EUVD-2020-30878

Nidesoft 3GP Video Converter 2.6.18 contains a local stack buffer overflow vulnerability in the license registration parameter. Attackers can craft a malicious payload and paste it into the 'License Code' field to execute arbitrary code on the system...

MiracleLinux 3 : kernel-2.6.18-128.7AXS3 (AXSA:2009-168:07)

The remote MiracleLinux 3 host has packages installed that are affected by multiple vulnerabilities as referenced in the AXSA:2009-168:07 advisory. The kernel package contains the Linux kernel vmlinuz, the core of any Linux operating system. The kernel handles the basic functions of the operating...

CVE-2025-32610

Cross-Site Request Forgery CSRF vulnerability in FolioVision Foliopress WYSIWYG foliopress-wysiwyg allows Cross Site Request Forgery.This issue affects Foliopress WYSIWYG: from n/a through = 2.6.18...

CVE-2025-32610

Cross-Site Request Forgery CSRF vulnerability in FolioVision Foliopress WYSIWYG foliopress-wysiwyg allows Cross Site Request Forgery.This issue affects Foliopress WYSIWYG: from n/a through = 2.6.18...

CVE-2025-32610 WordPress Foliopress WYSIWYG plugin <= 2.6.18 - CSRF to Stored XSS vulnerability

Cross-Site Request Forgery CSRF vulnerability in FolioVision Foliopress WYSIWYG foliopress-wysiwyg allows Cross Site Request Forgery.This issue affects Foliopress WYSIWYG: from n/a through = 2.6.18...

WordPress plugin Foliopress WYSIWYG 跨站请求伪造漏洞

WordPress and WordPress plugin are both products of the WordPress Foundation.WordPress is a blogging platform developed using the PHP language. The platform supports setting up personal blog sites on servers with PHP and MySQL.WordPress plugin is an application plugin. A cross-site request forger...

CVE-2024-39657

Cross-Site Request Forgery CSRF vulnerability in Sender Sender – Newsletter, SMS and Email Marketing Automation for WooCommerce.This issue affects Sender – Newsletter, SMS and Email Marketing Automation for WooCommerce: from n/a through 2.6.18...

WordPress plugin Sender 跨站请求伪造漏洞

WordPress and WordPress plugin are both products of the WordPress Foundation.WordPress is a blogging platform developed using the PHP language. The platform supports setting up personal blog sites on servers with PHP and MySQL.WordPress plugin is an application plugin. A cross-site request forger...

CVE-2024-39302

BigBlueButton is an open-source virtual classroom designed to help teachers teach and learners learn. An attacker may be able to exploit the overly elevated file permissions in the /usr/local/bigbluebutton/core/vendor/bundle/ruby/2.7.0/gems/resque-2.6.0 directory with the goal of privilege...

CVE-2024-39302 Some bbb-record-core files installed with wrong file permission

BigBlueButton is an open-source virtual classroom designed to help teachers teach and learners learn. An attacker may be able to exploit the overly elevated file permissions in the /usr/local/bigbluebutton/core/vendor/bundle/ruby/2.7.0/gems/resque-2.6.0 directory with the goal of privilege...

CVE-2024-38518 bbb-web API additional parameters considered

BigBlueButton is an open-source virtual classroom designed to help teachers teach and learners learn. An attacker with a valid join link to a meeting can trick BigBlueButton into generating a signed join link with additional parameters. One of those parameters may be "role=moderator", allowing an...

SUSE CVE-2010-2070

arch/ia64/xen/faults.c in Xen 3.4 and 4.0 in Linux kernel 2.6.18, and possibly other kernel versions, when running on IA-64 architectures, allows local users to cause a denial of service and "turn on BE by modifying the user mask of the PSR," as demonstrated via exploitation of CVE-2006-0742...

GSD-2023-1001407 hwrng: amd - Fix PCI device refcount leak

hwrng: amd - Fix PCI device refcount leak This is an automated ID intended to aid in discovery of potential security vulnerabilities. The actual impact and attack plausibility have not yet been proven. This ID is fixed in Linux Kernel version v5.10.163 by commit...

GSD-2022-1002514 jffs2: fix use-after-free in jffs2_clear_xattr_subsystem

jffs2: fix use-after-free in jffs2clearxattrsubsystem This is an automated ID intended to aid in discovery of potential security vulnerabilities. The actual impact and attack plausibility have not yet been proven. This ID is fixed in Linux Kernel version v4.9.311 by commit...

PYSEC-2019-2

A flaw was discovered in the way Ansible templating was implemented in versions before 2.6.18, 2.7.12 and 2.8.2, causing the possibility of information disclosure through unexpected variable substitution. By taking advantage of unintended variable substitution the content of any variable may be...

java-1.7.0-openjdk security update

1:1.7.0.221-2.6.18.0.0.1 - Update DISTRONAME in specfile 1:1.7.0.221-2.6.18.0 - Bump to 2.6.18 and OpenJDK 7u221-b02. - Resolves: rhbz1693468...

kernel security update

kernel - 2.6.18-419.0.0.0.2 - mm support large stack guard gap between vmas orabug 26366330...

kernel security update

kernel 2.6.18-419 - net dccp: Use AF-independent rebuildheader routine Hannes Frederic Sowa 1424751 - net dccp: fix freeing skb too early for IPV6RECVPKTINFO Hannes Frederic Sowa 1424633 CVE-2017-6074 - redhat kernel.spec.template: disable autoloading for dccp proto Hannes Frederic Sowa 1425177...

kernel security and bug fix update

kernel 2.6.18-417 - virt hv: do not lose pending heartbeat vmbus packets Vitaly Kuznetsov 1391167 - net Fix use after free in the recvmmsg exit path Davide Caratti 1390044 CVE-2016-7117...

kernel security and bug fix update

kernel 2.6.18-416 - mm Fix Privilege escalation via MAPPRIVATE Larry Woodman 1385112 CVE-2016-5195 2.6.18-415 - fs gfs2: Initialize atime of INEW inodes Andreas Grunbacher 1374861 - fs gfs2: Update file times after grabbing glock Andreas Grunbacher 1374861 - Revert: fs gfs2: Only refresh newer...