =1.0.1, =0.1.0, =1.4.0, =1.20.6 and more Source cves: CVE-2024-26149 Source advisory: OSV:GHSA-9P8R-4XP4-GW5W...

5.3CVSS5.8AI score0.00542EPSS
Exploits1
vulnersOsv
vulnersOsv
added 2024/01/19 4:19 p.m.5 views

ape-dasy (=0.1.0), ape-safe (=0.6.0) +21 more potentially affected by CVE-2024-22419 via vyper (>=0.3.0 <=0.3.9)

vyper PYPI version =0.3.0, =0.7.1, =0.5.0, =0.5.0, =0.2.0, =0.1.0, =0.7.2, =0.1.10.0, =1.0.1, =0.1.0, =1.17.0, =0.0.0, =2.1.6, =2.1.22 and more Source cves: CVE-2024-22419 Source advisory: OSV:GHSA-2Q8V-3GQQ-4F8P...

9.8CVSS7.2AI score0.0077EPSS
Exploits1
CNNVD
CNNVD
added 2023/12/22 12:0 a.m.6 views

MP3Gain Security Breach

MP3Gain is an audio volume control application. A security vulnerability exists in MP3Gain v1.6.2, which originated from allowing an attacker to cause a denial of service via the WriteMP3GainAPETag function...

7.5CVSS6.7AI score0.00681EPSS
Exploits1References2
Tenable Nessus
Tenable Nessus
added 2023/12/22 12:0 a.m.38 views

Siemens Industrial Products Uncontrolled Resource Consumption (CVE-2019-11478)

Multiple industrial products are affected by a vulnerability in the kernel known as TCP SACK PANIC. A remote attacker could cause a denial of service condition by sending specially crafted TCP Selective Acknowledgment SACK sequences to affected products. This plugin only works with Tenable.ot...

7.5CVSS6.7AI score0.94686EPSS
Exploits1References3
Tenable Nessus
Tenable Nessus
added 2023/12/22 12:0 a.m.29 views

Siemens Industrial Products Uncontrolled Resource Consumption (CVE-2019-11479)

Multiple industrial products are affected by a vulnerability in the kernel known as TCP SACK PANIC. An attacker with network access to affected products could cause a denial of service condition because of a vulnerability in the TCP retransmission queue implementation kernel when handling TCP...

7.5CVSS6.6AI score0.9166EPSS
Exploits1References3
Tenable Nessus
Tenable Nessus
added 2023/09/26 12:0 a.m.22 views

Siemens InsydeH2O Classic Buffer Overflow (CVE-2022-24350)

An issue was discovered in IhisiSmm in Insyde InsydeH2O with kernel 5.0 through 5.5. IHISI function 0x17 verifies that the output buffer lies within the command buffer but does not verify that output data does not go beyond the end of the command buffer. In particular, the GetFlashTable function ...

5.5CVSS6.2AI score0.00178EPSS
Exploits0References4
Tenable Nessus
Tenable Nessus
added 2023/09/26 12:0 a.m.24 views

Siemens InsydeH2O Improper Input Validation (CVE-2022-35896)

An issue SMM memory leak vulnerability in SMM driver SMRAM was discovered in Insyde InsydeH2O with kernel 5.0 through 5.5. An attacker can dump SMRAM contents via the software SMI provided by the FvbServicesRuntimeDxe driver to read the contents of SMRAM, leading to information disclosure. Insyde...

6CVSS6.2AI score0.00311EPSS
Exploits1References5
Tenable Nessus
Tenable Nessus
added 2023/09/26 12:0 a.m.20 views

Siemens InsydeH2O Time-of-check Time-of-use Race Condition (CVE-2022-32953)

An issue was discovered in Insyde InsydeH2O with kernel 5.0 through 5.5. DMA attacks on the SdHostDriver buffer used by SMM and non-SMM code could cause TOCTOU race-condition issues that could lead to corruption of SMRAM and escalation of privileges. This attack can be mitigated by using IOMMU...

7CVSS7.5AI score0.00132EPSS
Exploits0References4
Tenable Nessus
Tenable Nessus
added 2023/09/26 12:0 a.m.20 views

Siemens InsydeH2O Cleartext Storage of Sensitive Information (CVE-2023-31041)

An issue was discovered in SysPasswordDxe in Insyde InsydeH2O with kernel 5.0 through 5.5. System password information could optionally be stored in cleartext, which might lead to possible information disclosure. Insyde BIOS is typically used in RUGGEDCOM APE products and some SIMATIC devices...

7.5CVSS7.3AI score0.00305EPSS
Exploits0References3
Tenable Nessus
Tenable Nessus
added 2023/09/26 12:0 a.m.17 views

Siemens InsydeH2O Out-of-bounds Write (CVE-2022-24031)

An issue was discovered in NvmExpressDxe in Insyde InsydeH2O with kernel 5.1 through 5.5. An SMM memory corruption vulnerability allows an attacker to write fixed or predictable data to SMRAM. Exploiting this issue could lead to escalating privileges to SMM. Insyde BIOS is typically used in...

8.2CVSS7.8AI score0.00279EPSS
Exploits0References5
Tenable Nessus
Tenable Nessus
added 2023/09/26 12:0 a.m.22 views

Siemens InsydeH2O Improper Restriction of Operations within the Bounds of a Memory Buffer (CVE-2021-33625)

An issue was discovered in Kernel 5.x in Insyde InsydeH2O, affecting HddPassword. Software SMI services that use the Communicate function of the EFISMMCOMMUNICATIONPROTOCOL do not check whether the address of the buffer is valid, which allows use of SMRAM, MMIO, or OS kernel addresses. Insyde BIO...

7.5CVSS7.6AI score0.00314EPSS
Exploits0References5
Tenable Nessus
Tenable Nessus
added 2023/09/26 12:0 a.m.19 views

Siemens InsydeH2O Time-of-check Time-of-use Race Condition (CVE-2022-32474)

An issue was discovered in Insyde InsydeH2O with kernel 5.0 through 5.5. DMA attacks on the StorageSecurityCommandDxe shared buffer used by SMM and non-SMM code could cause TOCTOU race-condition issues that could lead to corruption of SMRAM and escalation of privileges. This attack can be mitigat...

7CVSS7.4AI score0.00132EPSS
Exploits0References3
Tenable Nessus
Tenable Nessus
added 2023/09/26 12:0 a.m.37 views

Siemens InsydeH2O Time-of-check Time-of-use Race Condition (CVE-2022-32477)

An issue was discovered in Insyde InsydeH2O with kernel 5.0 through 5.5. DMA attacks on the FvbServicesRuntimeDxe shared buffer used by SMM and non-SMM code could cause TOCTOU race-condition issues that could lead to corruption of SMRAM and escalation of privileges. This attack can be mitigated...

7CVSS7.6AI score0.00132EPSS
Exploits0References4
Rows per page
Query Builder