Screen Security Vulnerabilities
Cross-Site Request Forgery (CSRF) leading to a Stored Cross-Site Scripting (XSS) vulnerability in Nazmul Hossain Nihal Login Screen Manager plugin <= 3.5.2...
8.8CVSS
7.4AI Score
0.001EPSS
The Login Screen Manager WordPress plugin through 3.5.2 does not sanitize and escape some of its settings, which could allow high-privilege users such as admin to perform Stored Cross-Site Scripting attacks even when the unfiltered_html capability is disallowed (for example in multisite...
4.8CVSS
4.9AI Score
0.0004EPSS
Improper Limitation of a Pathname to a Restricted Directory ('Path Traversal') vulnerability in Schweitzer Engineering Laboratories SEL-5036 acSELerator Bay Screen Builder Software on Windows allows Relative Path Traversal. SEL acSELerator Bay Screen Builder software is distributed by SEL-5033 SEL....
8.1CVSS
8AI Score
0.001EPSS
Screen Creator Advance 2 Ver.0.1.1.4 Build01A and earlier is vulnerable to improper restriction of operations within the bounds of a memory buffer (CWE-119) due to improper check of its data size when processing a project file. If a user of Screen Creator Advance 2 opens a specially crafted...
7.8CVSS
7.7AI Score
0.001EPSS
socket.c in GNU Screen through 4.9.0, when installed setuid or setgid (the default on platforms such as Arch Linux and FreeBSD), allows local users to send a privileged SIGHUP signal to any PID, causing a denial of service or disruption of the target...
6.5CVSS
5.9AI Score
0.001EPSS
This vulnerability allows remote attackers to execute arbitrary code on affected installations of KOYO Screen Creator 0.1.1.1. User interaction is required to exploit this vulnerability in that the target must visit a malicious page or open a malicious file. The specific flaw exists within the...
7.8CVSS
7.8AI Score
0.002EPSS
Out-of-bound read vulnerability exists in Screen Creator Advance 2 Ver.0.1.1.4 Build01 and earlier because the end of data cannot be verified when processing control management information. Having a user of Screen Creator Advance 2 to open a specially crafted project file may lead to information...
7.8CVSS
7.5AI Score
0.001EPSS
Use-after free vulnerability exists in Screen Creator Advance 2 Ver.0.1.1.4 Build01 and earlier due to lack of error handling process even when an error was detected. Having a user of Screen Creator Advance 2 to open a specially crafted project file may lead to information disclosure and/or...
7.8CVSS
7.6AI Score
0.001EPSS
Out-of-bound read vulnerability exists in Screen Creator Advance 2 Ver.0.1.1.4 Build01 and earlier because the end of data cannot be verified when processing parts management information. Having a user of Screen Creator Advance 2 to open a specially crafted project file may lead to information...
7.8CVSS
7.5AI Score
0.001EPSS
Out-of-bound read vulnerability exists in Screen Creator Advance 2 Ver.0.1.1.4 Build01 and earlier because the end of data cannot be verified when processing screen management information. Having a user of Screen Creator Advance 2 to open a specially crafted project file may lead to information...
7.8CVSS
7.5AI Score
0.001EPSS
Out-of-bound read vulnerability exists in Screen Creator Advance 2 Ver.0.1.1.4 Build01 and earlier because the end of data cannot be verified when processing file structure information. Having a user of Screen Creator Advance 2 to open a specially crafted project file may lead to information...
7.8CVSS
7.5AI Score
0.001EPSS
Out-of-bound read vulnerability exists in Screen Creator Advance 2 Ver.0.1.1.4 Build01 and earlier because the end of data cannot be verified when processing template information. Having a user of Screen Creator Advance 2 to open a specially crafted project file may lead to information disclosure.....
7.8CVSS
7.5AI Score
0.001EPSS
Out-of-bound write vulnerability exists in Screen Creator Advance 2 Ver.0.1.1.4 Build01 and earlier due to lack of error handling process when out of specification errors are detected. Having a user of Screen Creator Advance 2 to open a specially crafted project file may lead to information...
