ECHO-2170-6950-2502

Bulletin has no description...

CVE-2019-2170

In libxaac there is a possible information disclosure due to uninitialized data. This could lead to information disclosure with no additional execution privileges needed. User interaction is needed for exploitation. Product: AndroidVersions: Android-10Android ID: A-118615735...

CVE-2002-2170

Working Resources Inc. BadBlue Enterprise Edition 1.7 through 1.74 attempts to restrict administrator actions to the IP address of the local host, but does not provide additional authentication, which allows remote attackers to execute arbitrary code via a web page containing an HTTP POST request...

CVE-2008-2170

Unspecified vulnerability in Century routers allows remote attackers to cause a denial of service dropped session via crafted BGP UPDATE messages, leading to route flapping, possibly a related issue to CVE-2007-6372...

SonicWall SMA1000 SSRF Vulnerability

A Server-side request forgery SSRF vulnerability has been identified in the SMA1000 Appliance Work Place interface, which in specific conditions could potentially enable a remote unauthenticated attacker to cause the appliance to make requests to an unintended location.IMPORTANT: SonicWall PSIRT...

SUSE SLES15 Security Update : gnome-settings-daemon (SUSE-SU-2024:2170-1)

The remote SUSE Linux SLES15 / SLESSAP15 host has packages installed that are affected by a vulnerability as referenced in the SUSE-SU-2024:2170-1 advisory. - CVE-2024-38394: Fixed mismatches in interpreting USB authorization policy bsc1226423. Tenable has extracted the preceding description bloc...

Oracle Linux 9 : xorg-x11-server-Xwayland (ELSA-2024-2170)

The remote Oracle Linux 9 host has a package installed that is affected by multiple vulnerabilities as referenced in the ELSA-2024-2170 advisory. - Fix for CVE-2023-6377, CVE-2023-6478 Tenable has extracted the preceding description block directly from the Oracle Linux security advisory. Note tha...

RHEL 9 : xorg-x11-server-Xwayland (RHSA-2024:2170)

The remote Redhat Enterprise Linux 9 host has a package installed that is affected by multiple vulnerabilities as referenced in the RHSA-2024:2170 advisory. Xwayland is an X server for running X clients under Wayland. Security Fixes: xorg-x11-server: Out-of-bounds write in...

CVE-2024-2170 VK All in One Expansion Unit <= 9.96.0.1 - Authenticated (Contributor+) Stored Cross-Site Scripting via className

The VK All in One Expansion Unit plugin for WordPress is vulnerable to Stored Cross-Site Scripting via the child page index widget in all versions up to, and including, 9.96.0.1 due to insufficient input sanitization and output escaping on user supplied attributes such as 'className.' This makes ...

CVE-2024-2170 VK All in One Expansion Unit <= 9.96.0.1 - Authenticated (Contributor+) Stored Cross-Site Scripting via className

The VK All in One Expansion Unit plugin for WordPress is vulnerable to Stored Cross-Site Scripting via the child page index widget in all versions up to, and including, 9.96.0.1 due to insufficient input sanitization and output escaping on user supplied attributes such as 'className.' This makes ...

WordPress VK All in One Expansion Unit Plugin <= 9.96.0.1 is vulnerable to Cross Site Scripting (XSS)

Software VK All in One Expansion Unit Type Plugin Vulnerable versions = 9.96.0.1 Fixed in 9.97.0.0 OWASP Top 10 A7: Cross-Site Scripting XSS Classification Cross Site Scripting XSS CVE CVE-2024-2170 Patch priority Low CVSS severity Low 6.5 Developer Claim ownership PSID 26bb3cd6172a Credits Ngô...

WordPress TaxoPress Plugin < 3.6.5 is vulnerable to Cross Site Scripting (XSS)

Software TaxoPress Type Plugin Vulnerable versions 3.6.5 Fixed in 3.6.5 OWASP Top 10 A7: Cross-Site Scripting XSS Classification Cross Site Scripting XSS CVE CVE-2023-2170 Patch priority Low CVSS severity Low 5.9 Developer Claim ownership PSID 9dc71e1a8f8f Credits Ivan Kuzymchak Required privileg...

Debian: Security Advisory (DLA-233-1)

The remote host is missing an update for the Debian SPDX-FileCopyrightText: 2023 Greenbone AG Some text descriptions might be excerpted from a referenced sources, and are Copyright C by the respective right holders. SPDX-License-Identifier: GPL-2.0-only ifdescription...

SUSE CVE-2015-2170

The upx decoder in ClamAV before 0.98.7 allows remote attackers to cause a denial of service crash via a crafted file...

Security Bulletin: Security Vulnerabilities fixed in IBM WebSphere Application Server 8.0.0.4

Abstract Cross reference list for security vulnerabilities fixed in IBM WebSphere Application Server Fix Pack 8.0.0.4 Content VULNERABILITY DETAILS: CVE ID:CVE-2012-2170 PM56183 DESCRIPTION: WebSphere Application Server could allow a network attacker to obtain sensitive information, caused by...

CVE-2022-2170

creationtimestamp| type| source ---|---|--- 2022-08-01 16:16:53+00:00| seen| https://t.me/cibsecurity/47316...

CVE-2022-2170

CVE-2022-2170 affects the WordPress Microsoft Advertising Universal Event Tracking (UET) plugin prior to 1.0.4. The root cause is insufficient sanitisation/escaping of plugin settings, enabling stored XSS by high-privilege users (e.g., admins) and potentially leaking content to the front page. Re...

Rocky Linux 8 : glib2 (RLSA-2021:2170)

The remote Rocky Linux 8 host has packages installed that are affected by a vulnerability as referenced in the RLSA-2021:2170 advisory. - An issue was discovered in GNOME GLib before 2.66.6 and 2.67.x before 2.67.3. The function gbytesnew has an integer overflow on 64-bit platforms due to an...

Mageia: Security Advisory (MGASA-2015-0190)

The remote host is missing an update for the SPDX-FileCopyrightText: 2022 Greenbone AG Some text descriptions might be excerpted from a referenced sources, and are Copyright C by the respective right holders. SPDX-License-Identifier: GPL-2.0-only ifdescription...

mysql:8.0 security, bug fix, and enhancement update

An update is available for mecab-ipadic, mecab, mysql. This update affects Rocky Linux 8. A Common Vulnerability Scoring System CVSS base score, which gives a detailed severity rating, is available for each vulnerability from the CVE list MySQL is a multi-user, multi-threaded SQL database server...