Lucene search
+L

133 matches found

NVD
NVD
added 2024/04/17 5:15 a.m.14 views

CVE-2024-0868

The coreActivity: Activity Logging plugin for WordPress plugin before 2.1 retrieved IP addresses of requests via headers such X-FORWARDED to log them, allowing users to spoof them by providing an arbitrary value...

5.3CVSS6.6AI score0.00482EPSS
Exploits2References1
Cvelist
Cvelist
added 2024/04/17 5:0 a.m.20 views

CVE-2024-0868 coreActivity < 2.1 - Unauthenticated IP Spoofing

The coreActivity: Activity Logging plugin for WordPress plugin before 2.1 retrieved IP addresses of requests via headers such X-FORWARDED to log them, allowing users to spoof them by providing an arbitrary value...

6.8AI score0.00482EPSS
Exploits2References1
OpenVAS
OpenVAS
added 2023/03/28 12:0 a.m.9 views

SUSE: Security Advisory (SUSE-SU-2023:0868-1)

The remote host is missing an update for the SPDX-FileCopyrightText: 2023 Greenbone AG Some text descriptions might be excerpted from a referenced sources, and are Copyright C by the respective right holders. SPDX-License-Identifier: GPL-2.0-only ifdescription...

7.5CVSS8.1AI score0.20459EPSS
Exploits3References5
Circl
Circl
added 2023/02/23 6:18 p.m.6 views

CVE-2023-0868

creationtimestamp| type| source ---|---|--- 2023-02-23 18:18:20+00:00| seen| https://t.me/cibsecurity/58781...

6.7CVSS6.1AI score0.00442EPSS
Exploits0References1
CVE
CVE
added 2023/02/23 2:46 p.m.69 views

CVE-2023-0868

OpenNMS Meridian and Horizon are affected by a reflected cross-site scripting (XSS) vulnerability in graph results that can allow an attacker to steal session cookies. From the connected PT-2023-16572 advisory: OpenNMS Meridian versions prior to 2023.1.0 and OpenNMS Horizon versions prior to 31.0...

6.7CVSS6.1AI score0.00442EPSS
Exploits0References2Affected Software2
SUSE CVE
SUSE CVE
added 2023/02/15 5:41 a.m.3 views

SUSE CVE-2013-0868

libavcodec/huffyuvdec.c in FFmpeg before 1.1.2 allows remote attackers to have an unspecified impact via crafted Huffyuv data, related to an out-of-bounds write and 1 unchecked return codes from the initvlc function and 2 "len==0 cases."...

9.3CVSS7.4AI score0.0393EPSS
Exploits0References3
IBM Security Bulletins
IBM Security Bulletins
added 2023/02/01 9:34 p.m.29 views

Security Bulletin: IBM Process Mining is vulnerable to phishing attacks due to URI.js. CVE-2022-0868

Summary URI.js is used by IBM Process Mining. CVE-2022-0868. Vulnerability Details CVEID:CVE-2022-0868 DESCRIPTION: URI.js could allow a remote authenticated attacker to conduct phishing attacks, caused by an open redirect vulnerability. An attacker could exploit this vulnerability using a...

8CVSS6.2AI score0.00707EPSS
Exploits1Affected Software1
Circl
Circl
added 2022/03/06 6:28 p.m.8 views

CVE-2022-0868

creationtimestamp| type| source ---|---|--- 2022-03-06 18:28:43+00:00| seen| https://t.me/cibsecurity/38496...

8CVSS6.9AI score0.00707EPSS
Exploits1References1
Cvelist
Cvelist
added 2022/03/06 3:20 p.m.35 views

CVE-2022-0868 Open Redirect in medialize/uri.js

Open Redirect in GitHub repository medialize/uri.js prior to 1.19.10...

8CVSS6.5AI score0.00707EPSS
Exploits1References2
CVE
CVE
added 2022/03/06 3:20 p.m.102 views

CVE-2022-0868

CVE-2022-0868 is an open redirect in medialize/uri.js prior to 1.19.10. Open redirect could allow a remote attacker to redirect victims to arbitrary sites via crafted URLs. Public metrics show base scores around 5.8–6.1 (NVD) and up to 8.0 in some sources depending on scope/age. Remediation: upgr...