7.8CVSS
7.6AI Score
0.001EPSS
An issue was discovered in Zebra Enterprise Home Screen 4.1.19. The Gboard used by different applications can be used to launch and use several other applications that are restricted by the...
7.1CVSS
6.8AI Score
0.0004EPSS
An issue was discovered in Zebra Enterprise Home Screen 4.1.19. The device allows the administrator to lock some communication channels (wireless and SD card) but it is still possible to use a physical connection (Ethernet cable) without...
7.8CVSS
7.3AI Score
0.0004EPSS
An issue was discovered in Zebra Enterprise Home Screen 4.1.19. By using the embedded Google Chrome application, it is possible to install an unauthorized application via a downloaded...
5.5CVSS
5.2AI Score
0.0004EPSS
The Loading Page with Loading Screen WordPress plugin before 1.0.83 does not escape its settings, allowing high privilege users such as admin to perform cross-Site Scripting attacks even when the unfiltered_html capability is...
4.8CVSS
4.8AI Score
0.001EPSS
IOBit Advanced System Care 15, iTop Screen Recorder 2.1, iTop VPN 3.2, Driver Booster 9, and iTop Screenshot sends HTTP requests in their update procedure in order to download a config file. After downloading the config file, the products will parse the HTTP location of the update from the file...
6.6CVSS
7AI Score
0.005EPSS
Screen Creator Advance2, HMI GC-A2 series, and Real time remote monitoring and control tool Screen Creator Advance2 versions prior to Ver.0.1.1.3 Build01, HMI GC-A2 series(GC-A22W-CW, GC-A24W-C(W), GC-A26W-C(W), GC-A24, GC-A24-M, GC-A25, GC-A26, and GC-A26-J2), and Real time remote monitoring and.....
7CVSS
7AI Score
0.0004EPSS
A stack overflow in the HTTP server of Cast can be exploited to make the app crash in...
7.5CVSS
7.6AI Score
0.001EPSS
It was discovered that the installation packages of the Zoom Client for Meetings for MacOS (Standard and for IT Admin) installation before version 5.2.0, Zoom Client Plugin for Sharing iPhone/iPad before version 5.2.0, and Zoom Rooms for Conference before version 5.1.0, copy pre- and post-...
7.8CVSS
7.6AI Score
0.0004EPSS
encoding.c in GNU Screen through 4.8.0 allows remote attackers to cause a denial of service (invalid write access and application crash) or possibly have unspecified other impact via a crafted UTF-8 character...
9.8CVSS
9.6AI Score
0.015EPSS
A buffer overflow was found in the way GNU Screen before 4.8.0 treated the special escape OSC 49. Specially crafted output, or a special program, could corrupt memory and crash Screen or possibly have unspecified other...
9.8CVSS
9.9AI Score
0.004EPSS
The Screen Stream application through 3.0.15 for Android allows remote attackers to cause a denial of service via many simultaneous /start-stop...
7.5CVSS
7.3AI Score
0.078EPSS
screenresolution-mechanism in screen-resolution-extra 0.17.2 does not properly use the PolicyKit D-Bus API, which allows local users to bypass intended access restrictions by leveraging a race condition via a setuid or pkexec process that is mishandled in a PolicyKitService._check_permission...
7CVSS
6.5AI Score
0.0004EPSS
An Out-of-bounds Write issue was discovered in Delta Electronics Delta Industrial Automation Screen Editor, Version 2.00.23.00 or prior. Specially crafted .dpb files may cause the system to write outside the intended buffer...
7.8CVSS
7.6AI Score
0.001EPSS
A Type Confusion issue was discovered in Delta Electronics Delta Industrial Automation Screen Editor, Version 2.00.23.00 or prior. An access of resource using incompatible type ('type confusion') vulnerability may allow an attacker to execute remote code when processing specially crafted .dpb...
