18 matches found
CVE-2023-47838
CVE-2023-47838 affects the WordPress plugin Conditional Fields for Contact Form 7 (cf7-conditional-fields). Root cause: Missing Authorization / Broken Access Control due to incorrectly configured access control levels, allowing exploitation by low-privilege users. Affected versions:
CVE-2017-18307
CVE-2017-18307 is linked to Qualcomm chipsets (notably qcacld-3.0) and is described as an information-disclosure vulnerability that can occur during audio playback. The Red Hat and CVE listings corroborate an information leak, with Qualcomm’s product-security notes showing a local attack vector a...
CVE-2022-20853
CVE-2022-20853 concerns Cisco Expressway Series and Cisco TelePresence VCS. The issue is a CSRF vulnerability in the REST API/web-based management interface caused by insufficient CSRF protections, allowing an unauthenticated, remote attacker to persuade a logged-in user to follow a crafted link,...
CVE-2023-1973
CVE-2023-1973 is an Undertow vulnerability that allows a remote attacker to cause a Denial of Service by exploiting FormAuthenticationMechanism, leading to OutOfMemory on the server. The connected records (e.g., Red Hat RHSA-2025-9583) confirm this issue and indicate remediation via security upda...
CVE-2024-22232
CVE-2024-22232 describes a directory traversal in Salt’s file server triggered by a specially crafted URL. The underlying issue is input validation that allows traversal sequences, enabling a malicious user to read arbitrary files from a Salt master’s filesystem. Affected component: Salt master/f...
CVE-2024-1204
The CVE-2024-1204 issue affects the Meta Box WordPress Custom Fields Framework (versions prior to 5.9.4). It allows users with at least the Contributor role to access arbitrary custom fields assigned to other users’ posts, indicating a broken access control vulnerability. Remediation, per multipl...
CAN-2004-1076
CVE-2004-1076 affects the Atari800 emulator. The provided sources describe multiple buffer overflows in the RtConfigLoad function in rt-config.c, affecting versions before 1.3.4, allowing local users to execute arbitrary code via large values in the configuration file. Exploitation details are no...
CAN-2004-1183
CVE-2004-1183 is a documented integer overflow in the tiffdump utility of libtiff (affecting versions prior to the patch). Several advisories (Ubuntu USN-54-1, Red Hat RHSA-2005:035, Gentoo GLSA-200501-06, SUSE-SA:2005:001, Debian/others) describe that processing carefully crafted TIFF images can...
CAN-2005-2494
CVE-2005-2494 is addressed in multiple historical advisories, notably Red Hat RHSA-2006:0582 and CentOS/CESA-2006:0582 for kdebase. The issue is a lock-file handling flaw in kcheckpass that could allow privilege escalation if /var/lock is writable by a user allowed to run kcheckpass. A patch was ...
CAN-2005-2933
CVE-2005-2933 is referenced in multiple advisories (RHSA-2006:0276, RHSA-2006:0501, CESA-2005:850, CESA-2006:0276) and is associated with a buffer overflow in the UW-IMAP c-client library used by IMAP/imapd. A specially crafted mailbox name could allow authenticated attackers to execute arbitrary...
CVE-2021-0448
Technical details for CVE-2021-0448 are not publicly available in the provided documents. No affected products, root cause, or remediation are specified here. Monitor for updates from the linked sources (Ubuntu, Nessus, OSV, UB) to obtain concrete information.
CVE-2023-21386
CVE-2023-21386 is listed in Android 14 security release notes under the System category with Type “ID” and Moderate severity. The provided connected documents confirm the CVE entry exists, but do not provide the root cause, affected components beyond that category, or remediation details. No expl...
CVE-2018-1613
CVE-2018-1613 is a confirmed vulnerability in IBM Platform Symphony and IBM Spectrum Symphony involving a vertical authorization bypass in the Symping utility. A local attacker could obtain a privileged token and gain privileges or access highly sensitive data. Affected products/versions: IBM Pla...
CVE-2021-0836
In the Android 12 Library component, CVE-2021-0836 is listed with Type: ID and Severity: Moderate, referenced by Android bug ID A-170644642. The connected document does not provide exploit details, vectors, affected subcomponents, or remediation steps for this CVE.
CVE-2021-0825
CVE-2021-0825 appears in the Android 12 Security Release Notes under the Android TV section as a Moderate-severity Elevation of Privilege (EoP) issue. The vulnerability is listed with the Android bug reference A-174493596; the document does not provide specifics on affected builds, vulnerable com...
CVE-2021-0783
CVE-2021-0783 is listed in the Android 12 release notes under the System vulnerability set, categorized as Information Disclosure (Type: ID) with a Moderate severity. The notes do not provide root-cause details, affected package names, exploit vectors, or remediation/patch information for this CV...
CVE-2018-7168
OpenAFS has a vulnerability tracked as CVE-2018-7168. Mageia/MGASA-2021-0509 notes that in-the-wild AFS3 clients could improperly construct ACLs and store them via RXAFS_StoreACL (opcode 134), with a defensive measure implemented by introducing a new RXAFS_StoreACL opcode (164) to identify proper...
CVE-2021-28577
Adobe Animate is affected by multiple vulnerabilities including CVE-2021-28577, an out-of-bounds write that can lead to arbitrary code execution. According to APSB21-35, affected versions are Adobe Animate 20.x before 20.5.2 and 21.x before 21.0.6. The issue is addressed by a security update; use...