CVE-2023-25749

Android applications with unpatched vulnerabilities can be launched from a browser using Intents, exposing users to these vulnerabilities. Firefox will now confirm with users that they want to launch an external application before doing so. This bug only affects Firefox for Android. Other version...

kernel: netfilter: conntrack: fix using __this_cpu_add in preemptible

In the Linux kernel, the following vulnerability has been resolved: netfilter: conntrack: fix using thiscpuadd in preemptible Currently in nfconntrackhashcheckinsert, when it fails in nfctextvalidpre/post, NFCTSTATINC will be called in the preemptible context, a call trace can be triggered: BUG:...

CVE-2023-26800

Ruijie Networks RG-EW1200 Wireless Routers EW3.01B11P204 was discovered to contain a command injetion vulnerability via the params.path parameter in the upgradeConfirm function...

Ruijie Networks RG-EG Series Routers 命令注入漏洞

Ruijie Networks RG-EG Series Routers is a gateway product from Ruijie Networks China. A security vulnerability exists in Ruijie Networks RG-EW1200 Wireless Routers version EW3.01B11P204, which was discovered to contain a command injection vulnerability via the params.path parameter of the...

Cybersecurity Firm Acronis Data Breach: Hackers Leak 21GB of Data

By Waqas Acronis has confirmed the data breach, stating that the leak does not contain login credentials. This is a post from HackRead.com Read the original post: Cybersecurity Firm Acronis Data Breach: Hackers Leak 21GB of Data...

WordPress Confirm Data Plugin <= 1.0.7 is vulnerable to Server Side Request Forgery (SSRF)

Software Confirm Data Type Plugin Vulnerable versions = 1.0.7 Fixed in N/A OWASP Top 10 A1: Injection Classification Server Side Request Forgery SSRF CVE CVE-2022-40700 Patch priority Low CVSS severity Low 8.2 Developer Claim ownership PSID 486c54ed7457 Credits Dave Jong Patchstack Required...

K23024812: BIG-IP APM vulnerability CVE-2018-5544

Security Advisory Description When the BIG-IP APM system renders certain pages with a logon agent or a confirm box, the system may disclose configuration information such as partition and agent names via URI parameters. CVE-2018-5544 Impact This vulnerability allows unauthorized disclosure of...

SUSE CVE-2011-0707

Multiple cross-site scripting XSS vulnerabilities in Cgi/confirm.py in GNU Mailman 2.1.14 and earlier allow remote attackers to inject arbitrary web script or HTML via the 1 full name or 2 username field in a confirmation message...

SUSE CVE-2015-3179

login/confirm.php in Moodle through 2.5.9, 2.6.x before 2.6.11, 2.7.x before 2.7.8, and 2.8.x before 2.8.6 allows remote authenticated users to bypass intended login restrictions by leveraging access to an unconfirmed suspended account...

SUSE CVE-2015-4143

The EAP-pwd server and peer implementation in hostapd and wpasupplicant 1.0 through 2.4 allows remote attackers to cause a denial of service out-of-bounds read and crash via a crafted 1 Commit or 2 Confirm message payload...

SUSE CVE-2015-8763

The EAP-PWD module in FreeRADIUS 3.0 through 3.0.8 allows remote attackers to have unspecified impact via a crafted 1 commit or 2 confirm message, which triggers an out-of-bounds read...

SUSE CVE-2018-6188

django.contrib.auth.forms.AuthenticationForm in Django 2.0 before 2.0.2, and 1.11.8 and 1.11.9, allows remote attackers to obtain potentially sensitive information by leveraging data exposure from the confirmloginallowed method, as demonstrated by discovering whether a user account is inactive...

SUSE CVE-2022-23481

xrdp is an open source project which provides a graphical login to remote machines using Microsoft Remote Desktop Protocol RDP. xrdp v0.9.21 contain a Out of Bound Read in xrdpcapsprocessconfirmactive function. There are no known workarounds for this issue. Users are advised to upgrade...

CVE-2022-45191

An issue was discovered on Microchip RN4870 1.43 devices. An attacker within BLE radio range can cause a denial of service by sending a pair confirm message with wrong values...

CVE-2022-45191

An issue was discovered on Microchip RN4870 1.43 devices. An attacker within BLE radio range can cause a denial of service by sending a pair confirm message with wrong values...

Sorare: Mystery with a leaked token and Reusability of email confirmation link leading to Account Takeover

A vulnerability was discovered where leaked email confirmation links could be reused to gain access to a user's account without requiring a password. This was possible by modifying the token parameter in the URL of the expired confirmation link. An attacker who gains access to such a leaked link...

UBUNTU-CVE-2022-23481

xrdp is an open source project which provides a graphical login to remote machines using Microsoft Remote Desktop Protocol RDP. xrdp v0.9.21 contain a Out of Bound Read in xrdpcapsprocessconfirmactive function. There are no known workarounds for this issue. Users are advised to upgrade...

xrdp 缓冲区错误漏洞

xrdp is an open source remote desktop protocol server from Neutrinolabs Labs. A buffer error vulnerability exists in xrdp versions prior to v0.9.21, which stems from including an out-of-bounds read in the xrdpcapsprocessconfirmactive function...

CVE-2022-23494

tinymce is an open source rich text editor. A cross-site scripting XSS vulnerability was discovered in the alert and confirm dialogs when these dialogs were provided with malicious HTML content. This can occur in plugins that use the alert or confirm dialogs, such as in the image plugin, which...

CVE-2022-23494

Summary (CVE-2022-23494): TinyMCE (open source rich text editor) suffers a cross-site scripting (XSS) vulnerability in alert/confirm dialogs when provided with malicious HTML, potentially allowing arbitrary JavaScript execution in the current user’s browser. Affected versions clock to TinyMCE 5.x...