Lucene search
K

1307 matches found

ATTACKERKB
ATTACKERKB
added 2022/07/18 11:15 p.m.1 views

CVE-2022-34642

The component mcontrol.action in RISCV ISA Sim commit ac466a21df442c59962589ba296c702631e041b5 contains the incorrect mask which can cause a Denial of Service DoS...

5.5CVSS5.9AI score0.00213EPSS
Exploits1References2
Cvelist
Cvelist
added 2022/07/18 10:45 p.m.19 views

CVE-2022-34642

The component mcontrol.action in RISCV ISA Sim commit ac466a21df442c59962589ba296c702631e041b5 contains the incorrect mask which can cause a Denial of Service DoS...

5.7AI score0.00213EPSS
Exploits1References1
CNVD
CNVD
added 2022/06/01 12:0 a.m.13 views

WordPress Content Mask plugin has an unspecified vulnerability

WordPress and WordPress plugin are products of the WordPress Foundation. WordPress is a blogging platform developed using the PHP language. WordPress plugin is an application plug-in. A security vulnerability exists in versions of WordPress Content Mask plugin prior to 1.8.4.1. The vulnerability...

4.3CVSS2.3AI score0.01052EPSS
Exploits3References1
NVD
NVD
added 2022/05/30 9:15 a.m.25 views

CVE-2022-1203

The Content Mask WordPress plugin before 1.8.4.1 does not have authorisation and CSRF checks in various AJAX actions, as well as does not validate the option to be updated to ensure it belongs to the plugin. As a result, any authenticated user, such as subscriber could modify arbitrary blog optio...

4.3CVSS0.01052EPSS
Exploits3References1
OSV
OSV
added 2022/05/30 9:15 a.m.4 views

CVE-2022-1203

The Content Mask WordPress plugin before 1.8.4.1 does not have authorisation and CSRF checks in various AJAX actions, as well as does not validate the option to be updated to ensure it belongs to the plugin. As a result, any authenticated user, such as subscriber could modify arbitrary blog optio...

4.3CVSS5.9AI score
Exploits0References1
ATTACKERKB
ATTACKERKB
added 2022/05/30 9:15 a.m.4 views

CVE-2022-1203

The Content Mask WordPress plugin before 1.8.4.1 does not have authorisation and CSRF checks in various AJAX actions, as well as does not validate the option to be updated to ensure it belongs to the plugin. As a result, any authenticated user, such as subscriber could modify arbitrary blog optio...

4.3CVSS5.6AI score0.01052EPSS
Exploits3References3
CNNVD
CNNVD
added 2022/05/30 12:0 a.m.6 views

WordPress plugin Content Mask 安全漏洞

WordPress and WordPress plugin are products of the WordPress Foundation. WordPress is a blogging platform developed using the PHP language. WordPress plugin is an application plug-in. A security vulnerability exists in versions of WordPress Content Mask plugin prior to 1.8.4.1. The vulnerability...

4.3CVSS5.8AI score0.01052EPSS
Exploits3References3
Cvelist
Cvelist
added 2022/05/30 12:0 a.m.24 views

CVE-2022-1203 Content Mask < 1.8.4.1 - Subscriber+ Arbitrary Options Update

The Content Mask WordPress plugin before 1.8.4.1 does not have authorisation and CSRF checks in various AJAX actions, as well as does not validate the option to be updated to ensure it belongs to the plugin. As a result, any authenticated user, such as subscriber could modify arbitrary blog optio...

4.9AI score0.01052EPSS
Exploits3References1
CVE
CVE
added 2022/05/30 12:0 a.m.87 views

CVE-2022-1203

The CVE-2022-1203 issue affects the Content Mask WordPress plugin, prior to version 1.8.4.1. The root cause is missing authorization and CSRF checks in various AJAX actions, plus failure to validate the updated option belongs to the plugin, enabling any authenticated user (e.g., subscriber) to mo...

4.3CVSS4.5AI score0.01052EPSS
Exploits3References1Affected Software1
Github Security Blog
Github Security Blog
added 2022/05/24 10:0 p.m.22 views

Project Inheritance Plugin showed secret environment variables defined in Mask Passwords Plugin

Jenkins Project Inheritance Plugin 19.08.02 and earlier displayed a list of environment variables passed to a build without masking sensitive variables contributed by the Mask Passwords Plugin...

