66 matches found
CVE-2024-31118
CVE-2024-31118 affects the WordPress plugin SP Project & Document Manager (versions up to 4.70). The issue is a Missing Authorization vulnerability caused by incorrectly configured access control security levels, potentially enabling unauthorized access to project/document resources. Public sourc...
CVE-2024-30547
CVE-2024-30547 is a DOM-based Cross-Site Scripting vulnerability in the WordPress plugin “Header Image Slider” where improper neutralization of input during web page generation allows DOM-based XSS. Affected: Header Image Slider versions up to 0.3. Root cause determined in connected sources as im...
CVE-2023-50897
CVE-2023-50897 concerns the WordPress plugin Media File Renamer (WordPress plugin “Media File Renamer”). The vulnerability is described as an Unrestricted Upload of File with Dangerous Type that enables an attacker to perform an arbitrary file rename, which can lead to a Remote Code Execution (RC...
CVE-2021-26087
The CVE-2021-26087 entry documents a stored Cross-Site Scripting (XSS) vulnerability in Fortinet FortiWLC web interfaces. Affected FortiWLC releases include 8.6.0, 8.5.3 and earlier, 8.4.8 and earlier, and 8.3.3. Root cause is improper neutralization of input during web page generation, enabling ...
CVE-2024-2878
Summary (CVE-2024-2878) : A DoS vulnerability in GitLab CE/EE affects all versions from 15.7 up to 16.9.7, 16.10 up to 16.10.5, and 16.11 up to 16.11.2. An attacker could cause service disruption by crafting unusual branch-name search terms. Impact: availability loss as described in the sources. ...
CVE-2022-28653
CVE-2022-28653 Overview: Affects the Apport crash-reporting component used in Linux/Ubuntu environments. Description across connected documents consistently states: unlimited disk space can be consumed in /var/crash, which can lead to disk-space exhaustion and potential availability impact. Root ...
CVE-2018-9464
CVE-2018-9464 is an Elevation of Privilege in the Google Android Kernel (Taimen bootloader) identified across multiple trackers. The vulnerability arises from a missing permission check, enabling local access to read protected files and escalate privileges with no additional execution privileges ...
CVE-2023-47647
CVE-2023-47647 corresponds to a Missing Authorization (Broken Access Control) vulnerability in LearningTimes BadgeOS, affecting BadgeOS up to version 3.7.1.6. The issue originates from misconfigured access control levels, enabling unauthorized actions. Reported CVSS 3.1 base score 4.3 (Medium). C...
CVE-2023-47515
CVE-2023-47515 concerns the WordPress plugin “Seers – GDPR & CCPA Cookie Consent & Compliance”. Connected sources confirm a Missing Authorization/Broken Access Control issue affecting Seers versions up to 8.1.1, allowing unauthenticated access to configured security levels. The root cause is insu...
CVE-2023-45636
CVE-2023-45636 concerns the WordPress plugin WordPress Backup & Migration (wp-migration-duplicator)
CVE-2022-21505
CVE-2022-21505: In the Linux kernel IMA, enabling appraisal with ima_appraise=log can bypass lockdown on systems where Secure Boot is disabled or unavailable. IMA blocks ima_appraise=log via boot params when Secure Boot is enabled, but this protection does not cover lockdown used without Secure B...
CVE-2022-44512
Adobe Acrobat Reader DC is affected by out-of-bounds write (CWE-787) in parsing that could lead to arbitrary code execution in the current user context. Affected versions include 22.001.20085 and earlier, 20.005.3031x and earlier, and 17.012.30205 and earlier. Exploitation requires user interacti...
CVE-2023-47849
CVE-2023-47849 affects the BlossomThemes Email Newsletter WordPress plugin. The issue is a Missing Authorization / Broken Access Control in the bten_get_mailing_list workflow, allowing unauthenticated access to mailing list data for versions up to and including 2.2.4. The vulnerability’s CVSS v3....
CVE-2023-48286
CVE-2023-48286 concerns the WordPress Stripe Payments plugin (Accept Stripe Payments) ≤ 2.0.79, with a Missing Authorization/ Broken Access Control vulnerability due to incorrectly configured access controls. Public-facing unauthenticated users could potentially exploit the issue due to unauthent...
CVE-2018-9403
CVE-2018-9403 describes a stack buffer overflow in the MTK FLP MSG HAL DIAG REPORT DATA NTF handler within the flp2hal_interface.c component. The underlying issue is a missing bounds check which can allow a local attacker with System privileges to escalate to higher privileges. Exploitation is lo...
CVE-2018-9395
The CVE-2018-9395 issue affects the Mediatek WLAN driver (mtk_cfg80211_vendor_packet_keep_alive_start and mtk_cfg80211_vendor_set_config) in drivers/misc/mediatek/connectivity/wlan/gen2/os/linux/gl_vendor.c. It describes a possible out-of-bounds write due to a missing bounds check, enabling local...
CVE-2018-9392
CVE-2018-9392 affects the Mediatek GPS HAL: in get_binary() of vendor/mediatek/proprietary/hardware/connectivity/gps/gps_hal/src/data_coder.c there is a possible out-of-bounds write due to a missing bounds check. This could enable local elevation of privilege with System execution privileges, and...
CVE-2023-0163
CVE-2023-0163 applies to Mozilla Convict prior to 6.2.4, describing a prototype pollution flaw that allows an attacker to modify object prototype attributes or inject attributes used elsewhere, potentially leading to a crash. The vulnerability affects server-side configuration handling by admins ...
CVE-2022-43936
CVE-2022-43936 affects Brocade SANnav before v2.2.2. The root cause is that enabling debugging causes Fabric OS switch passwords to be logged, risking disclosure of sensitive credentials. Impact is limited to password exposure via logs; no other compromises described. Remediation: upgrade to v2.2...
CVE-2018-9371
CVE-2018-9371 affects the Mediatek Preloader/bootloader. It describes out-of-bounds reads/writes via an exposed interface that permits arbitrary peripheral memory mapping due to insufficient blacklisting/whitelisting. Under the described conditions, this can enable local elevation of privilege wi...