7.8CVSS
7.8AI Score
0.001EPSS
A Stack-based Buffer Overflow issue was discovered in Delta Electronics Delta Industrial Automation Screen Editor, Version 2.00.23.00 or prior. Stack-based buffer overflow vulnerabilities caused by processing specially crafted .dpb files may allow an attacker to remotely execute arbitrary...
7.8CVSS
8.1AI Score
0.001EPSS
A Use-after-Free issue was discovered in Delta Electronics Delta Industrial Automation Screen Editor, Version 2.00.23.00 or prior. Specially crafted .dpb files could exploit a use-after-free...
7.8CVSS
7.5AI Score
0.001EPSS
GNU screen before 4.5.1 allows local users to modify arbitrary files and consequently gain root privileges by leveraging improper checking of logfile...
7.8CVSS
7.4AI Score
0.0004EPSS
The MScrollV function in ansi.c in GNU screen 4.3.1 and earlier does not properly limit recursion, which allows remote attackers to cause a denial of service (stack consumption) via an escape sequence with a large repeat count...
6.3AI Score
0.061EPSS
LG On-Screen Phone (OSP) before 4.3.010 allows remote attackers to bypass authorization via a crafted...
6.8AI Score
0.013EPSS
The Fire Equipments Screen lock (aka com.locktheworld.screen.lock.theme.FireEquipments) application 1.1 for Android does not verify X.509 certificates from SSL servers, which allows man-in-the-middle attackers to spoof servers and obtain sensitive information via a crafted...
6AI Score
0.0005EPSS
The Killer Screen lock (aka com.cc.theme.shashou) application 0.5 for Android does not verify X.509 certificates from SSL servers, which allows man-in-the-middle attackers to spoof servers and obtain sensitive information via a crafted...
6AI Score
0.0005EPSS
Race condition in GNU screen 4.0.3 allows local users to create or overwrite arbitrary files via a symlink attack on the /tmp/screen-exchange temporary...
6.3AI Score
0.0004EPSS
GNU screen 4.0.3 creates the /tmp/screen-exchange temporary file with world-readable permissions, which might allow local users to obtain sensitive session...
6.1AI Score
0.0004EPSS
GNU screen 4.0.3 allows local users to unlock the screen via a CTRL-C sequence at the password prompt. NOTE: multiple third parties report inability to reproduce this...
6.3AI Score
0.0004EPSS
Multiple unspecified vulnerabilities in the "utf8 combining characters handling" (utf8_handle_comb function in encoding.c) in screen before 4.0.3 allows user-assisted attackers to cause a denial of service (crash or hang) via certain UTF8...
7.5AI Score
0.048EPSS
Buffer overflow in the Braille module for GNU screen 3.9.11, when HAVE_BRAILLE is defined, allows local users to execute arbitrary...
7.2AI Score
0.0004EPSS
Integer signedness error in ansi.c for GNU screen 4.0.1 and earlier, and 3.9.15 and earlier, allows local users to execute arbitrary code via a large number of ";" (semicolon) characters in escape sequences, which leads to a buffer...
7.1AI Score
0.003EPSS
Buffer overflow in NetScreen Firewall WebUI allows remote attackers to cause a denial of service via a long URL request to the web administration...
6.9AI Score
0.02EPSS
The Economist screen saver 1999 with the "Password Protected" option enabled allows users with physical access to the machine to bypass the screen saver and read files by running Internet Explorer while the screen is still...
6.7AI Score
0.001EPSS
Macromedia "The Matrix" screen saver on Windows 95 with the "Password protected" option enabled allows attackers with physical access to the machine to bypass the password prompt by pressing the ESC (Escape)...
6.9AI Score
0.001EPSS
Format string vulnerability in screen 3.9.5 and earlier allows local users to gain root privileges via format characters in the vbell_msg initialization...
7AI Score
0.0004EPSS