CVE-2023-5600

GitLab EE/CE CVE-2023-5600 affects GitLab EE versions 16.0+ up to before 16.3.6, 16.4 before 16.4.2, and 16.5 before 16.5.1. The issue is an improper access control allowing arbitrary access to the titles of private specific references via the service-desk custom email template. No exploit detail...

CVE-2021-24008

CVE-2021-24008 is a vulnerability in multiple Fortinet products where reading a JavaScript file could disclose sensitive software-version information to an unauthenticated remote attacker. Affected are: FortiDDoS (versions up to 5.4.0 and lower branches such as 5.3.2, 5.2.0, 5.1.0, 5.0.0, 4.7.0, ...

CVE-2022-26388

A use of hard-coded password vulnerability may allow authentication abuse.This issue affects ELI 380 Resting Electrocardiograph: Versions 2.6.0 and prior; ELI 280/BUR280/MLBUR 280 Resting Electrocardiograph: Versions 2.3.1 and prior; ELI 250c/BUR 250c Resting Electrocardiograph: Versions 2.1.2 an...

CVE-2018-9373

CVE-2018-9373 is a vulnerability in the Mediatek WLAN TDLS path (TdlsexRxFrameHandle) of the MTK WLAN driver. The issue is an out-of-bounds write caused by a missing bounds check, enabling remote escalation of privilege with no additional privileges and no user interaction. Documents consistently...

CVE-2023-27539

There is a denial of service vulnerability in the header parsing component of Rack...

CVE-2023-47778

CVE-2023-47778 concerns LuckyWP Scripts Control for WordPress. The vulnerability is a Missing Authorization/Broken Access Control issue in LuckyWP Scripts Control versions

CVE-2023-44147

CVE-2023-44147 affects the WordPress Comment Blacklist Updater plugin up to version 1.1.0. The root cause is a missing/incorrect authorization in access control (Broken Access Control), exploitable by unauthenticated users to exploit misconfigurations. The CVSS 3.1 base score is 5.3 (Medium). Rem...

CVE-2023-41875

CVE-2023-41875 describes a Missing Authorization vulnerability in the WordPress plugin WP Directory Kit (versions

CVE-2018-9430

CVE-2018-9430 is an out-of-bounds write in btif_storage.cc (prop2cfg) that can lead to remote code execution without user interaction. Affected: Android Pixel/Nexus devices; root cause described as incorrect bounds check triggering a write beyond limits. Impact: high (RCE), network attack vector ...

CVE-2018-9381

CVE-2018-9381 affects the gatt_sr.c component, specifically the gatts_process_read_by_type_req path, where uninitialized data can cause information disclosure. The issue enables remote information disclosure without additional execution privileges and requires no user interaction. Publicly disclo...

CVE-2022-43937

CVE-2022-43937 corresponds to a log file information exposure in Brocade SANnav. Connected documents confirm that sensitive fields can be recorded in debug-enabled logs when debugging is on, affecting SANnav versions prior to 2.3.0 and 2.2.2a. The entries consolidate multiple advisories across Re...

CVE-2018-9472

The CVE-2018-9472 entry concerns a flaw in xmlMemStrdupLoc within xmlmemory.c, causing an out-of-bounds write due to an integer overflow. This could enable remote code execution in an unprivileged process with no extra privileges, and requires user interaction to exploit. Red Hat and CVE sources ...

CVE-2021-1132

CVE-2021-1132 affects Cisco Network Services Orchestrator (NSO) API and web-management interface. The issue arises from improper validation of user-supplied input, allowing an unauthenticated, remote attacker to send crafted HTTP requests containing directory traversal sequences to access sensiti...

CVE-2023-20154

CVE-2023-20154 affects Cisco Modeling Labs external authentication. An unauthenticated, remote attacker could log in to the web interface with administrative privileges by exploiting improper handling of messages from the external authentication server. The attack requires valid credentials store...

CVE-2023-7010

CVE-2023-7010 is a use-after-free vulnerability in WebRTC in Google Chrome, with impact described as potential heap corruption. The affected software is Google Chrome (WebRTC component); the concrete detail provided indicates exploitation could be remote via a crafted HTML page, and the vulnerabi...

CVE-2024-31316

CVE-2024-31316 affects the Android Framework, specifically the onResult path in AccountManagerService.java. The issue is a parcel mismatch that could allow an arbitrary background activity launch, resulting in local elevation of privilege without requiring additional execution privileges. No user...

CVE-2024-23695

CVE-2024-23695 involves the Android/Linux kernel’s CacheOpPMRExec in cache_km.c, with a reported out-of-bounds write caused by an integer overflow. This can lead to local elevation of privilege with no extra execution privileges or user interaction required. The available connected documents do n...

CVE-2023-50805

CVE-2023-50805 affects Samsung Mobile Processor, Wearable Processor, and Modems across Exynos 9820/9825/980/990/850/1080/2100/2200/1280/1380/1330/9110/W920/W930, and Exynos Modem 5123/5300. The vulnerability is an out-of-bounds write in the heap encountered in 2G (no authentication required). Mul...

CVE-2023-48273

CVE-2023-48273 affects the WordPress plugin Preloader for Website (version

CVE-2023-51682

CVE-2023-51682 : Missing Authorization vulnerability in MC4WP (Mailchimp for WordPress) affecting MC4WP