133 matches found
CVE-2024-0868
The coreActivity: Activity Logging plugin for WordPress plugin before 2.1 retrieved IP addresses of requests via headers such X-FORWARDED to log them, allowing users to spoof them by providing an arbitrary value...
CVE-2024-0868 coreActivity < 2.1 - Unauthenticated IP Spoofing
The coreActivity: Activity Logging plugin for WordPress plugin before 2.1 retrieved IP addresses of requests via headers such X-FORWARDED to log them, allowing users to spoof them by providing an arbitrary value...
SUSE: Security Advisory (SUSE-SU-2023:0868-1)
The remote host is missing an update for the SPDX-FileCopyrightText: 2023 Greenbone AG Some text descriptions might be excerpted from a referenced sources, and are Copyright C by the respective right holders. SPDX-License-Identifier: GPL-2.0-only ifdescription...
CVE-2023-0868
creationtimestamp| type| source ---|---|--- 2023-02-23 18:18:20+00:00| seen| https://t.me/cibsecurity/58781...
CVE-2023-0868
OpenNMS Meridian and Horizon are affected by a reflected cross-site scripting (XSS) vulnerability in graph results that can allow an attacker to steal session cookies. From the connected PT-2023-16572 advisory: OpenNMS Meridian versions prior to 2023.1.0 and OpenNMS Horizon versions prior to 31.0...
SUSE CVE-2013-0868
libavcodec/huffyuvdec.c in FFmpeg before 1.1.2 allows remote attackers to have an unspecified impact via crafted Huffyuv data, related to an out-of-bounds write and 1 unchecked return codes from the initvlc function and 2 "len==0 cases."...
Security Bulletin: IBM Process Mining is vulnerable to phishing attacks due to URI.js. CVE-2022-0868
Summary URI.js is used by IBM Process Mining. CVE-2022-0868. Vulnerability Details CVEID:CVE-2022-0868 DESCRIPTION: URI.js could allow a remote authenticated attacker to conduct phishing attacks, caused by an open redirect vulnerability. An attacker could exploit this vulnerability using a...
CVE-2022-0868
creationtimestamp| type| source ---|---|--- 2022-03-06 18:28:43+00:00| seen| https://t.me/cibsecurity/38496...
CVE-2022-0868 Open Redirect in medialize/uri.js
Open Redirect in GitHub repository medialize/uri.js prior to 1.19.10...
CVE-2022-0868
CVE-2022-0868 is an open redirect in medialize/uri.js prior to 1.19.10. Open redirect could allow a remote attacker to redirect victims to arbitrary sites via crafted URLs. Public metrics show base scores around 5.8–6.1 (NVD) and up to 8.0 in some sources depending on scope/age. Remediation: upgr...
CVE-2013-0868
creationtimestamp| type| source ---|---|--- 2021-08-05 01:23:44+00:00| seen| https://t.me/cibsecurity/26862...
CVE-2021-38114
libavcodec/dnxhddec.c in FFmpeg 4.4 does not check the return value of the initvlc function, a similar issue to CVE-2013-0868...
CVE-2021-38114
libavcodec/dnxhddec.c in FFmpeg 4.4 does not check the return value of the initvlc function, a similar issue to CVE-2013-0868...
CVE-2021-38114
libavcodec/dnxhddec.c in FFmpeg 4.4 does not check the return value of the initvlc function, a similar issue to CVE-2013-0868...
openSUSE: Security Advisory for 389-ds (openSUSE-SU-2021:0868-1)
The remote host is missing an update for the Copyright C 2021 Greenbone Networks GmbH Some text descriptions might be excerpted from a referenced sources, and are Copyright C by the respective right holders. SPDX-License-Identifier: GPL-2.0-or-later This program is free software; you can...
SUSE: Security Advisory (SUSE-SU-2012:0702-1)
The remote host is missing an update for the SPDX-FileCopyrightText: 2021 Greenbone AG Some text descriptions might be excerpted from a referenced sources, and are Copyright C by the respective right holders. SPDX-License-Identifier: GPL-2.0-only ifdescription...
Privilege escalation
An elevation of privilege vulnerability exists when the Windows Update Orchestrator Service improperly handles file operations, aka 'Windows Update Orchestrator Service Elevation of Privilege Vulnerability'. This CVE ID is unique from CVE-2020-0868...
CVE-2020-0868
CVE-2020-0868 is a local elevation-of-privilege vulnerability in the Windows Update Orchestrator Service caused by improper file operations. The affected component is the Windows Update Orchestrator Service; the root cause is mishandling of file operations. According to sources, the CVE has a hig...
Arbitrary Code Execution
PostgreSQL is an advanced object-relational database management system DBMS. The pgdump utility inserted object names literally into comments in the SQL script it produces. An unprivileged database user could create an object whose name includes a newline followed by an SQL command. This SQL...
Cross site scripting
A Cross-site Scripting XSS vulnerability exists when Azure DevOps Server and Team Foundation Server do not properly sanitize user provided input, aka 'Azure DevOps Server and Team Foundation Server Cross-site Scripting Vulnerability'. This CVE ID is unique from CVE-2019-0866, CVE-2019-0868,...