8CVSS6.4AI score0.00707EPSS
Exploits1References2Affected Software1
Circl
Circl
added 2021/08/05 1:23 a.m.19 views

CVE-2013-0868

creationtimestamp| type| source ---|---|--- 2021-08-05 01:23:44+00:00| seen| https://t.me/cibsecurity/26862...

9.3CVSS6.5AI score0.0393EPSS
Exploits0References1
UbuntuCve
UbuntuCve
added 2021/08/04 9:15 p.m.29 views

CVE-2021-38114

libavcodec/dnxhddec.c in FFmpeg 4.4 does not check the return value of the initvlc function, a similar issue to CVE-2013-0868...

5.5CVSS6.8AI score0.01023EPSS
Exploits0References5
Cvelist
Cvelist
added 2021/08/04 8:15 p.m.43 views

CVE-2021-38114

libavcodec/dnxhddec.c in FFmpeg 4.4 does not check the return value of the initvlc function, a similar issue to CVE-2013-0868...

7.5AI score0.01023EPSS
Exploits0References5
AlpineLinux
AlpineLinux
added 2021/08/04 8:15 p.m.48 views

CVE-2021-38114

libavcodec/dnxhddec.c in FFmpeg 4.4 does not check the return value of the initvlc function, a similar issue to CVE-2013-0868...

5.5CVSS7.5AI score0.01023EPSS
Exploits0
OpenVAS
OpenVAS
added 2021/06/15 12:0 a.m.25 views

openSUSE: Security Advisory for 389-ds (openSUSE-SU-2021:0868-1)

The remote host is missing an update for the Copyright C 2021 Greenbone Networks GmbH Some text descriptions might be excerpted from a referenced sources, and are Copyright C by the respective right holders. SPDX-License-Identifier: GPL-2.0-or-later This program is free software; you can...

6.5CVSS6.8AI score0.01177EPSS
Exploits0References2
OpenVAS
OpenVAS
added 2021/06/09 12:0 a.m.29 views

SUSE: Security Advisory (SUSE-SU-2012:0702-1)

The remote host is missing an update for the SPDX-FileCopyrightText: 2021 Greenbone AG Some text descriptions might be excerpted from a referenced sources, and are Copyright C by the respective right holders. SPDX-License-Identifier: GPL-2.0-only ifdescription...

6.8CVSS6.5AI score0.03625EPSS
Exploits1References3
Prion
Prion
added 2020/03/12 4:15 p.m.22 views

Privilege escalation

An elevation of privilege vulnerability exists when the Windows Update Orchestrator Service improperly handles file operations, aka 'Windows Update Orchestrator Service Elevation of Privilege Vulnerability'. This CVE ID is unique from CVE-2020-0868...

4.6CVSS7.7AI score0.00756EPSS
Exploits0References1Affected Software2
CVE
CVE
added 2020/03/12 3:48 p.m.82 views

CVE-2020-0868

CVE-2020-0868 is a local elevation-of-privilege vulnerability in the Windows Update Orchestrator Service caused by improper file operations. The affected component is the Windows Update Orchestrator Service; the root cause is mishandling of file operations. According to sources, the CVE has a hig...

7.8CVSS8.5AI score0.00756EPSS
Exploits0References1Affected Software3
Veracode
Veracode
added 2019/05/02 4:41 a.m.31 views

Arbitrary Code Execution

PostgreSQL is an advanced object-relational database management system DBMS. The pgdump utility inserted object names literally into comments in the SQL script it produces. An unprivileged database user could create an object whose name includes a newline followed by an SQL command. This SQL...

6.8CVSS6.5AI score0.03625EPSS
Exploits1References16Affected Software2
Prion
Prion
added 2019/04/09 9:29 p.m.17 views

Cross site scripting

A Cross-site Scripting XSS vulnerability exists when Azure DevOps Server and Team Foundation Server do not properly sanitize user provided input, aka 'Azure DevOps Server and Team Foundation Server Cross-site Scripting Vulnerability'. This CVE ID is unique from CVE-2019-0866, CVE-2019-0868,...

4.3CVSS5.9AI score0.02626EPSS
Exploits0References2Affected Software2
Rows per page
Query Builder