1139 matches found
CVE-2023-48415
In Init of protocolembmsadapter.cpp, there is a possible out of bounds read due to a missing bounds check. This could lead to local information disclosure with no additional execution privileges needed. User interaction is not needed for exploitation...
Out-of-bounds
In ProtocolMiscCarrierConfigSimInfoIndAdapter of protocolmiscadapter.cpp, there is a possible out of bounds read due to a missing bounds check. This could lead to remote information disclosure with no additional execution privileges needed. User interaction is not needed for exploitation...
CVE-2023-21263
In OSMMapPMRGeneric of pmros.c, there is a possible out of bounds write due to an uncaught exception. This could lead to local escalation of privilege in the kernel with no additional execution privileges needed. User interaction is not needed for exploitation...
CVE-2023-42733
In telephony service, there is a possible missing permission check. This could lead to local information disclosure with no additional execution privileges needed...
CVE-2023-42705
In imsservice, there is a possible way to write permission usage records of an app due to a missing permission check. This could lead to local information disclosure with no additional execution privileges needed...
ASB-A-281061287
In forceReplaceShortcutInner of ShortcutPackage.java, there is a possible way to register unlimited packages due to a missing bounds check. This could lead to local denial of service which results in a boot loop with no additional execution privileges needed. User interaction is not needed for...
Chamilo LMS Security Vulnerability
Chamilo LMS is an open source online learning and collaboration system from the Chamilo Association. The system supports the creation of instructional content, distance training, and online question and answer sessions. A security vulnerability exists in Chamilo LMS v1.11.20 and earlier versions,...
CVE-2023-6303
A vulnerability was found in CSZCMS 1.3.0. It has been classified as problematic. This affects an unknown part of the file /admin/settings/ of the component Site Settings Page. The manipulation of the argument Additional Meta Tag with the input leads to cross site scripting. It is possible to...
PT-2023-32603 · Csz Cms · Csz Cms
Name of the Vulnerable Software and Affected Versions: CSZCMS version 1.3.0 Description: A problematic issue has been found, affecting the Site Settings Page component, specifically the /admin/settings/ part of the file. The manipulation of the Additional Meta Tag argument with the input leads to...
Flatsome < 3.17.6 - Unauthenticated PHP Object Injection
Description The Flatsome theme for WordPress is vulnerable to PHP Object Injection in versions up to, and including, 3.17.5 via deserialization of untrusted input. This allows unauthenticated attackers to inject a PHP Object. If a POP chain is present via an additional plugin or theme installed o...
Clear Text Credentials Exposure
Nautobot Device Onboarding is vulnerable to Clear Text Credentials Exposure. The vulnerability is due to credentials being visible via the Job Results view under the Additional Data tab as arguments for Celery Task execution when creating an OnboardingTask. As a result the attacker is exposed to...
CVE-2023-46096
A vulnerability has been identified in SIMATIC PCS neo All versions V4.1. The PUD Manager of affected products does not properly authenticate users in the PUD Manager web service. This could allow an unauthenticated adjacent attacker to generate a privileged token and upload additional documents...
CVE-2023-47690 WordPress Additional Order Filters for WooCommerce Plugin <= 1.10 is vulnerable to Cross Site Scripting (XSS)
Unauth. Reflected Cross-Site Scripting XSS vulnerability in Anton Bond Additional Order Filters for WooCommerce plugin = 1.10 versions...
CVE-2023-47690
CVE-2023-47690 is a publicly disclosed unauthenticated Reflected Cross-Site Scripting (XSS) vulnerability in the WordPress plugin Additional Order Filters for WooCommerce. Affected versions are
PT-2023-30570 · WordPress · Anton Bond Additional Order Filters For Woocommerce
Name of the Vulnerable Software and Affected Versions: Anton Bond Additional Order Filters for WooCommerce plugin versions = 1.10 Description: The issue is an Unauth. Reflected Cross-Site Scripting XSS vulnerability. This means that an attacker can inject malicious scripts into a website,...
WordPress Plugin Additional Order Filters for WooCommerce Security Vulnerability
WordPress and WordPress plugin are both products of the WordPress Foundation.WordPress is a blogging platform developed using the PHP language. The platform supports personal blog sites on PHP and MySQL servers.WordPress plugin is an application plugin. A security vulnerability exists in WordPres...
PT-2023-24647 · Pascal Casier · Bbpress Toolkit Plugin
Name of the Vulnerable Software and Affected Versions: Pascal Casier bbPress Toolkit plugin versions 1.0.12 and earlier Description: The issue is a Cross-Site Request Forgery CSRF vulnerability. This means an attacker can trick a user into performing unintended actions on a web application that t...
MAL-2023-8479 Malicious code in rb-seatlayout-canvas (npm)
--- -= Per source details. Do not edit below this line.=- Source: ghsa-malware ab7073e8386662ab584a412e7d011050e505dea8df14c0e5273606bf0a823ae1 Any computer that has this package installed or running should be considered fully compromised. All secrets and keys stored on that computer should be...
PT-2023-9207 · Frrouting +10 · Frrouting +10
Name of the Vulnerable Software and Affected Versions: FRRouting versions through 9.0.1 Description: The issue is related to the improper handling of a crafted BGP UPDATE message with a MP UNREACH NLRI attribute and additional NLRI data that lacks mandatory path attributes. This can cause a crash...
Input validation
Two vulnerabilities in Cisco ISE could allow an authenticated, remote attacker to upload arbitrary files to an affected device. To exploit these vulnerabilities, an attacker must have valid Administrator credentials on the affected device. These vulnerabilities are due to improper validation of...