148 matches found
CVE-2024-32729
CVE-2024-32729 concerns WordPress ChatBot Conversational Forms (QuantumCloud Conversational Forms for ChatBot)
CVE-2014-6274
git-annex vulnerability CVE-2014-6274: when using S3/Glacier remotes with embedcreds=yes and encryption=pubkey or encryption=hybrid, AWS credentials were stored in the repository in plaintext rather than encrypted. Affected range: 3.20121126 through 5.20140919. Impact: anyone with a copy of the r...
CVE-2024-2643
CVE-2024-2643 affects the WordPress plugin My Sticky Bar prior to version 2.6.8. The issue is a failure to sanitize/escape certain settings, enabling stored cross-site scripting (Stored XSS) by high-privilege users (e.g., admins) even when unfiltered_html is disallowed, such as in multisite setup...
CVE-2021-26091
CVE-2021-26091 concerns FortiMail Identity Based Encryption (IBE) authentication. The connected documents confirm a cryptographically weak PRNG used in the FortiMail authenticator, affecting FortiMail versions 6.4.0–6.4.4 and 6.2.0–6.2.7. The weakness may allow an unauthenticated attacker to infe...
CVE-2019-16151
Fortinet FortiOS 6.4.1 and below and FortiOS 6.2.9 and below are affected by an improper neutralization of input during web page generation (CWE-79). A remote unauthenticated attacker can exploit a crafted Host header to redirect users to malicious sites or to execute JavaScript in the victim’s b...
CVE-2024-1211
CVE-2024-1211 is a CSRF vulnerability in GitLab CE/EE that affects all versions from 10.6 up to 16.9.7, from 16.10 up to 16.10.5, and from 16.11 up to 16.11.2, occurring when GitLab is configured to use JWT as an OmniAuth provider. The connected sources consistently describe a cross-site request ...
CVE-2017-13318
CVE-2017-13318 affects HeifDataSource::readAt in HeifDecoderImpl.cpp, where an integer overflow can cause an out-of-bounds read leading to information disclosure. Exploitation requires user interaction and the attacker must be able to trigger the affected code path (AV: Adjacent, UI: Required). R...
CVE-2017-13317
CVE-2017-13317 involves a possible out-of-bounds read in HeifDecoderImpl::getScanline (HeifDecoderImpl.cpp) due to improper input validation. The issue could lead to remote information disclosure with no additional execution privileges required; exploitation requires user interaction. Connected s...
CVE-2018-9461
The CVE-2018-9461 entry describes a race-condition vulnerability in the ShareIntentActivity.java on Android, enabling an app to read files in the Messages app and leading to local privilege escalation without extra execution privileges or user interaction. Several sources (NVD, Red Hat, CVE lists...
CVE-2023-46608
CVE-2023-46608 affects the DoLogin Security WordPress plugin ( 3.7.1 (fixed in 3.8). The available connected sources corroborate the nature (Missing Authorization) and the affected versions, and indicate patch availability in 3.8. No exploitation details are provided in the supplied documents bey...
CVE-2023-45760
CVE-2023-45760: wpDiscuz
CVE-2023-52718
CVE-2023-52718 refers to a connection hijacking vulnerability affecting some Huawei home routers (e.g., WS8700 and other models). The issue is linked to insufficient input validation in Huawei’s firmware, enabling an attacker with adjacent access to cause Denial of Service or information leakage....
CVE-2023-7266
Huawei CVE-2023-7266 concerns a connection hijacking vulnerability affecting some Huawei home routers. Connected docs identify affected products as Huawei TC7001-10, WS7200-10, and WS7206-10 (and related models in Huawei materials). The root cause is described as a session handling flaw that enab...
CVE-2020-1822
CVE-2020-1822 corresponds to Huawei COPS protocol implementations with multiple OOB read vulnerabilities in the decoding function when processing incoming data packets. The issue can disrupt service on affected devices. The connected Red Hat CVE records confirm the same family (CVE-2020-1818…1824...
CVE-2020-1819
Huawei devices implementing the Common Open Policy Service (COPS) protocol are affected by multiple OOB read vulnerabilities in the COPS decoding function. The issue can lead to service disruption when processing certain data packets. The CVE family includes CVE-2020-1818 through CVE-2020-1824, i...
CVE-2020-1818
The connected Red Hat/Huawei entries describe CVE-2020-1818 (and related CVEs 2020-1819 to 1824) as multiple out-of-bounds read vulnerabilities in Huawei devices' Common Open Policy Service (COPS) protocol implementation. The root cause is an out-of-bounds read in the decoding function when proce...
CVE-2020-9222
CVE-2020-9222 affects Huawei FusionCompute. The vulnerability is a privilege-escalation issue caused by insufficient verification of specific files during deserialization, enabling local attackers to elevate permissions. Affected product/component: Huawei FusionCompute; root cause: improper deser...
CVE-2020-9210
CVE-2020-9210 affects Huawei Myna devices with an insufficient integrity check in a module, enabling attackers to install malware via a physical scenario and potentially disrupt normal service. The root cause is a lack of adequate integrity verification in a specific workflow (HWPSIRT-2020-00145)...
CVE-2021-26102
CVE-2021-26102 describes a relative path traversal (CWE-23) in FortiWAN. FortiWAN versions 4.5.7 and earlier (including all 4.4.x) may allow a remote, unauthenticated attacker to delete files on the system by sending a crafted POST request. In particular, deletion of specific configuration files ...
CVE-2021-20553
CVE-2021-20553 affects IBM Sterling B2B Integrator Standard Edition (versions 5.2.0.0 through 6.1.1.0). The issue is a cross-site scripting vulnerability in the Web UI that lets an attacker embed arbitrary JavaScript, potentially altering functionality and disclosing credentials within a trusted ...