An attacker can leverage this vulnerability to execute code in the context of root. This issue appears to have been corrected in version 18.08.1. On successful exploitation an attacker can steal authentication information of the user, such as data relating to his or her current session and limitedly impact confidentiality and integrity of the application, leading to Reflected Cross Site Scripting. An unauthenticated, remote attacker could craft malformed packets with specific parameters and send the packets to the affected products. This vulnerability affected SonicOS Gen 5 version 18.104.22.168, 22.214.171.124, Gen 6 version 126.96.36.199, 188.8.131.52, 184.108.40.206, SonicOSv 6.5.4.v and Gen 7 version SonicOS 220.127.116.11. PHP error logs are stored in an open directory (/include/logs) using predictable file names, which can lead to full path disclosure and leakage of sensitive data. A remote attacker may be able to cause a denial of service. WordPress version <4.9 contains a CWE-20 Input Validation vulnerability in thumbnail processing that can result in remote code execution. WUZHI CMS 4.1.0 has XSS via the index.php?m=link&f=index&v=add form[remark] parameter. This vulnerability appears to have been fixed in 1.14. The diagnostics web interface in the Yeahlink Ultra-elegant IP Phone SIP-T41P (firmware 18.104.22.168) does not validate (escape) the path information (path traversal), which allows an authenticated remote attacker to get access to privileged information (e.g., /etc/passwd) via path traversal (relative path information in the file parameter of the corresponding POST request). Possible scenarios may involve changing bank accounts or setting passwords. HUAWEI P30 Pro versions earlier than 10.1.0.160(C00E160R2P8) and versions earlier than 10.1.0.160(C01E160R2P8) have a buffer overflow vulnerability. This issue does not occur when the device is deployed in Stand Alone configuration. A SQL Injection issue in Rapid7 Nexpose version prior to 6.6.49 that may have allowed an authenticated user with a low permission level to access resources & make changes they should not have been able to access. WUZHI CMS 4.1.0 has XSS via the index.php?m=core&f=set&v=basic form[statcode] parameter. Authentication is not required to exploit this vulnerability. Please note that some of the information in the bulletin is compiled from external, open-source reports and is not a direct result of CISA analysis. There is Stored XSS via the optional message field of a file request. iball -- 300m_2-port_wireless-n_broadband_router_firmware. It might allow an attacker to cause Denial of Service or leak memory data into dump content. NUUO Network Video Recorder Firmware 1.7.x through 3.3.x allows unauthenticated attackers to execute arbitrary commands via shell metacharacters to handle_load_config.php. A vulnerability in SonicOS allows a remote unauthenticated attacker to brute force Virtual Assist ticket ID in the firewall SSLVPN service. This is also exploitable via CSRF. An attacker can exploit this issues to gain access to sensitive information that may aid in further attacks. User interaction is not needed for exploitation.Product: AndroidVersions: Android-8.1 Android-9 Android-10 Android-11 Android-8.0Android ID: A-158833854, In setUpdatableDriverPath of GpuService.cpp, there is a possible memory corruption due to a missing permission check. This vulnerability affected SonicOS Gen 6 version 22.214.171.124, 126.96.36.199, SonicOSv 6.5.4.v and Gen 7 version 188.8.131.52. A potential improper access control vulnerability exists in the backup mechanism of the Bosch Smart Home Controller (SHC) before 9.8.905 that may result in unauthorized download of a backup. In Open Enclave before version 0.12.0, an information disclosure vulnerability exists when an enclave application using the syscalls provided by the sockets.edl is loaded by a malicious host application. On the client, ID token handling can cause an unhandled exception because of misinterpretation of an integer as a string, resulting in denial-of-service and then other users can no longer login/sign-in to the affected third-party service. A local user may be able to leak sensitive user information. A specially crafted PDF document can trigger a previously freed object in memory to be reused, resulting in arbitrary code execution. foliovision -- fb_flowplayer_video_player. Unauthenticated Remote Code Execution is possible through the open HTTP interface by modifying autoexec.bat, aka KONE-01. This vulnerability appears to have been fixed in 2.3.0. Limited Edition through 6.1 build 2208 allows creation of arbitrary files on a user's workstation using crafted ZED! A code execution vulnerability exists in the kdu_buffered_expand function of the Kakadu SDK 7.9. This issue is limited to the processing of IPv6 NDP packets. A memory corruption issue was addressed by removing the vulnerable code.