CVE-2024-3178

Concrete CMS versions 9 below 9.2.8 and versions below 8.5.16 are vulnerable to Cross-site Scripting XSS in the Advanced File Search Filter. Prior to the fix, a rogue administrator could add malicious code in the file manager because of insufficient validation of administrator provided data. All...

CVE-2024-3179 Concrete CMS version 9 before 9.2.8 and previous versions before 8.5.16 are vulnerable to Stored XSS in the Custom Class page

Concrete CMS version 9 before 9.2.8 and previous versions before 8.5.16 are vulnerable to Stored XSS in the Custom Class page editing. Prior to the fix, a rogue administrator could insert malicious code in the custom class field due to insufficient validation of administrator provided data. The...

Out of Bounds Write Vulnerability in Huawei CloudEngine Product (huawei-sa-20210519-01-cloudengine)

There is an out of bounds write vulnerability in some Huawei products. SPDX-FileCopyrightText: 2023 Greenbone AG Some text descriptions might be excerpted from a referenced sources, and are Copyright C by the respective right holders. SPDX-License-Identifier: GPL-2.0-only ifdescription...

CVE-2018-2815

CVE-2018-2815 is a deserialization flaw in Oracle Java SE, Java SE Embedded, and JRockit (Serialization component) that can be exploited over network without authentication to cause a partial denial of service. Affected are Java SE 6u181, 7u171, 8u162, 10; Java SE Embedded 8u161; JRockit R28.3.17...