7 matches found
CVE-2023-0092
Affects Juju controller exposure: An authenticated user with read access to the Juju controller model can construct a remote request to download an arbitrary file from the controller filesystem. The issue is due to improper access control allowing file retrieval. Remediation: upgrade Juju to 2.9....
CVE-2024-2311
CVE-2024-2311 affects Avada (WordPress theme) up to version 7.11.6. The vulnerability is a Stored XSS via plugin shortcodes due to insufficient input sanitization and output escaping of user-supplied shortcode attributes. Exploitation requires contributor-level or higher authentication, and affec...
CVE-2024-30250
Astro-Shield (KindSpells) vulnerability CVE-2024-30250 affects versions 1.2.0–1.3.1, where injecting a correct SRI attribute into code causes the injected resource to be considered legitimate by CSP, enabling bypass of cross-origin allow-lists. Root cause: the SRI hash is added to the CSP header,...
CAN-2004-1318
Summary of CVE-2004-1318 (Namazu): Namazu2’s namazu.cgi accepts input that is not properly sanitised, allowing a remote attacker to cause cross-site scripting (XSS). The Debian advisories (DSA-627-1) describe the flaw as unsanitised input in Namazu2, with exploitation via a crafted query, notably...
CAN-2005-2655
CVE-2005-2655 affects maildrop (lockmail) where the lockmail utility does not drop group privileges before executing command-line arguments, enabling local privilege escalation for users with access to the maildrop package. Debian/DSA-791-1 notes the fix in version 1.5.3-1.1sarge1 (and later), so...
CVE-2019-4491
CVE-2019-4491 is an IBM MQ vulnerability where an error in the tracing functionality can be exploited to cause a denial-of-service. Connected IBM MQ advisories specify affected products and versions: IBM WebSphere MQ 7.1 (7.1.0.0–7.1.0.9), MQ 7.5 (7.5.0.0–7.5.0.9), MQ v8 (8.0.0.0–8.0.0.12), MQ v9...
CVE-2011-2036
Technical details for CVE-2011-2036 are not publicly available in the provided documents. Monitor for updates.