17 matches found
CVE-2022-28802
Code by Zapier before 2022-08-17 allowed intra-account privilege escalation that included execution of Python or JavaScript code. In other words, Code by Zapier was providing a customer-controlled general-purpose virtual machine that unintentionally granted full access to all users of a company's...
CVE-2023-29079
Rejected reason: DO NOT USE THIS CANDIDATE NUMBER. ConsultIDs: none. Reason: This candidate was withdrawn by its CNA. Further investigation showed that it was not a security issue in a customer-controlled product. Notes: none...
CVE-2023-29078
DO NOT USE THIS CANDIDATE NUMBER. ConsultIDs: none. Reason: This candidate was withdrawn by its CNA. Further investigation showed that it was not a security issue in a customer-controlled product. Notes: none...
CVE-2021-30216
CVE-2021-30216 entry is rejected/not used; it does not represent an active vulnerability.
Code injection
DISPUTED The ProBot bot through 2021-02-08 for Discord might allow attackers to interfere with the intended purpose of the "Send an image when a user joins the server" feature or possibly have unspecified other impact because the uploader web service allows double extensions such as .html.jpg wit...
CVE-2019-12613
CVE-2019-12613 is rejected/not used and does not represent an active vulnerability entry.
CVE-2017-11135
An issue was discovered in heinekingmedia StashCat through 1.7.5 for Android, through 0.0.80w for Web, and through 0.0.86 for Desktop. The logout mechanism does not check for authorization. Therefore, an attacker only needs to know the device ID. This causes a denial of service. This might be...
Authorization
An issue was discovered in heinekingmedia StashCat through 1.7.5 for Android, through 0.0.80w for Web, and through 0.0.86 for Desktop. The logout mechanism does not check for authorization. Therefore, an attacker only needs to know the device ID. This causes a denial of service. This might be...
CVE-2017-11135
An issue was discovered in heinekingmedia StashCat through 1.7.5 for Android, through 0.0.80w for Web, and through 0.0.86 for Desktop. The logout mechanism does not check for authorization. Therefore, an attacker only needs to know the device ID. This causes a denial of service. This might be...
CVE-2017-7727
The connected sources identify CVE-2017-7727 as a Server-Side Request Forgery affecting the iSmartAlarm Backend. The vulnerability arises from an API endpoint that does not validate injection, enabling an attacker to use the backend as a proxy to perform SSRF/open redirection. Affected software i...
CVE-2015-6553
Rejected reason: DO NOT USE THIS CANDIDATE NUMBER. ConsultIDs: none. Reason: This candidate was withdrawn. Further investigation showed that it was not a security issue in customer-controlled software. Notes: none...
CVE-2015-6553
CVE-2015-6553 entry is rejected/not used; this CVE ID is not an active vulnerability entry.
CVE-2015-4247
Rejected reason: DO NOT USE THIS CANDIDATE NUMBER. ConsultIDs: none. Reason: This candidate was withdrawn by its CNA. Further investigation showed that it was not a security issue in customer-controlled software. Notes: none...
CVE-2015-4246
Rejected reason: DO NOT USE THIS CANDIDATE NUMBER. ConsultIDs: none. Reason: This candidate was withdrawn by its CNA. Further investigation showed that it was not a security issue in customer-controlled software. Notes: none...
CVE-2015-4245
Rejected reason: DO NOT USE THIS CANDIDATE NUMBER. ConsultIDs: none. Reason: This candidate was withdrawn by its CNA. Further investigation showed that it was not a security issue in customer-controlled software. Notes: none...
CVE-2015-4249
CVE-2015-4249 entry is rejected; not an active vulnerability entry and not used in security assessments.
CVE-2015-2168
CVE-2015-2168 is rejected; this candidate was withdrawn and does not represent an active security issue.