57 matches found
SUSE CVE-2019-10732
In KDE KMail 5.2.3, an attacker in possession of S/MIME or PGP encrypted emails can wrap them as sub-parts within a crafted multipart email. The encrypted parts can further be hidden using HTML/CSS or ASCII newline characters. This modified multipart email can be re-sent by the attacker to the...
CVE-2022-42533
creationtimestamp| type| source ---|---|--- 2022-11-18 02:23:24+00:00| seen| https://t.me/cibsecurity/53138...
Plone 代码问题漏洞
Plone is an open source content management system. A XXE XML External Entity Injection vulnerability exists in Plone versions prior to 5.2.3. An attacker can exploit this vulnerability to conduct XXE attacks...
TYPO3 Direct Mail Component Input Validation Error Vulnerability
TYPO3 is a free and open source content management system framework CMS/CMF from the TYPO3 Association in Switzerland. direct Mail is an email marketing extension plugin used in it. A security vulnerability exists in the Direct Mail component of TYPO3 5.2.3 and earlier versions, which stems from...
TYPO3 Direct Mail Component Denial of Service Vulnerability
TYPO3 is a free and open source content management system framework CMS/CMF from the TYPO3 Association in Switzerland. direct Mail is an email marketing extension plugin used in it. A security vulnerability exists in the Direct Mail component of TYPO3 5.2.3 and earlier versions. An attacker could...
Pivotal Software Spring Framework Cross-Site Request Forgery Vulnerability
Pivotal Software Spring Framework is the U.S. Pivotal Software's set of open source Java, JavaEE application framework. The framework helps developers build high-quality applications . A cross-site request forgery vulnerability exists in Pivotal Software Spring Framework versions 5.2.x prior to...
DEBIAN-CVE-2019-16221
WordPress before 5.2.3 allows reflected XSS in the dashboard...
PT-2019-5212 · WordPress · Wordpress
Name of the Vulnerable Software and Affected Versions: WordPress versions prior to 5.2.3 Description: The issue is related to incorrect URL sanitization in the wp kses bad protocol once function, which can lead to cross-site scripting XSS attacks. This could allow a remote attacker to compromise...
Linux kernel resource management error vulnerability (CNVD-2019-32365)
Linux kernel is the kernel used by Linux, the open source operating system released by the Linux Foundation in the United States. A resource management error vulnerability exists in the drivers/media/usb/dvb-usb/dvb-usb-init.c file in versions of Linux kernel prior to 5.2.3. The vulnerability...
Linux kernel integer overflow vulnerability (CNVD-2019-25055)
Linux kernel is the kernel used by Linux, the open source operating system released by the Linux Foundation in the United States. An integer overflow vulnerability exists in the 'setupformatparams' function in the drivers/block/floppy.c file in Linux kernel versions prior to 5.2.3. The...
PT-2019-4191 · Linux +3 · Linux Kernel +3
Name of the Vulnerable Software and Affected Versions: Linux kernel versions prior to 5.2.3 Description: The issue is caused by an out-of-bounds access in the ath6kl wmi pstream timeout event rx and ath6kl wmi cac event rx functions in the file drivers/net/wireless/ath/ath6kl/wmi.c. This can allo...
grafana: authentication bypass knowing only a username of an LDAP or OAuth user
Grafana 2.x, 3.x, and 4.x before 4.6.4 and 5.x before 5.2.3 allows authentication bypass because an attacker can generate a valid "remember me" cookie knowing only a username of an LDAP or OAuth user...
PT-2018-3433 · Grafana +1 · Grafana +1
Name of the Vulnerable Software and Affected Versions: Grafana versions 2.x through 4.x before 4.6.4 Grafana versions 5.x before 5.2.3 Description: The issue is related to authentication errors in the Grafana web tool, allowing an attacker to bypass authentication. This can be achieved by...
Fortinet FortiOS Access Privilege Vulnerability
Fortinet FortiOS is a set of security operating system developed by the U.S. Fiat Fortinet company dedicated to FortiGate network security platform. The system provides users with firewall, antivirus, IPSec/SSL VPN, Web content filtering and anti-spam and other security features. An access...
Fortinet FortiGate FortiOS Security Bypass Vulnerability
Fortinet FortiGate running FortiOS is a set of security operating system developed by American Fitta Fortinet company dedicated to FortiGate network security platform. The system provides users with firewall, antivirus, IPSec/SSL VPN, Web content filtering and anti-spam and other security feature...
PT-2014-3466 · Red Hat · Red Hat Cloudforms Management Engine
Name of the Vulnerable Software and Affected Versions: Red Hat CloudForms Management Engine CFME versions prior to 5.2.3.2 Description: The issue allows remote authenticated users to delete arbitrary catalogs by guessing the catalog ID, specifically targeting the CatalogController. Recommendation...
php crash in glob() and fnmatch() functions
PHP before 5.2.3 allows context-dependent attackers to cause a denial of service application crash via 1 a long string in the pattern parameter to the glob function; or 2 a long string in the string parameter to the fnmatch function, accompanied by a pattern parameter value with undefined...