RHCOS 2 : Red Hat OpenShift Enterprise 2.2.7 (RHSA-2015:1844)

The remote Red Hat Enterprise Linux CoreOS 2 host has packages installed that are affected by multiple vulnerabilities as referenced in the RHSA-2015:1844 advisory. - jenkins: Combination filter Groovy script unsecured SECURITY-125 CVE-2015-1806 - jenkins: directory traversal from artifacts via...

MiracleLinux 3 : drupal-6.8-2AXS3 (AXSA:2009-68:02)

The remote MiracleLinux 3 host has a package installed that is affected by a vulnerability as referenced in the AXSA:2009-68:02 advisory. Drupal is a free software package that allows an individual or a community of users to easily publish, manage and organize a wide variety of content on a...

CVE-2023-1844

The Subscribe2 plugin for WordPress is vulnerable to unauthorized access to email functionality due to a missing capability check when sending test emails in versions up to, and including, 10.40. This makes it possible for author-level attackers to send emails with arbitrary content and attachmen...

CVE-2020-1844

PCManager with versions earlier than 10.0.5.51 have a privilege escalation vulnerability in Huawei PCManager products. An authenticated, local attacker can perform specific operation to exploit this vulnerability. Successful exploitation may cause the attacker to obtain a higher privilege...

CVE-2011-1844

Memory leak in Microsoft Silverlight 4 before 4.0.60310.0 allows remote attackers to cause a denial of service memory consumption via an application involving a popup control and a custom DependencyProperty property, related to lack of garbage collection...

CVE-2002-1844

Microsoft Windows Media Player WMP 6.3, when installed on Solaris, installs executables with world-writable permissions, which allows local users to delete or modify the executables to gain privileges...

CVE-2025-1844

creationtimestamp| type| source ---|---|--- 2025-03-03 02:29:28+00:00| published-proof-of-concept| https://t.me/DarkWebInformerCVEAlerts/6131 2025-03-03 05:30:11+00:00| seen| https://t.me/cvedetector/19301 2025-08-19 18:29:28+00:00| seen| MISP/1e8d1b5a-3537-4a30-907d-acb1720bbd18...

CVE-2025-1844

CVE-2025-1844 affects ESAFENET CDG 5.6.3.154.205_20250114. The flaw is a SQL injection in the file /CDGServer3/logManagement/backupLogDetail.jsp, caused by manipulating the logTaskId parameter. It is remotely exploitable over the network, with public exploit disclosure noted in the sources. The v...

SUSE: Security Advisory (SUSE-SU-2024:1844-1)

The remote host is missing an update for the SPDX-FileCopyrightText: 2024 Greenbone AG Some text descriptions might be excerpted from a referenced sources, and are Copyright C by the respective right holders. SPDX-License-Identifier: GPL-2.0-only ifdescription...

CVE-2024-1844

CVE-2024-1844 (RevivePress plugin) Vulnerability in RevivePress – Keep your Old Content Evergreen for WordPress (up to version 1.5.6) due to missing capability checks in import_data and copy_data. This enables authenticated attackers with subscriber-level access or higher to view and modify plugi...

WordPress RevivePress Plugin <= 1.5.6 is vulnerable to Broken Access Control

Software RevivePress Type Plugin Vulnerable versions = 1.5.6 Fixed in 1.5.6.1 OWASP Top 10 A5: Broken Access Control Classification Broken Access Control CVE CVE-2024-1844 Patch priority Low CVSS severity Low 4.3 Developer Claim ownership PSID 1928554db9aa Credits Lucio Sá Required privilege...

Amazon Linux AMI : ImageMagick (ALAS-2023-1844)

The version of ImageMagick installed on the remote host is prior to 6.9.10.97-1.29. It is, therefore, affected by a vulnerability as referenced in the ALAS-2023-1844 advisory. A vulnerability was found in ImageMagick. This issue occurs as an undefined behavior, casting double to sizet in svg, mvg...

CVE-2023-1844

creationtimestamp| type| source ---|---|--- 2023-06-28 07:12:33+00:00| seen| https://t.me/cibsecurity/65595...

CVE-2023-1844

The CVE-2023-1844 entry concerns the WordPress plugin Subscribe2. The vulnerability arises from a missing capability check when sending test emails, enabling author-level attackers to send emails with arbitrary content/attachments to site users in versions up to and including 10.40. The impact is...

WordPress Subscribe2 Plugin <= 10.40 is vulnerable to Broken Access Control

Software Subscribe2 Type Plugin Vulnerable versions = 10.40 Fixed in 10.41 OWASP Top 10 A5: Broken Access Control Classification Broken Access Control CVE CVE-2023-1844 Patch priority Low CVSS severity Low 4.3 Developer Claim ownership PSID 3c2b898b697a Credits Marco Wotschka Required privilege...

Important: webkitgtk4

Issue Overview: A logic issue was addressed with improved state management. CVE-2020-22592 A use after free issue was addressed with improved memory management. This issue is fixed in macOS Big Sur 11.0.1, watchOS 7.1, iOS 14.2 and iPadOS 14.2, iCloud for Windows 11.5, Safari 14.0.1, tvOS 14.2,...

Security Bulletin: TS3310 Tape Library contains pre-configured default accounts (CVE-2012-1844)

Abstract Security Vulnerability in the TS3310 Tape Library. The tape library ships with certain pre-configured default accounts that have fixed passwords. A remote unauthorized user with knowledge of these accounts/passwords could use them to gain unauthorized access to the tape library. Content...

Amazon Linux 2 : python-bottle (ALAS-2022-1844)

It is, therefore, affected by a vulnerability as referenced in the ALAS2-2022-1844 advisory. Bottle before 0.12.20 mishandles errors during early request binding. CVE-2022-31799 Tenable has extracted the preceding description block directly from the tested product security advisory. Note that...

CVE-2022-1844

The WP Sentry WordPress plugin through 1.0 does not have CSRF check in place when updating its settings, which could allow attackers to make a logged in admin change them via a CSRF attack and lead to Stored Cross-Site Scripting due to the lack of sanitisation and escaping as well...

CVE-2022-1844

The WP Sentry WordPress plugin through 1.0 does not have CSRF check in place when updating its settings, which could allow attackers to make a logged in admin change them via a CSRF attack and lead to Stored Cross-Site Scripting due to the lack of sanitisation and escaping as well...