Lucene search
K

381 matches found

CNNVD
CNNVD
added 2022/01/24 12:0 a.m.3 views

WordPress plugin 跨站脚本漏洞

WordPress is a set of blogging platforms developed by the WordPress Wordpress Foundation using the PHP language. The platform supports setting up personal blogging sites on servers with PHP and MySQL. A cross-site scripting vulnerability exists in versions of the Backup and Staging by WP Time...

6.1CVSS5.7AI score0.00887EPSS
Exploits2References3
RedHat Linux
RedHat Linux
added 2022/01/19 2:43 p.m.108 views

Moderate: Red Hat Security Advisory: Satellite 6.10.2 Async Bug Fix Update

Updated Satellite 6.10 packages that fix several bugs are now available for Red Hat Satellite. Red Hat Satellite is a system management solution that allows organizations to configure and maintain their systems without the necessity to provide public Internet access to their servers or other clie...

6.2CVSS6.7AI score0.01777EPSS
Exploits1References9
OSV
OSV
added 2022/01/07 12:1 a.m.0 views

GHSA-8RH6-H94M-VJ54 Incorrect Comparison in cvxopt

Incomplete string comparison vulnerability exits in cvxopt.org cvxop = 1.2.6 in APIs cvxopt.cholmod.diag, cvxopt.cholmod.getfactor, cvxopt.cholmod.solve, cvxopt.cholmod.spsolve, which allows attackers to conduct Denial of Service attacks by construct fake Capsule objects...

8.7CVSS5.9AI score0.01184EPSS
Exploits1References7
Github Security Blog
Github Security Blog
added 2022/01/07 12:1 a.m.31 views

Incorrect Comparison in cvxopt

Incomplete string comparison vulnerability exits in cvxopt.org cvxop = 1.2.6 in APIs cvxopt.cholmod.diag, cvxopt.cholmod.getfactor, cvxopt.cholmod.solve, cvxopt.cholmod.spsolve, which allows attackers to conduct Denial of Service attacks by construct fake Capsule objects...

7.5CVSS5.5AI score0.01184EPSS
Exploits1References6Affected Software1
Patchstack
Patchstack
added 2021/12/21 12:0 a.m.28 views

WordPress Backup and Staging by WP Time Capsule plugin <= 1.22.6 - Reflected Cross-Site Scripting (XSS) vulnerability

Reflected Cross-Site Scripting XSS vulnerability discovered by Jeremie Amsellem in WordPress Backup and Staging by WP Time Capsule plugin versions = 1.22.6. Solution Update the WordPress Backup and Staging by WP Time Capsule plugin to the latest available version at least 1.22.7...

6.1CVSS2.4AI score0.00887EPSS
Exploits2References3Affected Software1
WPVulnDB
WPVulnDB
added 2021/12/21 12:0 a.m.24 views

Backup and Staging by WP Time Capsule < 1.22.7 - Reflected Cross-Site Scripting

The plugin does not sanitise and escape the error parameter before outputting it back in an admin page, leading to a Reflected Cross-Site Scripting PoC Once the "Server Requirements" are passed in the initial setup process you can bypass the check for localhosts by editing the islocalhost functio...

6.1CVSS6.2AI score0.00887EPSS
Exploits2References1Affected Software1
OSV
OSV
added 2021/12/17 9:15 p.m.1 views

DEBIAN-CVE-2021-41500

Incomplete string comparison vulnerability exits in cvxopt.org cvxop = 1.2.6 in APIs cvxopt.cholmod.diag, cvxopt.cholmod.getfactor, cvxopt.cholmod.solve, cvxopt.cholmod.spsolve, which allows attackers to conduct Denial of Service attacks by construct fake Capsule objects...

7.5CVSS7.3AI score0.01184EPSS
Exploits1References1
Prion
Prion
added 2021/12/17 9:15 p.m.16 views

Design/Logic Flaw

Incomplete string comparison vulnerability exits in cvxopt.org cvxop = 1.2.6 in APIs cvxopt.cholmod.diag, cvxopt.cholmod.getfactor, cvxopt.cholmod.solve, cvxopt.cholmod.spsolve, which allows attackers to conduct Denial of Service attacks by construct fake Capsule objects...

5CVSS7.4AI score0.01184EPSS
Exploits1References2Affected Software2
UbuntuCve
UbuntuCve
added 2021/12/17 9:15 p.m.20 views

CVE-2021-41500

Incomplete string comparison vulnerability exits in cvxopt.org cvxop = 1.2.6 in APIs cvxopt.cholmod.diag, cvxopt.cholmod.getfactor, cvxopt.cholmod.solve, cvxopt.cholmod.spsolve, which allows attackers to conduct Denial of Service attacks by construct fake Capsule objects...

7.5CVSS7.1AI score0.01184EPSS
Exploits1References2
PyPA
PyPA
added 2021/12/17 9:15 p.m.6 views

PYSEC-2021-870

Incomplete string comparison vulnerability exits in cvxopt.org cvxop = 1.2.6 in APIs cvxopt.cholmod.diag, cvxopt.cholmod.getfactor, cvxopt.cholmod.solve, cvxopt.cholmod.spsolve, which allows attackers to conduct Denial of Service attacks by construct fake Capsule objects...

