CVE-2024-49235 WordPress Contact Forms, Live Support, CRM, Video Messages plugin <= 1.10.2 - Sensitive Data Exposure vulnerability

Insertion of Sensitive Information Into Sent Data vulnerability in videowhisper Contact Forms, Live Support, CRM, Video Messages live-support-tickets allows Retrieve Embedded Sensitive Data.This issue affects Contact Forms, Live Support, CRM, Video Messages: from n/a through = 1.10.2...

Oracle Database Server 安全漏洞

Oracle Database Server is a relational database management system from Oracle Corporation USA. This database management system provides data management, distributed processing, and other functions. A security vulnerability exists in the Java VM of Oracle Database Server. An attacker exploiting th...

Oracle PeopleSoft Products 安全漏洞

Oracle PeopleSoft is a suite of enterprise human capital management solutions from Oracle Corporation USA. The product provides human capital management, financial management, vendor relationship management, and other capabilities. A security vulnerability exists in Oracle PeopleSoft's PeopleSoft...

Oracle MySQL 安全漏洞

Oracle MySQL Cluster is the United States Oracle Oracle company developed a write scalable, real-time, ACID-compatible transactional database. A security vulnerability exists in Oracle MySQL Cluster, which can be exploited by an attacker to update, insert, or delete accessible data...

CVE-2024-47781 Cross-site Scripting (XSS) in Special:RequestWikiQueue when displaying sitename in CreateWiki

CreateWiki is an extension used at Miraheze for requesting & creating wikis. The name of requested wikis is not escaped on Special:RequestWikiQueue, so a user can insert arbitrary HTML that is displayed in the request wiki queue when requesting a wiki. If a wiki creator comes across the XSS...

SUSE CVE-2024-46847

In the Linux kernel, the following vulnerability has been resolved: mm: vmalloc: ensure vmapblock is initialised before adding to queue Commit 8c61291fd850 "mm: fix incorrect vbq reference in purgefragmentedblock" extended the 'vmapblock' structure to contain a 'cpu' field which is set at...

CVE-2024-8609 Improper Access Control in Oceanic Software's ValeApp

Insertion of Sensitive Information into Log File vulnerability in Oceanic Software ValeApp allows Query System for Information. This issue affects ValeApp: before v2.0.0...

CVE-2024-8609

ValeApp (Oceanic Software) prior to version 2.0.0 has a vulnerability that allows insertion of sensitive information into log files, which can enable a query system for information. Impact and exact exploit details are not fully provided in the sources, but PT-2024-39130 notes that versions befor...

CVE-2022-49037

Insertion of sensitive information into log file vulnerability in proxy settings component in Synology Drive Client before 3.3.0-15082 allows remote authenticated users to obtain sensitive information via unspecified vectors...

CVE-2022-49037

CVE-2022-49037 affects Synology Drive Client before 3.3.0-15082. The vulnerability is an insertion of sensitive information into a log file in the proxy settings component, enabling remote authenticated users to obtain sensitive information via unspecified vectors. Sources from NVD/Red Hat/CVE re...

CVE-2024-43990

CVE-2024-43990 (Masterstudy LMS Starter) describes an unauthenticated sensitive information exposure caused by insertion of data into log files. The vulnerability affects Masterstudy LMS Starter versions up to and including 1.1.8. Public sources in the Connected documents indicate this is a WordP...

kernel: udp: Set SOCK_RCU_FREE earlier in udp_lib_get_port()

In the Linux kernel, the following vulnerability has been resolved: udp: Set SOCKRCUFREE earlier in udplibgetport. syzkaller triggered the warning 0 in udpv4earlydemux. In udpv46earlydemux and sklookup, we do not touch the refcount of the looked-up sk and use sockpfree as skb-destructor, so we...

kernel: udp: Set SOCK_RCU_FREE earlier in udp_lib_get_port()

In the Linux kernel, the following vulnerability has been resolved: udp: Set SOCKRCUFREE earlier in udplibgetport. syzkaller triggered the warning 0 in udpv4earlydemux. In udpv46earlydemux and sklookup, we do not touch the refcount of the looked-up sk and use sockpfree as skb-destructor, so we...

Cross-site Scripting (XSS)

Mautic is vulnerable to Cross-Site Scripting XSS. The vulnerability is due to the ability of an attacker to edit a Mautic form, allowing them to insert malicious HTML that can steal sensitive information from the user's current session...

CVE-2024-8890 Insertion of Sensitive Information Into Sent Data vulnerability on CIRCUTOR Q-SMT

An attacker with access to the network where the CIRCUTOR Q-SMT is located in its firmware version 1.0.4, could obtain legitimate credentials or steal sessions due to the fact that the device only implements the HTTP protocol. This fact prevents a secure communication channel from being establish...

Contao 输入验证错误漏洞

Contao is an open source Content Management System CMS developed in PHP by Contao Open Source. The system supports search engines, rights management and CSS frameworks. An input validation error vulnerability exists in Contao 4.13.0 and prior versions, which originates from an untrusted user bein...

CVE-2022-26322 Possible Insertion of Sensitive Information into Log File Vulnerability in Identity Manager

Possible Insertion of Sensitive Information into Log File Vulnerability in Identity Manager has been discovered in OpenText™ Identity Manager REST Driver. This impact version before 1.1.2.0200...

CVE-2024-43781

CVE-2024-43781 concerns SINUMERIK systems where, when Create MyConfig (CMC) is used, an Insertion of Sensitive Information into Log File vulnerability can allow a local authenticated user with low privileges to read sensitive data and bypass access restrictions. Affected products include SINUMERI...

UBUNTU-CVE-2023-52913

In the Linux kernel, the following vulnerability has been resolved: drm/i915: Fix potential context UAFs gemcontextregister makes the context visible to userspace, and which point a separate thread can trigger the I915GEMCONTEXTDESTROY ioctl. So we need to ensure that nothing uses the ctx ptr aft...

Nextcloud: Nextcloud Tables app - inserting rows to an arbitrary table possible

The Nextcloud Tables app was found to have a vulnerability that allowed inserting rows to an arbitrary table. The vulnerability was disclosed in a security advisory...