Design/Logic Flaw

An issue was discovered by Elastic whereby sensitive information is recorded in Kibana logs in the event of an error. The issue impacts only Kibana version 8.10.0 when logging in the JSON layout or when the pattern layout is configured to log the %meta pattern. Elastic has released Kibana 8.10.1...

CVE-2023-31422 Kibana Insertion of Sensitive Information into Log File

An issue was discovered by Elastic whereby sensitive information is recorded in Kibana logs in the event of an error. The issue impacts only Kibana version 8.10.0 when logging in the JSON layout or when the pattern layout is configured to log the %meta pattern. Elastic has released Kibana 8.10.1...

CVE-2023-45852

In Vitogate 300 2.1.3.0, /cgi-bin/vitogate.cgi allows an unauthenticated attacker to bypass authentication and execute arbitrary commands via shell metacharacters in the ipaddr params JSON data for the put method...

SUSE CVE-2020-21686

A stack-use-after-scope issue discovered in expandmmacparams function in preproc.c in nasm before 2.15.04 allows remote attackers to cause a denial of service via crafted asm file...

nasm 安全漏洞

Nasm is an open source programming tool software by The Nasm Development Team team. A security vulnerability previously existed in nasm version 2.15.04, which stemmed from a buffer overflow problem found in the Expandmmacparams function of preproc.c. The vulnerability was caused by the use of the...

PT-2023-11598 · Nasm +2 · Nasm +2

Name of the Vulnerable Software and Affected Versions: nasm versions prior to 2.15.04 Description: A stack-use-after-scope issue was discovered in the expand mmac params function in preproc.c, allowing remote attackers to cause a denial of service via a crafted asm file. This issue affects the na...

CVE-2023-0274

The URL Params WordPress plugin before 2.5 does not validate and escape some of its shortcode attributes before outputting them back in a page/post where the shortcode is embed, which could allow users with the contributor role and above to perform Stored Cross-Site Scripting attacks...

Cross site scripting

The URL Params WordPress plugin before 2.5 does not validate and escape some of its shortcode attributes before outputting them back in a page/post where the shortcode is embed, which could allow users with the contributor role and above to perform Stored Cross-Site Scripting attacks...

CVE-2023-0274 URL Params < 2.5 - Contributor+ Stored XSS

The URL Params WordPress plugin before 2.5 does not validate and escape some of its shortcode attributes before outputting them back in a page/post where the shortcode is embed, which could allow users with the contributor role and above to perform Stored Cross-Site Scripting attacks...

PT-2023-16132 · WordPress · Url Params

Name of the Vulnerable Software and Affected Versions: URL Params WordPress plugin versions prior to 2.5 Description: The issue concerns the URL Params WordPress plugin, which does not validate and escape some of its shortcode attributes before outputting them back in a page or post where the...

CVE-2023-38684 Discourse vulnerable to ossible DDoS due to unbounded limits in various controller actions

Discourse is an open source discussion platform. Prior to version 3.0.6 of the stable branch and version 3.1.0.beta7 of the beta and tests-passed branches, in multiple controller actions, Discourse accepts limit params but does not impose any upper bound on the values being accepted. Without an...

CVE-2023-33903

In FM service, there is a possible missing params check. This could lead to local denial of service with System execution privileges needed...

CVE-2022-48450

In bluetooth service, there is a possible missing params check. This could lead to local denial of service with System execution privileges needed...

Design/Logic Flaw

In FM service, there is a possible missing params check. This could lead to local denial of service with System execution privileges needed...

CVE-2022-48450

CVE-2022-48450 : Affects Unisoc Bluetooth service. The issue is a missing parameter check in the Bluetooth service, which could allow a local denial of service and require system execution privileges to exploit. The NVD notes a Medium severity (CVSS 3.1: 4.4) with local attack vector and high pri...

CVE-2022-48450

In bluetooth service, there is a possible missing params check. This could lead to local denial of service with System execution privileges needed...

CVE-2023-33903

CVE-2023-33903 affects the FM service and is caused by a missing parameter check, enabling local denial of service with system execution privileges needed. Multiple connected sources corroborate a local impact and privilege requirement, with exploitation details not provided in the supplied docum...

CVE-2023-33903

In FM service, there is a possible missing params check. This could lead to local denial of service with System execution privileges needed...

CVE-2023-33903

In FM service, there is a possible missing params check. This could lead to local denial of service with System execution privileges needed...

CVE-2023-36390

A vulnerability has been identified in RUGGEDCOM ROX MX5000 All versions V2.16.0, RUGGEDCOM ROX MX5000RE All versions V2.16.0, RUGGEDCOM ROX RX1400 All versions V2.16.0, RUGGEDCOM ROX RX1500 All versions V2.16.0, RUGGEDCOM ROX RX1501 All versions V2.16.0, RUGGEDCOM ROX RX1510 All versions V2.16.0...