CVE-2018-9338

In ResStringPool::setTo of ResourceTypes.cpp, there is a possible out of bounds write due to a missing bounds check. This could lead to local escalation of privilege with no additional execution privileges needed. User interaction is not needed for exploitation...

MINI-35JG-9338-87MM

Bulletin has no description...

CVE-2025-9338

creationtimestamp| type| source ---|---|--- 2025-11-06 08:23:56+00:00| seen| https://bsky.app/profile/cve.skyfleet.blue/post/3m4x56nfnm42q 2025-11-06 08:55:18+00:00| seen| https://bsky.app/profile/jos1264.social.skynetcloud.site.ap.brid.gy/post/3m4x6wmiqzsc2...

MAL-2025-9338 Malicious code in @sourceressj2001/eos-ipsa-repellat (npm)

The package @sourceressj2001/eos-ipsa-repellat was found to contain malicious code...

CVE-2018-9338

creationtimestamp| type| source ---|---|--- 2025-04-12 21:02:15+00:00| seen| https://bsky.app/profile/beikokucyber.bsky.social/post/3lmngl2s36z2t...

CVE-2018-9338

CVE-2018-9338 is an Android Framework vulnerability described in multiple sources as an out-of-bounds write in ResStringPool::setTo (ResourceTypes.cpp) caused by a missing bounds check. The issue can lead to local escalation of privilege with no user interaction required. Affected component is wi...

Rockwell Automation MicroLogix Incorrect Permission Assignment for Critical Resource (CVE-2016-9338)

An issue was discovered in Rockwell Automation Allen-Bradley MicroLogix 1100 controller 1763-L16AWA, Series A and B, Version 14.000 and prior versions; 1763-L16BBB, Series A and B, Version 14.000 and prior versions; 1763-L16BWA, Series A and B, Version 14.000 and prior versions; and 1763-L16DWD,...

CVE-2020-9338

SOPlanning 1.45 allows XSS via the "Your SoPlanning url" field...

CVE-2020-9338

CVE-2020-9338 affects SoPlanning 1.45, where an XSS flaw exists in the "+Your SoPlanning url+" field. Multiple connected sources confirm a cross-site scripting vulnerability in SoPlanning 1.45, enabling script execution when the vulnerable URL field is manipulated. The Attackerkb entry notes this...

CVE-2019-9338

CVE-2019-9338 affects Android 10 via the Media Framework libavc, where uninitialized data allows information disclosure. Impact is remote information disclosure with user interaction needed; exploit details are not provided. No patch/version is specified in the connected documents; refer to Andro...

CVE-2015-9338

CVE-2015-9338 affects the WordPress wp-file-upload plugin prior to version 2.5.0. The vulnerability arises from insufficient restrictions on uploading PHP files, allowing potentially harmful PHP uploads through the plugin. Affected product is the wp-file-upload plugin for WordPress; root cause is...

CVE-2017-9338

CVE-2017-9338 is an XSS vulnerability in ownCloud Server caused by inadequate escaping in the search module. Vulnerable are ownCloud Server versions prior to 8.2.12, 9.0.x prior to 9.0.10, 9.1.x prior to 9.1.6, and 10.0.x prior to 10.0.2. To exploit, a user must input malicious content into the s...

XSS in search dialogue - ownCloud

Inadequate escaping lead to XSS vulnerability in the search module. To be exploitable an user has to write or paste malicious content into the search dialogue. Affected Software ownCloud Server 10.0.2 CVE-2017-9338 ownCloud Server 9.1.6 CVE-2017-9338 ownCloud Server 9.0.10 CVE-2017-9338 ownCloud...

XSS in search dialogue - ownCloud

Inadequate escaping lead to XSS vulnerability in the search module. To be exploitable an user has to write or paste malicious content into the search dialogue. Affected Software ownCloud Server 10.0.2 CVE-2017-9338 ownCloud Server 9.1.6 CVE-2017-9338 ownCloud Server 9.0.10 CVE-2017-9338 ownCloud...

CVE-2016-9338

CVE-2016-9338 affects Rockwell Automation Allen‑Bradley MicroLogix 1100 controllers (1763-L16AWA/BBA/BWA/DWD, Series A/B, prior to firmware 15.000 for 1100 Series B; and related 1400 variants) due to an Incorrect Permission Assignment for a Critical Resource . This design flaw allows administrato...

CVE-2014-9338

CVE-2014-9338 concerns the WordPress plugin O2Tweet (versions 0.0.4 and earlier). The connected documents describe multiple CSRF vulnerabilities that allow remote attackers to hijack an administrator’s authentication for requests that trigger cross-site scripting (XSS) via the parameters o2t_user...