91 matches found
WordPress reCAPTCHA Jetpack Plugin <= 0.2.2 is vulnerable to Cross Site Request Forgery (CSRF)
Software reCAPTCHA Jetpack Type Plugin Vulnerable versions = 0.2.2 Fixed in N/A OWASP Top 10 A5: Broken Access Control Classification Cross Site Request Forgery CSRF CVE CVE-2024-3940 Patch priority Low CVSS severity Low 4.3 Developer Claim ownership PSID cb69d1ca95bb Credits Bob Matyas Required...
CVE-2024-3940 reCAPTCHA Jetpack <= 0.2.2 - Settings Update via CSRF
The reCAPTCHA Jetpack WordPress plugin through 0.2.2 does not have CSRF check in place when updating its settings, which could allow attackers to make a logged in admin change them via a CSRF attack...
K15685: Linux kernel vulnerability CVE-2014-3940
Security Advisory Description The Linux kernel through 3.14.5 does not properly consider the presence of hugetlb entries, which allows local users to cause a denial of service memory corruption or system crash by accessing certain memory locations, as demonstrated by triggering a race condition v...
CVE-2022-3940
creationtimestamp| type| source ---|---|--- 2022-11-13 05:39:15+00:00| seen| https://t.me/cibsecurity/52867...
CVE-2022-3940
A vulnerability, which was classified as problematic, was found in lanyulei ferry. This affects an unknown part of the file apis/process/task.go. The manipulation of the argument filename leads to path traversal. The associated identifier of this vulnerability is VDB-213447...
CVE-2022-3940 lanyulei ferry task.go path traversal
A vulnerability, which was classified as problematic, was found in lanyulei ferry. This affects an unknown part of the file apis/process/task.go. The manipulation of the argument filename leads to path traversal. The associated identifier of this vulnerability is VDB-213447...
CVE-2022-3940
CVE-2022-3940 affects lanyulei ferry; path traversal arises from manipulating the file_name argument in apis/process/task.go. Root cause is unknown portion exposure, with a high-severity CVSSv3.1 (3.1) base score 9.8 and critical impact on confidentiality, integrity, and availability. Multiple so...
SUSE: Security Advisory (SUSE-SU-2022:3940-1)
The remote host is missing an update for the SPDX-FileCopyrightText: 2022 Greenbone AG Some text descriptions might be excerpted from a referenced sources, and are Copyright C by the respective right holders. SPDX-License-Identifier: GPL-2.0-only ifdescription...
Ubuntu: Security Advisory (USN-3940-2)
The remote host is missing an update for the SPDX-FileCopyrightText: 2022 Greenbone AG Some text descriptions might be excerpted from a referenced sources, and are Copyright C by the respective right holders. SPDX-License-Identifier: GPL-2.0-only ifdescription...
CVE-2021-3940
CVE-2021-3940 is rejected/not used and does not represent an active vulnerability entry.
CVE-2021-3940
...
SUSE SLES15 Security Update : nodejs12 (SUSE-SU-2021:3940-1)
The remote SUSE Linux SLES15 host has packages installed that are affected by multiple vulnerabilities as referenced in the SUSE-SU-2021:3940-1 advisory. - CVE-2021-22959: Fixed HTTP Request Smuggling due to spaced in headers bsc1191601. - CVE-2021-22960: Fixed HTTP Request Smuggling when parsing...
SUSE: Security Advisory (SUSE-SU-2021:3940-1)
The remote host is missing an update for the SPDX-FileCopyrightText: 2021 Greenbone AG Some text descriptions might be excerpted from a referenced sources, and are Copyright C by the respective right holders. SPDX-License-Identifier: GPL-2.0-only ifdescription...
Oracle Linux 7 : openwsman (ELSA-2020-3940)
The remote Oracle Linux 7 host has packages installed that are affected by a vulnerability as referenced in the ELSA-2020-3940 advisory. 2.6.3-7.git4391e5c - Fix CVE-2019-3833 Resolves: 1677691 Tenable has extracted the preceding description block directly from the Oracle Linux security advisory...
CVE-2020-3940
CVE-2020-3940 affects VMware Workspace ONE SDK and dependent mobile applications. The root cause is improper handling of certificate verification failures when SSL Pinning is enabled, leading to a potential information disclosure. The CVSSv3.1 base score is 5.9 (confidentiality impact HIGH, no in...
Privilege Escalation
The kernel packages contain the Linux kernel, the core of any Linux operating system. A flaw was found in the way Linux kernel's Transparent Huge Pages THP implementation handled non-huge page migration. A local, unprivileged user could use this flaw to crash the kernel by migrating transparent...
Denial Of Service (DoS)
The kernel-rt packages contain the Linux kernel, the core of any Linux operating system. A flaw was found in the way the Linux kernel's futex subsystem handled the requeuing of certain Priority Inheritance PI futexes. A local, unprivileged user could use this flaw to escalate their privileges on...
Information Disclosure
The kernel-rt packages contain the Linux kernel, the core of any Linux operating system. A flaw was found in the way the Linux kernel's futex subsystem handled the requeuing of certain Priority Inheritance PI futexes. A local, unprivileged user could use this flaw to escalate their privileges on...
CVE-2019-3940
CVE-2019-3940 affects Advantech WebAccess 8.3.4. The vulnerability is a file upload issue via an unauthenticated RPC call, enabling a remote attacker to execute arbitrary code. No exploit details or remediation/version fix are provided in the supplied documents; impact is indicated as remote code...
Foxit PhantomPDF < 8.3.8 Multiple Vulnerabilities
According to its version, the Foxit PhantomPDF application formally known as Phantom installed on the remote Windows host is prior to 8.3.7. It is, therefore, affected by multiple arbitrary code execution and information disclosure vulnerabilities. C Tenable Network Security, Inc...