| CVE |
Vendors |
Products |
Updated |
CVSS v3.1 |
| A potential vulnerability has been identified in HPE OneView Global Dashboard release 2.31 which could lead to a local disclosure of privileged information. HPE has provided an update to OneView Global Dashboard. The issue is resolved in 2.32. |
| A potential security vulnerability was identified in HPE iLO Amplifier Pack. The vulnerabilities could be remotely exploited to allow remote code execution. |
| A potential security vulnerability has been identified in HPE Superdome Flex server. A denial of service attack can be remotely exploited leaving hung connections to the BMC web interface. The monarch BMC must be rebooted to recover from this situation. Other BMC management is not impacted. HPE has made the following software update to resolve the vulnerability in HPE Superdome Flex Server: Superdome Flex Server Firmware 3.30.142 or later. |
| Apostrophe Technologies sanitize-html before 2.3.2 does not properly validate the hostnames set by the "allowedIframeHostnames" option when the "allowIframeRelativeUrls" is set to true, which allows attackers to bypass hostname whitelist for iframe element, related using an src value that starts with "/\\example.com". |
| Apostrophe Technologies sanitize-html before 2.3.1 does not properly handle internationalized domain name (IDN) which could allow an attacker to bypass hostname whitelist validation set by the "allowedIframeHostnames" option. |
| In VembuBDR before 4.2.0.1 and VembuOffsiteDR before 4.2.0.1, the http API located at /sgwebservice_o.php accepts a command argument. Using this command argument an unauthenticated attacker can execute arbitrary shell commands. |
| Azure RTOS Information Disclosure Vulnerability |
| Microsoft Virtual Machine Bus (VMBus) Remote Code Execution Vulnerability |
| Windows HTTP.sys Elevation of Privilege Vulnerability |
| Microsoft Edge for Android Information Disclosure Vulnerability |
| Visual Studio Code Spoofing Vulnerability |
| Microsoft Edge (Chromium-based) Elevation of Privilege Vulnerability |
| Windows Services for NFS ONCRPC XDR Driver Information Disclosure Vulnerability |
| Windows Services for NFS ONCRPC XDR Driver Remote Code Execution Vulnerability |
| Azure Sphere Denial of Service Vulnerability |
| Azure Sphere Elevation of Privilege Vulnerability |
| Azure Sphere Information Disclosure Vulnerability |
| Microsoft Exchange Server Remote Code Execution Vulnerability |
| Windows TCP/IP Remote Code Execution Vulnerability |
| .NET Core and Visual Studio Denial of Service Vulnerability |
