MiracleLinux 9 : gstreamer1-plugins-good-1.18.4-6.el9 (AXSA:2023-5649:01)

The remote MiracleLinux 9 host has packages installed that are affected by multiple vulnerabilities as referenced in the AXSA:2023-5649:01 advisory. gstreamer-plugins-good: Potential heap overwrite in gstmatroskademuxaddwvpkheader CVE-2022-1920 gstreamer-plugins-good: Heap-based buffer overflow i...

CVE-2019-2122

In LockTaskController.lockKeyguardIfNeeded of the LockTaskController.java, there was a difference in the handling of the default case between the WindowManager and the Settings. This could lead to a local escalation of privilege with no additional execution privileges needed. User interaction is...

CVE-2025-2122

A vulnerability classified as problematic was found in Thinkware Car Dashcam F800 Pro up to 20250226. Affected by this vulnerability is an unknown functionality of the component Connection Handler. The manipulation leads to denial of service. The attack can only be initiated within the local...

CVE-2025-2122

creationtimestamp| type| source ---|---|--- 2025-03-09 13:37:44+00:00| published-proof-of-concept| https://t.me/DarkWebInformerCVEAlerts/6965 2025-03-09 17:05:13+00:00| seen| https://bsky.app/profile/cve.skyfleet.blue/post/3ljxjhxjutr2n 2025-03-09 17:57:00+00:00| seen|...

Linux Distros Unpatched Vulnerability : CVE-2022-2122

The Linux/Unix host has one or more packages installed that are impacted by a vulnerability without a vendor supplied patch available. - DOS / potential heap overwrite in qtdemux using zlib decompression. Integer overflow in qtdemux element in qtdemuxinflate function which causes a segfault, or...

Linux Distros Unpatched Vulnerability : CVE-2012-2122

The Linux/Unix host has one or more packages installed that are impacted by a vulnerability without a vendor supplied patch available. - sql/password.c in Oracle MySQL 5.1.x before 5.1.63, 5.5.x before 5.5.24, and 5.6.x before 5.6.6, and MariaDB 5.1.x before 5.1.62, 5.2.x before 5.2.12, 5.3.x...

CVE-2024-2122

creationtimestamp| type| source ---|---|--- 2024-09-10 23:00:43+00:00| published-proof-of-concept| https://t.me/codeb0ss/1475...

RHEL 8 : gstreamer-plugins-good (Unpatched Vulnerability)

The remote Redhat Enterprise Linux 8 host has one or more packages installed that are affected by multiple vulnerabilities that have been acknowledged by the vendor but will not be patched. - gstreamer-plugins-good: Potential heap overwrite in mp4 demuxing using zlib decompression CVE-2022-2122 -...

CVE-2024-2122

The Best WordPress Gallery Plugin – FooGallery plugin for WordPress is vulnerable to Stored Cross-Site Scripting via album gallery custom URLs in all versions up to, and including, 2.4.15 due to insufficient input sanitization and output escaping. This makes it possible for authenticated attacker...

CVE-2024-2122 FooGallery <= 2.4.15 - Authenticated (Contributor+) Stored Cross-Site Scripting via Gallery Custom URL

The Best WordPress Gallery Plugin – FooGallery plugin for WordPress is vulnerable to Stored Cross-Site Scripting via album gallery custom URLs in all versions up to, and including, 2.4.15 due to insufficient input sanitization and output escaping. This makes it possible for authenticated attacker...

CVE-2024-2122 FooGallery <= 2.4.15 - Authenticated (Contributor+) Stored Cross-Site Scripting via Gallery Custom URL

The Best WordPress Gallery Plugin – FooGallery plugin for WordPress is vulnerable to Stored Cross-Site Scripting via album gallery custom URLs in all versions up to, and including, 2.4.15 due to insufficient input sanitization and output escaping. This makes it possible for authenticated attacker...

WordPress FooGallery Plugin <= 2.4.15 is vulnerable to Cross Site Scripting (XSS)

Software FooGallery Type Plugin Vulnerable versions = 2.4.15 Fixed in 2.4.16 OWASP Top 10 A7: Cross-Site Scripting XSS Classification Cross Site Scripting XSS CVE CVE-2024-2122 Patch priority Low CVSS severity Low 6.5 Developer Claim ownership PSID e80585534884 Credits Robert Kruczek ProXy Requir...

RHEL 8 : gstreamer-plugins-good (Unpatched Vulnerability)

The remote Redhat Enterprise Linux 8 host has one or more packages installed that are affected by a vulnerability that has been acknowledged by the vendor but will not be patched. - gstreamer-plugins-good: Heap corruption in matroska demuxing CVE-2021-3498 Note that Nessus has not tested for this...

CentOS 9 : gstreamer1-plugins-good-1.18.4-6.el9

The remote CentOS Linux 9 host has packages installed that are affected by multiple vulnerabilities as referenced in the gstreamer1-plugins-good-1.18.4-6.el9 build changelog. - Integer overflow in matroskademux element in gstmatroskademuxaddwvpkheader function which allows a heap overwrite while...

CentOS 8 : libreswan (CESA-2023:2122)

The remote CentOS Linux 8 host has a package installed that is affected by a vulnerability as referenced in the CESA-2023:2122 advisory. - pluto in Libreswan before 4.11 allows a denial of service responder SPI mishandling and daemon crash via unauthenticated IKEv1 Aggressive Mode packets. The...

SUSE SLES15 Security Update : gstreamer-plugins-good (SUSE-SU-2023:3688-1)

The remote SUSE Linux SLES15 / SLESSAP15 host has packages installed that are affected by multiple vulnerabilities as referenced in the SUSE-SU-2023:3688-1 advisory. - GStreamer before 1.18.4 might access already-freed memory in error code paths when demuxing certain malformed Matroska files...

CVE-2023-2122

creationtimestamp| type| source ---|---|--- 2023-08-16 16:50:37+00:00| seen| https://t.me/cibsecurity/68648...

CVE-2023-2122

The Image Optimizer by 10web WordPress plugin before 1.0.27 does not sanitise and escape the iowdtabsactive parameter before rendering it in the plugin admin panel, leading to a reflected Cross-Site Scripting vulnerability, allowing an attacker to trick a logged in admin to execute arbitrary...

CVE-2023-2122

The CVE-2023-2122 entry concerns the Image Optimizer by 10web WordPress plugin (versions up to 1.0.26). It is vulnerable to a reflected XSS via the iowd_tabs_active parameter, which is sanitized/escaped insufficiently before rendering in the plugin admin panel. Impact is that an attacker could lu...

CVE-2023-2122 Image Optimizer by 10web < 1.0.27 - Reflected Cross-Site Scripting

The Image Optimizer by 10web WordPress plugin before 1.0.27 does not sanitise and escape the iowdtabsactive parameter before rendering it in the plugin admin panel, leading to a reflected Cross-Site Scripting vulnerability, allowing an attacker to trick a logged in admin to execute arbitrary...