270 matches found
CVE-2022-41995
Missing Authorization vulnerability in Galleryape Gallery Images Ape allows Exploiting Incorrectly Configured Access Control Security Levels.This issue affects Gallery Images Ape: from n/a through 2.2.8...
CVE-2022-41995 WordPress Photo Gallery – Image Gallery by Ape Plugin <= 2.2.8 is vulnerable to Broken Access Control
Missing Authorization vulnerability in Galleryape Gallery Images Ape allows Exploiting Incorrectly Configured Access Control Security Levels.This issue affects Gallery Images Ape: from n/a through 2.2.8...
WordPress plugin Gallery Images Ape 安全漏洞
WordPress and WordPress plugin are both products of the WordPress Foundation.WordPress is a blogging platform developed in the PHP language. The platform supports setting up personal blog sites on servers with PHP and MySQL.WordPress plugin is an application plugin. A security vulnerability exist...
PT-2025-1366 · Unknown · Gallery Images Ape
Name of the Vulnerable Software and Affected Versions: Gallery Images Ape versions 2.2.8 and earlier Description: The issue is related to a Missing Authorization vulnerability in Galleryape Gallery Images Ape, which allows exploiting incorrectly configured access control security levels...
Siemens RUGGEDCOM APE 1808
As of January 10, 2023, CISA will no longer be updating ICS security advisories for Siemens product vulnerabilities beyond the initial advisory. For the most up-to-date information on vulnerabilities in this advisory, please see Siemens' ProductCERT Security Advisories CERT Services | Services |...
ape-dasy (=0.1.0) potentially affected by CVE-2024-32481 via vyper (=0.3.9)
vyper PYPI version =0.3.9 is affected by a known vulnerability. The following packages have a transitive dependency on vyper and may be impacted: - ape-dasy =0.1.0 Source cves: CVE-2024-32481 Source advisory: OSV:GHSA-PPX5-Q359-PVWJ...
2vyper (=0.3.0), ape-dasy (=0.1.0) +28 more potentially affected by CVE-2024-24564 via vyper (>=0.1.0b12 <=0.3.9)
vyper PYPI version =0.1.0b12, =0.7.1, =0.1.0, =0.0.0, =0.0.0, =0.0.5, =0.1.0, =0.1.0, =0.7.2, =0.1.10.0, =1.0.1, =0.1.0, =1.4.0, =1.20.6 and more Source cves: CVE-2024-24564 Source advisory: OSV:GHSA-4HWQ-4CPM-8VMX...
2vyper (=0.3.0), ape-dasy (=0.1.0) +28 more potentially affected by CVE-2024-26149 via vyper (>=0.1.0b12 <=0.3.9)
vyper PYPI version =0.1.0b12, =0.7.1, =0.1.0, =0.0.0, =0.0.0, =0.0.5, =0.1.0, =0.1.0, =0.7.2, =0.1.10.0, =1.0.1, =0.1.0, =1.4.0, =1.20.6 and more Source cves: CVE-2024-26149 Source advisory: OSV:GHSA-9P8R-4XP4-GW5W...
ape-dasy (=0.1.0), ape-safe (=0.6.0) +21 more potentially affected by CVE-2024-22419 via vyper (>=0.3.0 <=0.3.9)
vyper PYPI version =0.3.0, =0.7.1, =0.5.0, =0.5.0, =0.2.0, =0.1.0, =0.7.2, =0.1.10.0, =1.0.1, =0.1.0, =1.17.0, =0.0.0, =2.1.6, =2.1.22 and more Source cves: CVE-2024-22419 Source advisory: OSV:GHSA-2Q8V-3GQQ-4F8P...
MP3Gain Security Breach
MP3Gain is an audio volume control application. A security vulnerability exists in MP3Gain v1.6.2, which originated from allowing an attacker to cause a denial of service via the WriteMP3GainAPETag function...
Siemens Industrial Products Uncontrolled Resource Consumption (CVE-2019-11478)
Multiple industrial products are affected by a vulnerability in the kernel known as TCP SACK PANIC. A remote attacker could cause a denial of service condition by sending specially crafted TCP Selective Acknowledgment SACK sequences to affected products. This plugin only works with Tenable.ot...
Siemens Industrial Products Uncontrolled Resource Consumption (CVE-2019-11479)
Multiple industrial products are affected by a vulnerability in the kernel known as TCP SACK PANIC. An attacker with network access to affected products could cause a denial of service condition because of a vulnerability in the TCP retransmission queue implementation kernel when handling TCP...
Siemens InsydeH2O Classic Buffer Overflow (CVE-2022-24350)
An issue was discovered in IhisiSmm in Insyde InsydeH2O with kernel 5.0 through 5.5. IHISI function 0x17 verifies that the output buffer lies within the command buffer but does not verify that output data does not go beyond the end of the command buffer. In particular, the GetFlashTable function ...
Siemens InsydeH2O Improper Input Validation (CVE-2022-35896)
An issue SMM memory leak vulnerability in SMM driver SMRAM was discovered in Insyde InsydeH2O with kernel 5.0 through 5.5. An attacker can dump SMRAM contents via the software SMI provided by the FvbServicesRuntimeDxe driver to read the contents of SMRAM, leading to information disclosure. Insyde...
Siemens InsydeH2O Time-of-check Time-of-use Race Condition (CVE-2022-32953)
An issue was discovered in Insyde InsydeH2O with kernel 5.0 through 5.5. DMA attacks on the SdHostDriver buffer used by SMM and non-SMM code could cause TOCTOU race-condition issues that could lead to corruption of SMRAM and escalation of privileges. This attack can be mitigated by using IOMMU...
Siemens InsydeH2O Cleartext Storage of Sensitive Information (CVE-2023-31041)
An issue was discovered in SysPasswordDxe in Insyde InsydeH2O with kernel 5.0 through 5.5. System password information could optionally be stored in cleartext, which might lead to possible information disclosure. Insyde BIOS is typically used in RUGGEDCOM APE products and some SIMATIC devices...
Siemens InsydeH2O Out-of-bounds Write (CVE-2022-24031)
An issue was discovered in NvmExpressDxe in Insyde InsydeH2O with kernel 5.1 through 5.5. An SMM memory corruption vulnerability allows an attacker to write fixed or predictable data to SMRAM. Exploiting this issue could lead to escalating privileges to SMM. Insyde BIOS is typically used in...
Siemens InsydeH2O Improper Restriction of Operations within the Bounds of a Memory Buffer (CVE-2021-33625)
An issue was discovered in Kernel 5.x in Insyde InsydeH2O, affecting HddPassword. Software SMI services that use the Communicate function of the EFISMMCOMMUNICATIONPROTOCOL do not check whether the address of the buffer is valid, which allows use of SMRAM, MMIO, or OS kernel addresses. Insyde BIO...
Siemens InsydeH2O Time-of-check Time-of-use Race Condition (CVE-2022-32474)
An issue was discovered in Insyde InsydeH2O with kernel 5.0 through 5.5. DMA attacks on the StorageSecurityCommandDxe shared buffer used by SMM and non-SMM code could cause TOCTOU race-condition issues that could lead to corruption of SMRAM and escalation of privileges. This attack can be mitigat...
Siemens InsydeH2O Time-of-check Time-of-use Race Condition (CVE-2022-32477)
An issue was discovered in Insyde InsydeH2O with kernel 5.0 through 5.5. DMA attacks on the FvbServicesRuntimeDxe shared buffer used by SMM and non-SMM code could cause TOCTOU race-condition issues that could lead to corruption of SMRAM and escalation of privileges. This attack can be mitigated...