7.5CVSS6.9AI score0.01184EPSS
Exploits1References3Affected Software1
OSV
OSV
added 2021/12/17 9:15 p.m.1 views

UBUNTU-CVE-2021-41500

Incomplete string comparison vulnerability exits in cvxopt.org cvxop = 1.2.6 in APIs cvxopt.cholmod.diag, cvxopt.cholmod.getfactor, cvxopt.cholmod.solve, cvxopt.cholmod.spsolve, which allows attackers to conduct Denial of Service attacks by construct fake Capsule objects...

7.5CVSS5.8AI score0.01184EPSS
Exploits1References3
OSV
OSV
added 2021/12/17 9:15 p.m.2 views

PYSEC-2021-870

Incomplete string comparison vulnerability exits in cvxopt.org cvxop = 1.2.6 in APIs cvxopt.cholmod.diag, cvxopt.cholmod.getfactor, cvxopt.cholmod.solve, cvxopt.cholmod.spsolve, which allows attackers to conduct Denial of Service attacks by construct fake Capsule objects...

7.5CVSS5.9AI score0.01184EPSS
Exploits1References3
Cvelist
Cvelist
added 2021/12/17 8:44 p.m.18 views

CVE-2021-41500

Incomplete string comparison vulnerability exits in cvxopt.org cvxop = 1.2.6 in APIs cvxopt.cholmod.diag, cvxopt.cholmod.getfactor, cvxopt.cholmod.solve, cvxopt.cholmod.spsolve, which allows attackers to conduct Denial of Service attacks by construct fake Capsule objects...

7.6AI score0.01184EPSS
Exploits1References2
Debian CVE
Debian CVE
added 2021/12/17 8:44 p.m.13 views

CVE-2021-41500

Incomplete string comparison vulnerability exits in cvxopt.org cvxop = 1.2.6 in APIs cvxopt.cholmod.diag, cvxopt.cholmod.getfactor, cvxopt.cholmod.solve, cvxopt.cholmod.spsolve, which allows attackers to conduct Denial of Service attacks by construct fake Capsule objects...

7.5CVSS7.3AI score0.01184EPSS
Exploits1
CNNVD
CNNVD
added 2021/12/17 12:0 a.m.3 views

Cvxopt 安全漏洞

Cvxopt is a freeware package for convex optimization based on the Python programming language. cvxopt A security vulnerability exists in cvxop 1.2.6 and earlier versions, which stems from incomplete string comparisons in the API. An attacker can use this vulnerability to conduct a denial of servi...

7.5CVSS7.3AI score0.01184EPSS
Exploits1References4
Positive Technologies
Positive Technologies
added 2021/12/17 12:0 a.m.3 views

PT-2021-23314 · Cvxopt +2 · Cvxopt +2

Name of the Vulnerable Software and Affected Versions: cvxopt version 1.2.6 and earlier Description: The issue is related to an incomplete string comparison vulnerability in certain APIs, specifically cvxopt.cholmod.diag, cvxopt.cholmod.getfactor, cvxopt.cholmod.solve, and cvxopt.cholmod.spsolve...

8.7CVSS6.5AI score0.01184EPSS
Exploits1References22
OSV
OSV
added 2021/11/23 8:15 p.m.1 views

CVE-2021-24877

The MainWP Child WordPress plugin before 4.1.8 does not validate the orderby and order parameter before using them in a SQL statement, leading to an SQL injection exploitable by high privilege users such as admin when the Backup and Staging by WP Time Capsule plugin is installed...

7.2CVSS5.8AI score0.01238EPSS
Exploits2References1
NVD
NVD
added 2021/11/23 8:15 p.m.11 views

CVE-2021-24877

The MainWP Child WordPress plugin before 4.1.8 does not validate the orderby and order parameter before using them in a SQL statement, leading to an SQL injection exploitable by high privilege users such as admin when the Backup and Staging by WP Time Capsule plugin is installed...

7.2CVSS0.01238EPSS
Exploits2References1
Prion
Prion
added 2021/11/23 8:15 p.m.13 views

Sql injection

The MainWP Child WordPress plugin before 4.1.8 does not validate the orderby and order parameter before using them in a SQL statement, leading to an SQL injection exploitable by high privilege users such as admin when the Backup and Staging by WP Time Capsule plugin is installed...

6CVSS7.1AI score0.01238EPSS
Exploits2References1Affected Software1
Cvelist
Cvelist
added 2021/11/23 7:16 p.m.20 views

CVE-2021-24877 MainWP Child < 4.1.8 - Admin+ SQL Injection

The MainWP Child WordPress plugin before 4.1.8 does not validate the orderby and order parameter before using them in a SQL statement, leading to an SQL injection exploitable by high privilege users such as admin when the Backup and Staging by WP Time Capsule plugin is installed...

7.4AI score0.01238EPSS
Exploits2References1
Rows per page
Query Builder