77 matches found
AZL-50516 CVE-2024-21166 affecting package mysql for versions less than 8.0.40-1
Vulnerability in the MySQL Server product of Oracle MySQL component: InnoDB. Supported versions that are affected are 8.0.36 and prior and 8.3.0 and prior. Difficult to exploit vulnerability allows high privileged attacker with network access via multiple protocols to compromise MySQL Server...
PT-2024-18761 · Samsung · Samsung Data Store
Name of the Vulnerable Software and Affected Versions: Samsung Data Store versions prior to 5.3.00.4 Description: The issue is related to improper access control in Samsung Data Store, allowing local attackers to launch arbitrary activities with the privilege of Samsung Data Store. Recommendation...
CVE-2023-0582
Improper Limitation of a Pathname to a Restricted Directory 'Path Traversal' vulnerability in ForgeRock Access Management allows Authorization Bypass. This issue affects access management: before 7.3.0, before 7.2.1, before 7.1.4, through 7.0.2...
Mattermost Security Vulnerabilities
Mattermost is an open source collaboration platform from Mattermost, Inc. in the United States. A security vulnerability exists in Mattermost versions 8.1.x through prior to 8.1.9, 9.2.x through prior to 9.2.5, and 9.3.0, which stems from an inability to clean up metadata on posts containing...
Asp.Net Zero Security Vulnerability
Asp.Net Zero is an open source web development framework. A security vulnerability exists in Asp.Net Zero versions prior to 12.3.0, which stems from messages being transmitted over websocket, and can be exploited by an attacker to inject HTML into a user's message, redirecting the intended victim...
CVE-2023-48697 Azure RTOS USBX Remote Code Execution Vulnerability
Azure RTOS USBX is a USB host, device, and on-the-go OTG embedded stack, that is fully integrated with Azure RTOS ThreadX. An attacker can cause remote code execution due to memory buffer and pointer vulnerabilities in Azure RTOS USBX. The affected components include functions/processes in...
Azure RTOS NetX Duo Security Vulnerability
Azure RTOS NetX Duo is an advanced, industry-grade TCP/IP networking stack open-sourced by Azure RTOS. A security vulnerability exists in Azure RTOS NetX Duo versions prior to 6.3.0 that stems from the presence of a memory overflow vulnerability, which could be exploited by an attacker to cause...
CVE-2023-46820
Exposure of Sensitive Information to an Unauthorized Actor vulnerability in Iulia Cazan Image Regenerate & Select Crop.This issue affects Image Regenerate & Select Crop: from n/a through 7.3.0...
CVE-2020-36755
The Customizr theme for WordPress is vulnerable to Cross-Site Request Forgery in versions up to, and including, 4.3.0. This is due to missing or incorrect nonce validation on the czrfnpostfieldssave function. This makes it possible for unauthenticated attackers to post fields via a forged request...
WordPress plugin Tutor LMS cross-site scripting vulnerability
WordPress and WordPress plugin are both products of the WordPress Foundation.WordPress is a blogging platform developed using the PHP language. WordPress plugin is an application plugin that supports personal blog sites on servers running PHP and MySQL. A cross-site scripting vulnerability exists...
Adobe Substance 3D Painter 缓冲区错误漏洞
Adobe Substance 3D Painter is a 3D texturing application from the American company Audobee Adobe. An out-of-bounds write vulnerability exists in Adobe Substance 3D Painter 8.3.0 and earlier versions, which can be exploited by an attacker to execute code in the current user's context...
WordPress plugin Metform Elementor Contact Form Builder 跨站脚本漏洞
WordPress and WordPress plugin are both products of the WordPress Foundation.WordPress is a blogging platform developed using the PHP language. The platform supports personal blog sites on servers with PHP and MySQL.WordPress plugin is an application plugin. A cross-site scripting vulnerability...
PT-2023-15436 · Unknown · Quantumcloud Ai Chatbot Plugin
Name of the Vulnerable Software and Affected Versions: QuantumCloud AI ChatBot plugin versions prior to 4.3.0 Description: The issue is related to a Stored Cross-Site Scripting XSS vulnerability that requires authentication with admin+ privileges. Recommendations: For versions prior to 4.3.0,...
CVE-2023-23296
Korenix JetWave 4200 Series 1.3.0 and JetWave 3200 Series 1.6.0 are vulnerable to Denial of Service via /goform/formDefault...
CVE-2023-26214
The BusinessConnect UI component of TIBCO Software Inc.'s TIBCO BusinessConnect contains easily exploitable Reflected Cross Site Scripting XSS vulnerabilities that allow a low privileged attacker with network access to execute scripts targeting the affected system or the victim's local system...
libtiff: heap buffer overflow in extractImageSection
A heap buffer overflow in ExtractImageSection function in tiffcrop.c in libtiff library Version 4.3.0 allows attacker to trigger unsafe or out of bounds memory access via crafted TIFF image file which could result into application crash, potential information disclosure or any other...
Veritas NetBackup 安全漏洞
Veritas NetBackup is a storage service from Veritas, Inc. that is used to provide backup and recovery capabilities for enterprise environments. The software supports ransomware detection and backup protection of environmental data such as metadata and virtual environments. A security vulnerabilit...
EIPStackGroup OpENer 缓冲区错误漏洞
EIPStackGroup OpENer is a software from the EIPStackGroup organization for providing EtherNet/IP stacking functionality to IO adapter devices . A buffer error vulnerability exists in EIPStackGroup OpENer version v2.3.0, which stems from the discovery of a stack overflow contained via...
Pure Storage FlashBlade 和 FlashArray 安全漏洞
Pure Storage FlashArray and Pure Storage FlashBlade are both products of Pure Storage, Inc. the Pure Storage FlashArray is an all QLC flash storage array. the Pure Storage FlashBlade is a consolidated storage platform for file and object Pure Storage FlashBlade is a consolidated storage platform...
XXL-JOB 跨站脚本漏洞
XXL-JOB is a java-based distributed task scheduling platform from the XXL XXL-JOB community. xxl-job version 2.3.0 is vulnerable to a cross-site scripting vulnerability. An attacker can exploit this vulnerability to execute JavaScript programs...