85 matches found
CVE-2026-27918 Windows Shell Elevation of Privilege Vulnerability
...
CVE-2025-27918
An issue was discovered in AnyDesk for Windows before 9.0.5, AnyDesk for macOS before 9.0.1, AnyDesk for Linux before 7.0.0, AnyDesk for iOS before 7.1.2, and AnyDesk for Android before 8.0.0. It has an integer overflow and resultant heap-based buffer overflow via a UDP packet during processing o...
CVE-2025-27918
creationtimestamp| type| source ---|---|--- 2025-11-06 17:28:49+00:00| seen| https://infosec.exchange/users/cR0w/statuses/115503931619214286...
Linux Distros Unpatched Vulnerability : CVE-2020-27918
The Linux/Unix host has one or more packages installed that are impacted by a vulnerability without a vendor supplied patch available. - A use after free issue was addressed with improved memory management. This issue is fixed in macOS Big Sur 11.0.1, watchOS 7.1, iOS 14.2 and iPadOS 14.2, iCloud...
Azure Linux 3.0 Security Update: golang / python-tensorboard (CVE-2021-27918)
The version of golang / python-tensorboard installed on the remote Azure Linux 3.0 host is prior to tested version. It is, therefore, affected by a vulnerability as referenced in the CVE-2021-27918 advisory. - encoding/xml in Go before 1.15.9 and 1.16.x before 1.16.1 has an infinite loop if a...
RHEL 8 : Release of OpenShift Serverless Client kn 1.16.0 (Moderate) (RHSA-2021:2704)
The remote Redhat Enterprise Linux 8 host has a package installed that is affected by multiple vulnerabilities as referenced in the RHSA-2021:2704 advisory. Red Hat OpenShift Serverless Client kn 1.16.0 provides a CLI to interact with Red Hat OpenShift Serverless 1.16.0. The kn CLI is delivered a...
NewStart CGSL MAIN 6.02 : webkit2gtk3 Multiple Vulnerabilities (NS-SA-2024-0053)
The remote NewStart CGSL host, running version MAIN 6.02, has webkit2gtk3 packages installed that are affected by multiple vulnerabilities: - A use-after-free issue was found in the AudioSourceProviderGStreamer class of WebKitGTK and WPE WebKit in versions prior to 2.30.5. Processing maliciously...
CVE-2021-27918 affecting package python-tensorboard for versions less than 2.16.2-2
CVE-2021-27918 affecting package python-tensorboard for versions less than 2.16.2-2. An upgraded version of the package is available that resolves this issue...
RHEL 7 : cli (Unpatched Vulnerability)
The remote Redhat Enterprise Linux 7 host has one or more packages installed that are affected by a vulnerability that has been acknowledged by the vendor but will not be patched. - golang: encoding/xml: infinite loop when using xml.NewTokenDecoder with a custom TokenReader CVE-2021-27918 Note th...
RHEL 8 : Release of OpenShift Serverless Client kn 1.17.0 (Moderate) (RHSA-2021:3555)
The remote Redhat Enterprise Linux 8 host has a package installed that is affected by multiple vulnerabilities as referenced in the RHSA-2021:3555 advisory. Red Hat OpenShift Serverless Client kn 1.17.0 provides a CLI to interact with Red Hat OpenShift Serverless 1.17.0. The kn CLI is delivered a...
CVE-2024-27918 Coder's OIDC authentication allows email with partially matching domain to register
Coder allows oragnizations to provision remote development environments via Terraform. Prior to versions 2.6.1, 2.7.3, and 2.8.4, a vulnerability in Coder's OIDC authentication could allow an attacker to bypass the CODEROIDCEMAILDOMAIN verification and create an account with an email not in the...
CVE-2024-27918
Coder’s CVE-2024-27918 describes an OIDC authentication flaw where the CODER_OIDC_EMAIL_DOMAIN verification can be bypassed, allowing registration/login with emails not on the allowlist when using public OIDC providers. Affected are Coder instances with OIDC enabled and domain-based allowlists, w...
CVE-2024-27918 Coder's OIDC authentication allows email with partially matching domain to register
Coder allows oragnizations to provision remote development environments via Terraform. Prior to versions 2.6.1, 2.7.3, and 2.8.4, a vulnerability in Coder's OIDC authentication could allow an attacker to bypass the CODEROIDCEMAILDOMAIN verification and create an account with an email not in the...
Coder's OIDC authentication allows email with partially matching domain to register
Summary A vulnerability in Coder's OIDC authentication could allow an attacker to bypass the CODEROIDCEMAILDOMAIN verification and create an account with an email not in the allowlist. Deployments are only affected if the OIDC provider allows users to create accounts on the provider such as publi...
Rocky Linux 8 : go-toolset:rhel8 (RLSA-2021:3076)
The remote Rocky Linux 8 host has packages installed that are affected by multiple vulnerabilities as referenced in the RLSA-2021:3076 advisory. - encoding/xml in Go before 1.15.9 and 1.16.x before 1.16.1 has an infinite loop if a custom TokenReader for xml.NewTokenDecoder returns EOF in the midd...
Important: webkitgtk4
Issue Overview: A logic issue was addressed with improved state management. CVE-2020-22592 A use after free issue was addressed with improved memory management. This issue is fixed in macOS Big Sur 11.0.1, watchOS 7.1, iOS 14.2 and iPadOS 14.2, iCloud for Windows 11.5, Safari 14.0.1, tvOS 14.2,...
Security Bulletin: Open Source Dependency Vulnerability
Summary IBM Edge Application Manager 4.5 has resolved the vulnerability. Vulnerability Details CVEID:CVE-2022-30633 DESCRIPTION: Golang Go is vulnerable to a denial of service, caused by an uncontrolled recursion flaw in Unmarshal in encoding/xml due to stack exhaustion. By parsing a...
CVE-2023-27918
Cross-site scripting vulnerability in Appointment and Event Booking Calendar for WordPress - Amelia versions prior to 1.0.76 allows a remote unauthenticated attacker to inject an arbitrary script by having a user who is logging in the WordPress where the product is installed visit a malicious URL...
CVE-2023-27918
The CVE-2023-27918 entry concerns a cross-site scripting (XSS) vulnerability in the WordPress plugin “Appointment and Event Booking Calendar for WordPress - Amelia.” Affected version range is Amelia prior to 1.0.76. The underlying issue is a failure to sanitize/escape user-controlled input, enabl...
CVE-2023-27918
Cross-site scripting vulnerability in Appointment and Event Booking Calendar for WordPress - Amelia versions prior to 1.0.76 allows a remote unauthenticated attacker to inject an arbitrary script by having a user who is logging in the WordPress where the product is installed visit a malicious URL...