20 matches found
CVE-2022-32203
CVE-2022-32203 describes a command-injection vulnerability in Huawei terminal printer products. The issue allows high-privilege code execution on the printer after exploitation over the network (CVSS v3.1: AV:N/AC:L/PR:N/UI:N/S:U/C:H/I:H/A:H, base 9.8). The root cause is described as insufficient...
CVE-2023-51360
CVE-2023-51360 affects the WordPress plugin Essential Blocks for Gutenberg (vulnerable:
CVE-2024-3171
CVE-2024-3171 affects Google Chrome (Chromium) before 122.0.6261.57. It is a use-after-free in Accessibility that can lead to heap corruption when a user is persuaded to perform specific UI gestures. The issue requires user interaction and is mitigated by updating to Chrome 122.0.6261.57 or later...
CVE-2024-34723
Summary: CVE-2024-34723 describes a logic error in Android’s ParcelableListBinder.java (onTransact) that could enable local elevation of privilege by stealing the mAllowlistToken to launch an app from the background, without extra privileges or user interaction. The vulnerability is tied to how P...
CVE-2024-25917
CVE-2024-25917 affects the WordPress WP Setup Wizard plugin prior to version 1.0.8.2, exposing an authentication/authorization bypass that allows an authenticated subscriber or higher to perform an unauthenticated-like action: full database download. Root cause identified as a missing capability ...
CAN-2004-0178
Technical details for CVE-2004-0178 are not publicly provided in the supplied documents; no affected products, root cause, impact, or fixes are disclosed here. Monitor for updates from connected advisories.
CAN-2004-0558
CVE-2004-0558 is referenced across multiple advisories (Slackware SSA:2004-266-01, Gentoo GLSA 200409-25, SLES9 updates, FreeBSD/FreeBSD Ports) as a CUPS-related issue. OpenVAS entries label it as a CUPS DoS with CVSS 5.0 (AV:N/AC:L/Au:N/C:N/I:N/A:P). The connected docs discuss affected packages ...
CAN-2004-0755
CVE-2004-0755 relates to Ruby CGI::Session's FileStore creating session files with insecure permissions, potentially allowing session information leakage. The JVN entry describes the issue, noting improper file permissions in CGI::Session FileStore. Fedo ra advisories mention a security fix and p...
CAN-2004-0980
CVE-2004-0980 is a format-string vulnerability in ez-ipupdate. The connected documents identify ez-ipupdate as affected, specifically versions 3.0.10 through 3.0.11b8, with exploitation possible when running in daemon mode with certain service types in use, allowing remote execution of arbitrary ...
CAN-2004-0986
CVE-2004-0986 affects iptables before 1.2.11. Multiple sources (SUSE SUSE CVE, OSV, NVD) state that under certain conditions, iptables fails to load required modules at system startup, leaving firewall rules possibly unenforced and the system vulnerable to remote attackers. Remediation in sources...
CAN-2004-1308
CVE-2004-1308 refers to an integer overflow/heap-overflow vulnerability in libtiff used by TIFF parsing. The linked Nessus/CenterOS/RHEL/Ubuntu advisories attribute this to kdegraphics/kfax components, with updates available that backport patches in libtiff. Exploitation would involve a malicious...
CAN-2005-0020
CVE-2005-0020 describes a buffer overflow in playmidi prior to 2.4 that could allow a local user to execute arbitrary code. This vulnerability is documented across multiple sources (NVD, OSV, Debian/DSA entries, CVE listing, and vendor advisories) with the impact restricted to local privilege esc...
CAN-2005-0446
CVE-2005-0446 affects Squid 2.5.STABLE8 and earlier, with DoS via crafted DNS responses that trigger a crash during FQDN/ipcache handling. The connected advisories indicate multiple distributions addressing this issue: Ubuntu USN-84-1 (DNS/ACLs and the bad DNS response in DNS resolution), Fedora ...
CAN-2005-0393
CVE-2005-0393 relates to crip 3.5: the helper scripts do not properly use temporary files, which can allow local users to cause an unknown impact with unknown attack vectors. The connected sources (OSV, NVD, Debian tracker, Red Hat entry, Debian/OSS plugins) confirm the same description. No speci...
CAN-2005-1934
CVE-2005-1934 affects the Gaim multi-protocol instant messaging client, where a malformed MSN Messenger message can cause memory allocation errors and crash the application. Connected advisories describe this as part of two DoS issues in Gaim and reference fixed-updates (e.g., upgrade to version ...
CAN-2005-1992
CVE-2005-1992 concerns Ruby’s XMLRPC server, where an insecure default in utils.rb (and related XMLRPC.iPIMethods handling) can allow a remote attacker to execute arbitrary commands if the server is used in a vulnerable configuration. Public advisories (e.g., RHSA-2005:543, USN-146-1) document th...
CAN-2005-2088
The connected Nessus document lists CVE-2005-2088 as an HTTP Request Smuggling issue in Apache httpd when acting as a proxy: Apache 1.3.x before 1.3.34 and 2.0.x before 2.0.55 are vulnerable to crafted requests with both Transfer-Encoding: chunked and Content-Length headers, leading to misinterpr...
CVE-2014-5515
According to the Ubuntu security entry for CVE-2014-5515, ntopng had several vulnerabilities that were fixed upstream in version 1.2.1. The connected records provide no further details (affected versions, root cause, impact, or exploit information). No MITRE/attack details are included. Remediati...
CVE-2021-0745
CVE-2021-0745 is listed in Android 12 release notes under System with type ID (information disclosure) and severity Moderate, referenced by Android bug ID A-187709482. The bulletin notes that issues fixed in Android 12 are addressed when devices run Android 12 with a patched level, and that sourc...
CVE-2021-0738
Android 12 Framework contains CVE-2021-0738 (listed under Framework in the Android 12 Security Release Notes). It is categorized as Type: ID (Information Disclosure) with a Moderate severity, and references the Android bug ID A-188802680. The snippet does not provide the exact root cause, vulnera...