14 matches found
CVE-2026-43964
Postfix before 3.8.16, 3.9 before 3.9.10, and 3.10 before 3.10.9 sometimes allows a buffer over-read and process crash via an enhanced status code that lacks text after the third number...
CVE-2026-22764
Dell OpenManage Network Integration, versions prior to 3.9, contains an Improper Authentication vulnerability. A low privileged attacker with remote access could potentially exploit this vulnerability, leading to Information exposure...
CVE-2021-22291 EIBPORT Reflected XSS
Improper Neutralization of Input During Web Page Generation XSS or 'Cross-site Scripting' vulnerability in ABB EIBPORT V3 KNX, ABB EIBPORT V3 KNX GSM.This issue affects EIBPORT V3 KNX: before 3.9.2; EIBPORT V3 KNX GSM: before 3.9.2...
CVE-2021-22291 EIBPORT Reflected XSS
Improper Neutralization of Input During Web Page Generation XSS or 'Cross-site Scripting' vulnerability in ABB EIBPORT V3 KNX, ABB EIBPORT V3 KNX GSM.This issue affects EIBPORT V3 KNX: before 3.9.2; EIBPORT V3 KNX GSM: before 3.9.2...
CVE-2023-23762
An incorrect comparison vulnerability was identified in GitHub Enterprise Server that allowed commit smuggling by displaying an incorrect diff. To do so, an attacker would need write access to the repository and be able to correctly guess the target branch before it’s created by the code...
CVE-2021-26999
NetApp Cloud Manager versions prior to 3.9.9 log sensitive information when an Active Directory connection fails. The logged information is available only to authenticated users. Customers with auto-upgrade enabled should already be on a fixed version while customers using on-prem connectors with...
PT-2025-1623 · WordPress · Eventer
Name of the Vulnerable Software and Affected Versions: Eventer plugin for WordPress versions prior to 3.9.10 Description: The issue allows unauthorized access to data due to a missing capability check on the eventer export bookings csv function. This enables authenticated attackers with...
AZL-60199 CVE-2024-6345 affecting package python3 for versions less than 3.9.19-12
A vulnerability in the packageindex module of pypa/setuptools versions up to 69.1.1 allows for remote code execution via its download functions. These functions, which are used to download packages from URLs provided by users or retrieved from package index servers, are susceptible to code...
CVE-2024-39150
vditor v.3.9.8 and before is vulnerable to Arbitrary file read via a crafted data packet...
CVE-2023-28803
An authentication bypass by spoofing of a device with a synthetic IP address is possible in Zscaler Client Connector on Windows, allowing a functionality bypass. This issue affects Client Connector: before 3.9...
SUSE CVE-2021-3426
There's a flaw in Python 3's pydoc. A local or adjacent attacker who discovers or is able to convince another local or adjacent user to start a pydoc server could access the server and use it to disclose sensitive information belonging to the other user that they would not normally be able to...
Unspecified vulnerability in rConfig (CNVD-2020-22276)
rConfig is an open source network configuration management utility . A security vulnerability exists in the includes/head.inc.php file in versions of rConfig prior to 3.9.4, which can be exploited to retrieve stored credentials in plaintext form by sending a GET request to the settings.php file...
DEBIAN-CVE-2016-7440
The C software implementation of AES Encryption and Decryption in wolfSSL formerly CyaSSL before 3.9.10 makes it easier for local users to discover AES keys by leveraging cache-bank timing differences...
PT-2013-3612 · Linux +3 · Linux Kernel +3
Name of the Vulnerable Software and Affected Versions: Linux kernel versions prior to 3.9 Description: The issue concerns the key notify policy flush function in the Linux kernel, which fails to initialize a certain structure member. This allows local users to obtain sensitive information from...