Themis Solutions, Inc. Security Vulnerabilities
In flashc, there is a possible system crash due to an uncaught exception. This could lead to local denial of service with System execution privileges needed. User interaction is not needed for exploitation. Patch ID: ALPS08541757; Issue ID:...
6.5AI Score
0.0004EPSS
In da, there is a possible information disclosure due to improper input validation. This could lead to local information disclosure with System execution privileges needed. User interaction is not needed for exploitation. Patch ID: ALPS08541632; Issue ID:...
6AI Score
0.0004EPSS
9.8CVSS
9.5AI Score
0.001EPSS
A vulnerability was discovered in the firmware builds after 8.0.2.3267 and prior to 8.1.3.1301 in CCX devices. A flaw in the firmware build process did not properly restrict access to a resource from an unauthorized...
6.6AI Score
0.0004EPSS
Memory corruption when IPC callback handle is used after it has been released during register callback by another...
6.7CVSS
7.5AI Score
0.0004EPSS
Potential vulnerabilities have been identified in certain HP Desktop PC products using the HP TamperLock feature, which might allow intrusion detection bypass via a physical attack. HP is releasing firmware and guidance to mitigate these potential...
6.9AI Score
0.0004EPSS
A link following vulnerability in Trend Micro Deep Security 20.x agents below build 20.0.1-3180 could allow a local attacker to escalate privileges on affected installations. Please note: an attacker must first obtain the ability to execute low-privileged code on the target system in order to...
7.8CVSS
7.1AI Score
0.0005EPSS
An OS command injection vulnerability exists in AE1021PE firmware version 2.0.9 and earlier and AE1021 firmware version 2.0.9 and earlier. If this vulnerability is exploited, an arbitrary OS command may be executed by an attacker who can log in to the...
A vulnerability was found in brandonfire miRNA_Database_by_PHP_MySql. It has been declared as critical. This vulnerability affects the function __construct/select_single_rna/count_rna of the file inc/model.php. The manipulation leads to sql injection. The patch is identified as...
9.8CVSS
6.9AI Score
0.002EPSS
RHEL 8 : kpatch-patch (RHSA-2024:3805)
The remote Redhat Enterprise Linux 8 host has packages installed that are affected by a vulnerability as referenced in the RHSA-2024:3805 advisory. This is a kernel live patch module which is automatically loaded by the RPM post-install script to modify the code of a running kernel. Security...
7.8CVSS
7.4AI Score
0.002EPSS
RHEL 8 : booth (RHSA-2024:3657)
The remote Redhat Enterprise Linux 8 host has packages installed that are affected by a vulnerability as referenced in the RHSA-2024:3657 advisory. The Booth cluster ticket manager is a component to bridge high availability clusters spanning multiple sites, in particular, to provide decision...
5.9CVSS
6.8AI Score
0.001EPSS
Directory traversal vulnerability in data/inc/theme.php in Pluck 4.3, when register_globals is enabled, allows remote attackers to read arbitrary local files via a .. (dot dot) in the file parameter. NOTE: CVE and a reliable third party dispute this vulnerability because the code uses a fixed...
6.7AI Score
0.007EPSS
A user with device administrative privileges can change existing SMTP server settings on the device, without having to re-enter SMTP server credentials. By redirecting send-to-email traffic to the new server, the original SMTP server credentials may potentially be...
6.8AI Score
0.0004EPSS
In flashc, there is a possible information disclosure due to an uncaught exception. This could lead to local information disclosure with System execution privileges needed. User interaction is not needed for exploitation. Patch ID: ALPS08541769; Issue ID:...
6AI Score
0.0004EPSS
In audio, there is a possible out of bounds read due to an incorrect calculation of buffer size. This could lead to local information disclosure with System execution privileges needed. User interaction is not needed for exploitation. Patch ID: ALPS08024748; Issue ID:...
6.1AI Score
0.0004EPSS
In battery, there is a possible out of bounds read due to an integer overflow. This could lead to local information disclosure with System execution privileges needed. User interaction is not needed for exploitation. Patch ID: ALPS08587865; Issue ID:...
