225 matches found
CVE-2024-11992
CVE-2024-11992 concerns Quick.CMS v6.7. The vulnerability is an absolute path traversal in admin.php reachable via the aDirFiles%5B0%5D parameter, allowing remote attackers to bypass restrictions and download files outside the document root if permissions exist, and potentially delete server file...
Security Bulletin: IBM Master Data Management may provide weaker than expected security due to OpenSSL through a carry propogation flaw (CVE-2021-4160)
Summary IBM Master Data Management v11.6, and v12.0 are vulnerable to a carry propogation flaw found in OpenSSL. OpenSSL could provide weaker than expected security, caused by a carry propagation flaw in the MIPS32 and MIPS64 squaring procedure. An attacker could exploit this vulnerability to...
RHSA-2020:1454 Red Hat Security Advisory: Satellite 6.7 release.
Bulletin has no description...
WordPress plugin ARMember Premium security vulnerability
WordPress and WordPress plugin are both products of the WordPress Foundation.WordPress is a blogging platform developed using the PHP language. The platform supports setting up personal blog sites on servers with PHP and MySQL.WordPress plugin is an application plugin. A security vulnerability...
OPENSUSE-SU-2024:10630-1 arc-5.21q-6.7 on GA media
These are all security issues fixed in the arc-5.21q-6.7 package on the GA media of openSUSE Tumbleweed...
Minor update (7) for Vivaldi Desktop Browser 6.7
Download Vivaldi The following improvements were made since the sixth 6.7 minor update: Chromium Upgraded 124.0.6367.236 CVE-2024-5274: NB. Chromium updates may include security enhancements or fixes, crash fixes, or website compatibility updates. Main photo byRuarí Ødegaard...
CVE-2024-36048
QAbstractOAuth in Qt Network Authorization in Qt before 5.15.17, 6.x before 6.2.13, 6.3.x through 6.5.x before 6.5.6, and 6.6.x through 6.7.x before 6.7.1 uses only the time to seed the PRNG, which may result in guessable values...
Security advisory: QStringConverter
QStringConverter has an invalid pointer being passed as a callback which can allow modification of the stack and has been assigned the CVE id CVE-2024-33861. Qt itself is not vulnerable to remote attack however an application using QStringDecoder either directly or indirectly can be vulnerable...
DEBIAN-CVE-2024-25111
Squid is a web proxy cache. Starting in version 3.5.27 and prior to version 6.8, Squid may be vulnerable to a Denial of Service attack against HTTP Chunked decoder due to an uncontrolled recursion bug. This problem allows a remote attacker to cause Denial of Service when sending a crafted, chunke...
Intel® PM Software Advisory
Summary: A potential security vulnerability in some Intel® Performance Maximizer PM software may allow escalation of privilege. Intel is not releasing updates to mitigate this potential vulnerability and has issued a Product Discontinuation Notice for Intel® PM. Vulnerability Details: CVEID:...
WordPress Formidable Forms Plugin <= 6.7 is vulnerable to Content Injection
Software Formidable Forms Type Plugin Vulnerable versions = 6.7 Fixed in 6.7.1 OWASP Top 10 A3: Injection Classification Content Injection CVE CVE-2024-23522 Patch priority Medium CVSS severity Medium 5.3 Developer Claim ownership PSID b82c61d4e6f0 Credits Revan Arifio Required privilege...
CVE-2024-0429
A denial service vulnerability has been found on Hex Workshop affecting version 6.7, an attacker could send a command line file arguments and control the Structured Exception Handler SEH records resulting in a service shutdown...
Denial of service
A denial service vulnerability has been found on Hex Workshop affecting version 6.7, an attacker could send a command line file arguments and control the Structured Exception Handler SEH records resulting in a service shutdown...
CVE-2024-0429 Buffer overflow vulnerability on Hex Workshop
A denial service vulnerability has been found on Hex Workshop affecting version 6.7, an attacker could send a command line file arguments and control the Structured Exception Handler SEH records resulting in a service shutdown...
WordPress Formidable Forms Plugin <= 6.7 is vulnerable to Cross Site Scripting (XSS)
Software Formidable Forms Type Plugin Vulnerable versions = 6.7 Fixed in 6.7.1 OWASP Top 10 A7: Cross-Site Scripting XSS Classification Cross Site Scripting XSS CVE CVE-2023-6842 Patch priority Low CVSS severity Low 5.9 Developer Claim ownership PSID 9bd3f7b9f18e Credits drop Required privilege...
Intel® Server Information Retrieval Utility Software Advisory
Summary: A potential security vulnerability in some Intel® Server Information Retrieval Utility software may allow escalation of privilege. Intel is releasing software updates to mitigate this potential vulnerability. Vulnerability Details: CVEID: CVE-2023-27513 Description: Uncontrolled search...
CVE-2023-45498
VinChin Backup & Recovery v5.0., v6.0., v6.7., and v7.0. was discovered to contain a command injection vulnerability...
Vinchin Backup and Recovery Security Vulnerabilities
Vinchin Backup and Recovery is an easy-to-use, safe and reliable virtual machine data protection software from China Yunqi Technology Vinchin. It is used for backup and recovery. A security vulnerability exists in Vinchin Backup and Recovery that stems from the presence of a command injection...
Cross site scripting
Cross-site scripting XSS vulnerability in opensolution Quick CMS v.6.7 allows a local attacker to execute arbitrary code via a crafted script to the Backend - Dashboard parameter in the Languages Menu component...
PT-2023-28795 · Opensolution · Opensolution Quick Cms
Name of the Vulnerable Software and Affected Versions: opensolution Quick CMS version 6.7 Description: A cross-site scripting XSS issue allows a local attacker to execute arbitrary code via a crafted script to the Backend - Dashboard parameter in the Languages Menu component. This enables the...