67 matches found
CLSA-2026-1777541282 glib2: Fix of 2 CVEs
CVE-2023-29499: fix GVariant offset table entry size which is not checked in isnormal. - CVE-2023-32636: remediate GVariant deserialisation timeout regression introduced by the CVE-2023-29499 fix. - Backported upstream MR 3126 22 commits from centos8.5els...
CVE-2024-3126
A command injection vulnerability exists in the 'runxttsapiserver' function of the parisneo/lollms-webui application, specifically within the 'lollmsxtts.py' script. The vulnerability arises due to the improper neutralization of special elements used in an OS command. The affected function utiliz...
CVE-2024-3126
A command injection vulnerability exists in the 'runxttsapiserver' function of the parisneo/lollms-webui application, specifically within the 'lollmsxtts.py' script. The vulnerability arises due to the improper neutralization of special elements used in an OS command. The affected function utiliz...
CVE-2024-3126
A command injection vulnerability exists in the 'runxttsapiserver' function of the parisneo/lollms-webui application, specifically within the 'lollmsxtts.py' script. The vulnerability arises due to the improper neutralization of special elements used in an OS command. The affected function utiliz...
CVE-2024-3126 Command Injection in parisneo/lollms-webui
A command injection vulnerability exists in the 'runxttsapiserver' function of the parisneo/lollms-webui application, specifically within the 'lollmsxtts.py' script. The vulnerability arises due to the improper neutralization of special elements used in an OS command. The affected function utiliz...
CVE-2024-3126 Command Injection in parisneo/lollms-webui
A command injection vulnerability exists in the 'runxttsapiserver' function of the parisneo/lollms-webui application, specifically within the 'lollmsxtts.py' script. The vulnerability arises due to the improper neutralization of special elements used in an OS command. The affected function utiliz...
CVE-2024-3126
CVE-2024-3126 concerns the parisneo/lollms-webui project, specifically the bug in the Python file lollms_xtts.py and the function run_xtts_api_server. The issue stems from constructing an OS command with a Python f-string and passing xtts_base_url to subprocess.Popen without adequate input saniti...
CVE-2023-3126
The CVE-2023-3126 entry concerns the WordPress plugin B2BKing . A missing capability check in the function b2bkingdownloadpricelist (affected versions: up to and including 4.6.00) allows authenticated users with subscriber/customer-level permissions to retrieve the site’s full product pricing lis...
WordPress B2BKing Plugin <= 4.6.00 is vulnerable to Broken Access Control
Software B2BKing Type Plugin Vulnerable versions = 4.6.00 Fixed in 4.6.20 OWASP Top 10 A5: Broken Access Control Classification Broken Access Control CVE CVE-2023-3126 Patch priority Medium CVSS severity Medium 4.3 Developer Claim ownership PSID e0410908e411 Credits Jerome Bruandet Required...
SUSE CVE-2007-3126
Gimp before 2.8.22 allows context-dependent attackers to cause a denial of service crash via an ICO file with an InfoHeader containing a Height of zero, a similar issue to CVE-2007-2237...
CVE-2022-3126
creationtimestamp| type| source ---|---|--- 2022-10-17 16:13:00+00:00| seen| https://t.me/cibsecurity/51559...
CVE-2022-3126
CVE-2022-3126 concerns the WordPress plugin Frontend File Manager (prior to version 21.4). The issue is a missing CSRF check during file uploads, enabling an attacker to cause a logged-in user to upload files on the attacker’s behalf. Documented impact is limited to file upload behavior with no b...
Debian: Security Advisory (DLA-3126-1)
The remote host is missing an update for the Debian SPDX-FileCopyrightText: 2022 Greenbone AG Some text descriptions might be excerpted from a referenced sources, and are Copyright C by the respective right holders. SPDX-License-Identifier: GPL-2.0-only ifdescription...
SUSE: Security Advisory (SUSE-SU-2020:3126-1)
The remote host is missing an update for the SPDX-FileCopyrightText: 2021 Greenbone AG Some text descriptions might be excerpted from a referenced sources, and are Copyright C by the respective right holders. SPDX-License-Identifier: GPL-2.0-only ifdescription...
SUSE SLES12 Security Update : ovmf (SUSE-SU-2020:3126-1)
This update for ovmf fixes the following issues : CVE-2019-14562: Fixed an overflow in DxeImageVerificationHandler bsc1175476. CVE-2019-14559: Fixed a memory leak in ArpOnFrameRcvdDpc bsc1163927. Note that Tenable Network Security has extracted the preceding description block directly from the SU...
CVE-2020-3126
Cisco Webex Meetings Multimedia Viewer vulnerability (CVE-2020-3126) allows an authenticated, remote attacker with the host role to bypass security warnings when viewing shared multimedia. The root cause is missing warning dialog boxes that should appear before a file is displayed; a former room ...
CVE-2018-3126
CVE-2018-3126 affects Oracle Retail Xstore Point of Service (Xenvironment) within Oracle Retail Applications. Affected versions are 15.0.2, 16.0.4 and 17.0.2. The vulnerability is difficult to exploit but, if exploited by a high-privilege attacker with network access via HTTP, it can lead to take...
WordPress < 3.1.3 Multiple Vulnerabilities
According to its self-reported version number, the WordPress application running on the remote web server is prior to 3.1.3. It is, therefore, affected by multiple unspecified vulnerabilities. Note that Nessus has not tested for these issues but has instead relied only on the application's...
Sublime Text Buffer Overflow Vulnerability
Sublime Text is a cross-platform, extensible text editor for code, markup, and more. A buffer overflow vulnerability exists in Sublime Text 3 Build 3126. The vulnerability can be exploited by an attacker to execute code with the help of specially crafted .mkv files...
Design/Logic Flaw
Sublime Text 3 Build 3126 allows user-assisted attackers to cause a denial of service or possibly have unspecified other impact via a crafted .mkv file. One threat model is a victim who obtains an untrusted crafted file from a remote location and issues several user-defined commands, as...