22 matches found
CVE-2023-3866
CVE-2023-3866 : In the Linux kernel ksmbd, the compound-request handling failed to validate session and tree identifiers if the first operation is not an SMB2 ECHO. This could allow a NULL dereference when a subsequent operation accesses work->sess or work->tcon, leading to a local impact. ...
CVE-2022-29059
CVE-2022-29059 concerns Fortinet FortiWeb SQL Injection. Connected data confirms an improper neutralization of special elements used in SQL commands (CWE-89) that could allow a privileged attacker to execute SQL commands on the log database. Affected product versions include FortiWeb 7.0.1 and be...
CVE-2024-27256
CVE-2024-27256 affects IBM MQ Container images: CD v3.0.0, v3.0.1, v3.1.0–3.1.3; LTS v2.0.0–2.0.22; and 2.4.0–2.4.8, 2.3.0–2.3.3, 2.2.0–2.2.2. Description: use of weaker than expected cryptographic algorithms could allow an attacker to decrypt highly sensitive information. Connected sources corro...
CVE-2023-28120
There is a vulnerability in ActiveSupport if the new bytesplice method is called on a SafeBuffer with untrusted user input...
CVE-2023-45002
CVE-2023-45002 concerns the WordPress plugin WP User Frontend (weDevs) with Missing Authorization via AJAX actions up to version 3.6.8. The issue originates from Inadequate access control (Broken Access Control) that can be exploited by users with low privileges to bypass configured security leve...
CVE-2020-3532
CVE-2020-3532 affects Cisco Unified Communications Manager and related components (CUCM, CUCM Session Management Edition, IM&P, Unity Connection). The web-based management interface fails to properly validate input, enabling unauthenticated, remote attackers to persuade users to click crafted lin...
CVE-2023-20090
The CVE-2023-20090 entry concerns Cisco TelePresence CE and RoomOS. Affected software suffers from improper access control on certain CLI commands, allowing an authenticated, local attacker to elevate privileges to root on an affected device. The impact is local privilege escalation with root acc...
CVE-2024-31323
CVE-2024-31323 is an Android local elevation-of-privilege vulnerability in the onCreate path of the HealthFitness module (HealthFitness) that could trick a user into granting health permissions via tapjacking, requiring no user interaction for exploitation. The issue is mapped to the Healthfitnes...
CVE-2023-51516
CVE-2023-51516 is a Missing Authorization vulnerability (Broken Access Control) affecting the WordPress plugin “Business Directory Plugin – Easy Listing Directories for WordPress” up to version 6.3.9. The root cause, per provided documents, is a dispatch-related authorization issue. Connected sou...
CVE-2023-50804
CVE-2023-50804 concerns Samsung baseband/modem software in Exynos devices where NAS (Non-Access‑Stratum) format type checking is insufficient, enabling authentication bypass in the baseband stack. The issue affects multiple Exynos SoCs (e.g., Exynos 9820/9825/980/990/850/1080/2100/2200/1280/1380/...
CVE-2024-2287
CVE-2024-2287 — Knight Lab Timeline plugin for WordPress is vulnerable to Stored Cross-Site Scripting via shortcode attributes in versions up to 3.9.3.3 due to insufficient input sanitization and output escaping. Authenticated attackers with contributor-level permissions (or higher) can inject sc...
CVE-2024-1589
The CVE-2024-1589 issue affects the WordPress SendPress Newsletters plugin up to version 1.23.11.6. The root cause is that certain settings are not properly sanitised/escaped, enabling Stored Cross-Site Scripting (stored XSS) by high-privilege users (e.g., admins), even when unfiltered_html is di...
CVE-2024-27992
CVE-2024-27992 is a Reflected XSS in the WordPress plugin Link Whisper Free . Public disclosures indicate the vulnerability affects versions from some unspecified start up to and including 0.6.8, with the issue present in the Free edition and not in Pro as described in sources. Multiple CVE recor...
CAN-2005-2101
CVE-2005-2101 concerns the KDE kdeedu suite, where the lange n2kvhtml converter (langen2kvhtml) creates insecure temporary files in /tmp with predictable names. This local-privilege issue allows a non-privileged user to potentially overwrite files, as described in Debian security advisories (DSA-...
CVE-2019-4432
IBM MQ (including IBM MQ Appliance) is vulnerable to a denial-of-service attack caused by specially crafted messages that can stop queue manager responsiveness and drive high CPU. Affected products and versions include IBM WebSphere MQ v7.1 (7.1.0.0–7.1.0.9), IBM WebSphere MQ v7.5 (7.5.0.0–7.5.0....
CVE-2019-10519
CVE-2019-10519 is listed under Qualcomm components in Google's Pixel September 2020 security bulletin as a Moderate-severity, N/A-type issue affecting the Display/graphics component. The bulletin does not provide a detailed root cause or exploit information. There is no explicit patch description...
CVE-2021-0886
CVE-2021-0886 is listed in the Android 12 security release notes under the System component as a DoS vulnerability (Severity: Moderate). The Android bulletin does not provide exploit details or specific mitigations for this CVE. It notes that issues addressed in Android 12 are protected if device...
CVE-2021-0863
CVE-2021-0863 is listed in the Android 12 security release notes under Framework as an Information Disclosure (ID) vulnerability with Android bug ID A-118188362, Severity Moderate. It is addressed as part of the Android 12 release; no exploitation details are provided in the document.
CVE-2021-0775
CVE-2021-0775 is listed in the Android 12 security release notes under the Framework category with Type: Elevation of Privilege (EoP) and Severity: Moderate . The provided connected document does not include technical details such as affected component, root cause, impact specifics, fix/version, ...
CVE-2019-4677
IBM Security Identity Manager is affected by CVE-2019-4677 due to a cross-site scripting vulnerability in the Web UI. The bulletin specifies IBM Security Identity Manager 6.0.0 as affected, with the fix available in version 6.0.0-ISS-SIM-FP0023. The vulnerability allows embedding arbitrary JavaSc...