5.9AI Score
0.0004EPSS
In da, there is a possible information disclosure due to improper input validation. This could lead to local information disclosure with System execution privileges needed. User interaction is not needed for exploitation. Patch ID: ALPS08541632; Issue ID:...
6AI Score
0.0004EPSS
Memory corruption when size of buffer from previous call is used without validation or...
8.4CVSS
7.3AI Score
0.001EPSS
MongoDB Compass may accept and use insufficiently validated input from an untrusted external source. This may cause unintended application behavior, including data disclosure and enabling attackers to impersonate users. This issue affects MongoDB Compass versions 1.35.0 to...
7.1CVSS
6.6AI Score
0.0004EPSS
Improper validation of certain metadata input may result in the server not correctly serialising BSON. This can be performed pre-authentication and may cause unexpected application behavior including unavailability of serverStatus responses. This issue affects MongoDB Server v7.0 versions prior to....
7.5CVSS
6.5AI Score
0.0004EPSS
5.9CVSS
7.1AI Score
0.0004EPSS
Transient DOS while processing IKEv2 Informational request messages, when a malformed fragment packet is...
7.5CVSS
6.9AI Score
0.0005EPSS
Transient DOS while processing DL NAS Transport message when message ID is not defined in the 3GPP...
7.5CVSS
6.8AI Score
0.0004EPSS
Memory corruption while loading a VM from a signed VM image that is not coherent in the processor...
8.4CVSS
7AI Score
0.001EPSS
The Thim Elementor Kit plugin for WordPress is vulnerable to Stored Cross-Site Scripting via the ‘id’ parameter in all versions up to, and including, 1.1.9 due to insufficient input sanitization and output escaping. This makes it possible for authenticated attackers, with contributor-level access.....
6.4CVSS
5.9AI Score
0.0004EPSS
Grafana folders admin only permission privilege escalation
Today we are releasing Grafana 9.1.6, 9.0.9, 8.5.13. This patch release includes a Moderate severity security fix for CVE-2022-36062 that affects Grafana instances which are using Grafana role-based access control (RBAC). Release 9.1.6, latest patch, also containing security fix: Download Grafana.....
7.6CVSS
4.4AI Score
0.001EPSS
Transient DOS while parsing GATT service data when the total amount of memory that is required by the multiple services is greater than the actual size of the services...
7.5CVSS
7.5AI Score
0.0004EPSS
In telephony, there is a possible information disclosure due to a missing permission check. This could lead to local information disclosure with no additional execution privileges needed. User interaction is not needed for exploitation. Patch ID: ALPS08698617; Issue ID:...
6AI Score
0.0004EPSS
In da, there is a possible out of bounds write due to a missing bounds check. This could lead to local escalation of privilege with System execution privileges needed. User interaction is not needed for exploitation. Patch ID: ALPS08541780; Issue ID:...
7AI Score
0.0004EPSS
In keyInstall, there is a possible out of bounds read due to a missing bounds check. This could lead to local information disclosure with System execution privileges needed. User interaction is not needed for exploitation. Patch ID: ALPS08580204; Issue ID:...
5.9AI Score
0.0004EPSS
In da, there is a possible escalation of privilege due to an incorrect status check. This could lead to local escalation of privilege with System execution privileges needed. User interaction is not needed for exploitation. Patch ID: ALPS08541749; Issue ID:...
6.9AI Score
0.0004EPSS
In imgsys, there is a possible information disclosure due to a missing bounds check. This could lead to local information disclosure with System execution privileges needed. User interaction is needed for exploitation Patch ID: ALPS08518692; Issue ID:...
6AI Score
0.0004EPSS
In da, there is a possible out of bounds read due to a missing bounds check. This could lead to local information disclosure with System execution privileges needed. User interaction is not needed for exploitation. Patch ID: ALPS08541746; Issue ID:...
5.9AI Score
0.0004EPSS
7.3CVSS
7.1AI Score
0.0005EPSS
Memory corruption when the channel ID passed by user is not validated and further...
