CVSS: 7.8EPSS: 0%CPEs: 5EXPL: 0CVE-2023-39427 – Ashlar-Vellum Cobalt, Xenon, Argon, Lithium Out-of-bounds Write
https://notcve.org/view.php?id=CVE-2023-39427
26 Oct 2023 — In Ashlar-Vellum Cobalt, Xenon, Argon, Lithium, and Cobalt Share v12 SP0 Build (1204.77), the affected applications lack proper validation of user-supplied data when parsing XE files. This could lead to an out-of-bounds write. An attacker could leverage this vulnerability to execute arbitrary code in the context of the current process. En Ashlar-Vellum Cobalt, Xenon, Argon, Lithium y Cobalt Share v12 SP0 Build (1204.77), las aplicaciones afectadas carecen de una validación adecuada de los datos proporcionad... • https://www.cisa.gov/news-events/ics-advisories/icsa-23-299-03 • CWE-787: Out-of-bounds Write •
CVSS: 6.1EPSS: 0%CPEs: 1EXPL: 1CVE-2020-14010 – Xenon - Bootstrap Admin Theme with AngularJS <= 1.3 - Reflected Cross-Site Scripting
https://notcve.org/view.php?id=CVE-2020-14010
26 Mar 2020 — The Laborator Xenon theme 1.3 for WordPress allows Reflected XSS via the data/typeahead-generate.php q (aka name) parameter. El tema Laborator Xenon versión 1.3 para WordPress, permite un ataque de tipo XSS Reflejado por medio del parámetro q del archivo data/typeahead-generate.php (también se conoce como name) • https://knassar702.github.io/cve/xenon • CWE-79: Improper Neutralization of Input During Web Page Generation ('Cross-site Scripting') •
CVSS: 7.5EPSS: 1%CPEs: 15EXPL: 0CVE-2017-4952
https://notcve.org/view.php?id=CVE-2017-4952
02 May 2018 — VMware Xenon 1.x, prior to 1.5.4-CR7_1, 1.5.7_7, 1.5.4-CR6_2, 1.3.7-CR1_2, 1.1.0-CR0-3, 1.1.0-CR3_1,1.4.2-CR4_1, and 1.5.4_8, contains an authentication bypass vulnerability due to insufficient access controls for utility endpoints. Successful exploitation of this issue may result in information disclosure. VMware Xenon en versiones 1.x anteriores a la 1.5.4-CR7_1, 1.5.7_7, 1.5.4-CR6_2, 1.3.7-CR1_2, 1.1.0-CR0-3, 1.1.0-CR3_1,1.4.2-CR4_1 y 1.5.4_8, contiene una vulnerabilidad de omisión de autenticación debid... • http://seclists.org/oss-sec/2018/q1/153 • CWE-732: Incorrect Permission Assignment for Critical Resource •