6.5CVSS6.6AI score0.01186EPSS
Exploits0References4Affected Software1
Github Security Blog
Github Security Blog
added 2022/05/24 4:52 p.m.18 views

Insertion of Sensitive Information into Log File in Jenkins Mask Passwords Plugin

Jenkins Mask Passwords Plugin 2.12.0 and earlier transmits globally configured passwords in plain text as part of the configuration form, potentially resulting in their exposure...

6.5CVSS1.4AI score0.01296EPSS
Exploits0References6Affected Software1
OSV
OSV
added 2022/05/24 4:52 p.m.24 views

GHSA-GP67-C7J2-2QG2 Insertion of Sensitive Information into Log File in Jenkins Mask Passwords Plugin

Jenkins Mask Passwords Plugin 2.12.0 and earlier transmits globally configured passwords in plain text as part of the configuration form, potentially resulting in their exposure...

6.5CVSS6.4AI score0.01296EPSS
Exploits0References6
RedhatCVE
RedhatCVE
added 2022/05/20 10:59 p.m.34 views

CVE-2018-5685

In GraphicsMagick 1.3.27, there is an infinite loop and application hang in the ReadBMPImage function coders/bmp.c. Remote attackers could leverage this vulnerability to cause a denial of service via an image file with a crafted bit-field mask value...

6.5CVSS4.1AI score0.01938EPSS
Exploits1References1
OSV
OSV
added 2022/05/10 2:15 p.m.4 views

CVE-2022-28896

A command injection vulnerability in the component /setnetworksettings/SubnetMask of D-Link DIR882 DIR882A1FW130B06 allows attackers to escalate privileges to root via a crafted payload...

9.8CVSS7.3AI score0.03598EPSS
Exploits1References2
Positive Technologies
Positive Technologies
added 2022/05/10 12:0 a.m.6 views

PT-2022-19298 · D Link · Dir-882

Name of the Vulnerable Software and Affected Versions: D-Link DIR882 version DIR882A1 FW130B06 Description: A command injection issue exists in the /setnetworksettings/SubnetMask component, allowing attackers to escalate privileges to root by sending a crafted payload. Recommendations: For versio...

10CVSS9.5AI score0.03598EPSS
Exploits1References3
WPVulnDB
WPVulnDB
added 2022/05/03 12:0 a.m.21 views

Content Mask < 1.8.4.1 - Subscriber+ Arbitrary Options Update

The plugin does not have authorisation and CSRF checks in various AJAX actions, as well as does not validate the option to be updated to ensure it belongs to the plugin. As a result, any authenticated user, such as subscriber could modify arbitrary blog options PoC POST /wp-admin/admin-ajax.php...

4.3CVSS1.4AI score0.01052EPSS
Exploits3Affected Software1
CNNVD
CNNVD
added 2022/05/03 12:0 a.m.5 views

GitLab 信息泄露漏洞

GitLab Enterprise Edition EE and GitLab Community Edition CE are both products of GitLab, Inc. GitLab Enterprise Edition is a content management system. GitLab Community Edition is a community edition of GitLab. An information disclosure vulnerability exists in Gitlab Community Edition versions...

7.5CVSS7.3AI score0.00867EPSS
Exploits0References5
wpexploit
wpexploit
added 2022/05/03 12:0 a.m.103 views

Content Mask < 1.8.4.1 - Subscriber+ Arbitrary Options Update

The plugin does not have authorisation and CSRF checks in various AJAX actions, as well as does not validate the option to be updated to ensure it belongs to the plugin. As a result, any authenticated user, such as subscriber could modify arbitrary blog options POST /wp-admin/admin-ajax.php...

4.3CVSS0.6AI score0.01052EPSS
Exploits3
Patchstack
Patchstack
added 2022/05/03 12:0 a.m.26 views

WordPress Content Mask plugin <= 1.8.4 - Arbitrary Options Update vulnerability

Arbitrary Options Update vulnerability discovered by ptsfence in WordPress Content Mask plugin versions = 1.8.4. Solution Update the WordPress Content Mask plugin to the latest available version at least 1.8.4.1...

4.3CVSS3.2AI score0.01052EPSS
Exploits3References3Affected Software1
OSV
OSV
added 2022/04/24 10:36 p.m.6 views

GSD-2022-1002349 af_netlink: Fix shift out of bounds in group mask calculation

afnetlink: Fix shift out of bounds in group mask calculation This is an automated ID intended to aid in discovery of potential security vulnerabilities. The actual impact and attack plausibility have not yet been proven. This ID is fixed in Linux Kernel version v4.19.238 by commit...

7.2AI score
Exploits0
Rows per page
Query Builder