7.8CVSS
7.1AI Score
0.0004EPSS
jQuery File Upload Plugin Unrestricted file upload vulnerability
Unrestricted file upload vulnerability in server/php/UploadHandler.php in the jQuery File Upload Plugin 6.4.4 for jQuery, as used in the Creative Solutions Creative Contact Form (formerly Sexy Contact Form) before 1.0.0 for WordPress and before 2.0.1 for Joomla!, allows remote attackers to execute....
9.8CVSS
8.4AI Score
0.931EPSS
In keyInstall, there is a possible out of bounds write due to a missing bounds check. This could lead to local escalation of privilege with System execution privileges needed. User interaction is not needed for exploitation. Patch ID: ALPS08583919; Issue ID:...
7AI Score
0.0004EPSS
In DA, there is a possible permission bypass due to an incorrect status check. This could lead to local escalation of privilege with no additional execution privileges needed. User interaction is not needed for exploitation. Patch ID: ALPS08355514; Issue ID:...
7AI Score
0.0004EPSS
Memory corruption while querying module parameters from Listen Sound model client in kernel from user...
6.7CVSS
6.9AI Score
0.0004EPSS
Transient DOS while processing SMS container of non-standard size received in DL NAS transport in...
7.5CVSS
6.8AI Score
0.0005EPSS
Reflected cross-site scripting (XSS) exists in Sandbox examples in the YUI2 repository. The download distributions, TreeView component and the YUI Javascript library overall are not affected. NOTE: This vulnerability only affects products that are no longer supported by the...
6.2AI Score
0.006EPSS
Reflected cross-site scripting (XSS) exists in Sandbox examples in the YUI2 repository. The download distributions, TreeView component and the YUI Javascript library overall are not affected. NOTE: This vulnerability only affects products that are no longer supported by the...
5.8AI Score
0.006EPSS
The Elementor Header & Footer Builder plugin for WordPress is vulnerable to Stored Cross-Site Scripting via the ‘hfe_svg_mime_types’ function in versions up to, and including, 1.6.28 due to insufficient input sanitization and output escaping. This makes it possible for authenticated attackers,...
6.4CVSS
5.9AI Score
0.001EPSS
RHEL 8 : kernel (RHSA-2020:2429)
The remote Redhat Enterprise Linux 8 host has packages installed that are affected by multiple vulnerabilities as referenced in the RHSA-2020:2429 advisory. The kernel packages contain the Linux kernel, the core of any Linux operating system. Security Fix(es): * Kernel: NetLabel: null pointer...
7.8CVSS
8AI Score
0.008EPSS
A cross-site scripting (XSS) vulnerability in Trend Micro InterScan Web Security Virtual Appliance (IWSVA) 6.5 could allow an attacker to escalate privileges on affected installations. Please note: an attacker must first obtain the ability to execute low-privileged code on the target system in...
5.4CVSS
6.1AI Score
0.0005EPSS
Trend Micro Security 17.x (Consumer) is vulnerable to a Privilege Escalation vulnerability that could allow a local attacker to unintentionally delete privileged Trend Micro files including its...
7.8CVSS
6.6AI Score
0.0005EPSS
RHEL 8 : pki-core (RHSA-2024:4164)
The remote Redhat Enterprise Linux 8 host has packages installed that are affected by a vulnerability as referenced in the RHSA-2024:4164 advisory. The Public Key Infrastructure (PKI) Core contains fundamental packages required by Red Hat Certificate System. Security Fix(es): * dogtag ca:...
7.5CVSS
7.7AI Score
0.0004EPSS
The remote host is missing one or more known mitigation(s) on Linux Kernel side for the...
5.6CVSS
6.8AI Score
0.001EPSS
Missing Linux Kernel mitigations for 'Spectre variant 1' hardware vulnerabilities
The remote host is missing one or more known mitigation(s) on Linux Kernel side for the...
5.6CVSS
6.9AI Score
0.976EPSS
Directory traversal vulnerability in data/inc/theme.php in Pluck 4.3, when register_globals is enabled, allows remote attackers to read arbitrary local files via a .. (dot dot) in the file parameter. NOTE: CVE and a reliable third party dispute this vulnerability because the code uses a fixed...
6.7AI Score
0.007EPSS