101 matches found
SUSE CVE-2020-21840
A heap based buffer overflow vulnerability exits in GNU LibreDWG 0.10 via bitsearchsentinel ../../src/bits.c:1985...
WordPress Download Manager Plugin <= 3.2.42 XSS Vulnerability
The WordPress plugin Copyright C 2022 Greenbone Networks GmbH Some text descriptions might be excerpted from a referenced sources, and are Copyright C by the respective right holders. SPDX-License-Identifier: GPL-2.0-or-later This program is free software; you can redistribute it and/or modify it...
CVE-2022-1985
creationtimestamp| type| source ---|---|--- 2022-06-13 16:16:51+00:00| seen| https://t.me/cibsecurity/44264...
CVE-2022-1985
The Download Manager Plugin for WordPress is vulnerable to reflected Cross-Site Scripting in versions up to, and including 3.2.42. This is due to insufficient input sanitization and output escaping on the 'frameid' parameter found in the /src/Package/views/shortcode-iframe.php file...
CVE-2022-1985
CVE-2022-1985 affects WordPress Download Manager plugin up to version 3.2.42. The vulnerability is a reflected Cross-Site Scripting due to insufficient sanitization/escaping of the frameid parameter in the shortcode-iframe.php file. Impact described as XSS; no exploit details provided in the init...
WordPress Download Manager 3.2.42 Cross Site Scripting Vulnerability
Description: Reflected Cross-Site Scripting Affected Plugin: Download Manager Plugin Slug: download-manager Plugin Developer: codename065 Affected Versions: = 3.2.42 CVE ID: CVE-2022-1985 CVSS Score: 6.1 Medium CVSS Vector: CVSS:3.1/AV:N/AC:L/PR:N/UI:R/S:C/C:L/I:L/A:N Researcher/s: Rafie Muhammad...
Cross-Site Scripting Vulnerability In Download Manager Plugin
On May 30, 2022, Security Researcher Rafie Muhammad reported a reflected Cross-Site Scripting XSS vulnerability to us that they discovered in Download Manager, a WordPress plugin installed on over 100,000 sites. On request, we assigned a vulnerability identifier of CVE-2022-1985. All Wordfence...
Nigerian Tesla: 419 scammer gone malware distributor unmasked
Agent Tesla is a well-known data stealer written in .NET that has been active since 2014 and is perhaps one of the most popular payloads observed in malspam campaigns. While looking for threats targeting Ukraine, we identified a group we call "Nigerian Tesla" that has been dabbling into phishing...
CVE-2021-1985
CVE-2021-1985 affects Qualcomm Snapdragon devices via the QVR Service configuration. Root cause: lack of proper data length checks leads to a buffer over-read. Impact described as local access with high confidentiality and availability impact; no public exploit details are provided in the supplie...
CVE-2021-1985
Possible buffer over read due to lack of data length check in QVR Service configuration in Snapdragon Auto, Snapdragon Compute, Snapdragon Connectivity, Snapdragon Consumer IOT, Snapdragon Industrial IOT, Snapdragon Wearables...
Huawei EulerOS: Security Advisory for openssl (EulerOS-SA-2021-1985)
The remote host is missing an update for the Huawei EulerOS SPDX-FileCopyrightText: 2021 Greenbone AG Some text descriptions might be excerpted from a referenced sources, and are Copyright C by the respective right holders. SPDX-License-Identifier: GPL-2.0-only ifdescription...
SUSE: Security Advisory (SUSE-SU-2013:1103-1)
The remote host is missing an update for the SPDX-FileCopyrightText: 2021 Greenbone AG Some text descriptions might be excerpted from a referenced sources, and are Copyright C by the respective right holders. SPDX-License-Identifier: GPL-2.0-only ifdescription...
SUSE: Security Advisory (SUSE-SU-2013:1103-2)
The remote host is missing an update for the SPDX-FileCopyrightText: 2021 Greenbone AG Some text descriptions might be excerpted from a referenced sources, and are Copyright C by the respective right holders. SPDX-License-Identifier: GPL-2.0-only ifdescription...
SUSE: Security Advisory (SUSE-SU-2014:0881-1)
The remote host is missing an update for the SPDX-FileCopyrightText: 2021 Greenbone AG Some text descriptions might be excerpted from a referenced sources, and are Copyright C by the respective right holders. SPDX-License-Identifier: GPL-2.0-only ifdescription...
CVE-2020-21840
A heap based buffer overflow vulnerability exits in GNU LibreDWG 0.10 via bitsearchsentinel ../../src/bits.c:1985...
CVE-2018-1985
creationtimestamp| type| source ---|---|--- 2020-08-24 20:55:20+00:00| seen| https://t.me/cibsecurity/14286...
CVE-2018-1985
CVE-2018-1985 affects IBM Security Trusteer Rapport for macOS. An unused legacy driver in the Apex/Rapport package could be exploited locally by an administrator to trigger a buffer overflow and kernel panic; IBM notes the driver has been removed in newer builds. Affected versions: Rapport for ma...
CVE-2020-1985
Incorrect Default Permissions on C:\Programdata\Secdo\Logs folder in Secdo allows local authenticated users to overwrite system files and gain escalated privileges. This issue affects all versions Secdo for Windows...
CVE-2020-1985 Secdo: Incorrect Default Permissions
Incorrect Default Permissions on C:\Programdata\Secdo\Logs folder in Secdo allows local authenticated users to overwrite system files and gain escalated privileges. This issue affects all versions Secdo for Windows...
CVE-2020-1985
CVE-2020-1985 refers to Secdo for Windows with an incorrect default permission on the folder C:\Programdata\Secdo\Logs. Local authenticated users could overwrite system files and escalate privileges due to overly permissive permissions. The connected Palo Alto advisory offers a workaround: modify...