SUSE CVE-2011-3593

A certain Red Hat patch to the vlanhwacceldoreceive function in net/8021q/vlancore.c in the Linux kernel 2.6.32 on Red Hat Enterprise Linux RHEL 6 allows remote attackers to cause a denial of service system crash via priority-tagged VLAN frames...

SUSE CVE-2014-3634

rsyslog before 7.6.6 and 8.x before 8.4.1 and sysklogd 1.5 and earlier allows remote attackers to cause a denial of service crash, possibly execute arbitrary code, or have other unspecified impact via a crafted priority PRI value that triggers an out-of-bounds array access...

SUSE CVE-2014-3683

Integer overflow in rsyslog before 7.6.7 and 8.x before 8.4.2 and sysklogd 1.5 and earlier allows remote attackers to cause a denial of service crash via a large priority PRI value. NOTE: this vulnerability exists because of an incomplete fix for CVE-2014-3634...

SUSE CVE-2016-4020

The patchinstruction function in hw/i386/kvmvapic.c in QEMU does not initialize the imm32 variable, which allows local guest OS administrators to obtain sensitive information from host stack memory by accessing the Task Priority Register TPR...

SUSE CVE-2018-20615

An out-of-bounds read issue was discovered in the HTTP/2 protocol decoder in HAProxy 1.8.x and 1.9.x through 1.9.0 which can result in a crash. The processing of the PRIORITY flag in a HEADERS frame requires 5 extra bytes, and while these bytes are skipped, the total frame length was not re-check...

SUSE CVE-2019-9513

Some HTTP/2 implementations are vulnerable to resource loops, potentially leading to a denial of service. The attacker creates multiple request streams and continually shuffles the priority of the streams in a way that causes substantial churn to the priority tree. This can consume excess CPU...

SUSE CVE-2021-3982

Linux distributions using CAPSYSNICE for gnome-shell may be exposed to a privilege escalation issue. An attacker, with low privilege permissions, may take advantage of the way CAPSYSNICE is currently implemented and eventually load code to increase its process scheduler priority leading to possib...

WordPress WP Open Social Plugin <= 5.0 is vulnerable to Cross Site Scripting (XSS)

Software WP Open Social Type Plugin Vulnerable versions = 5.0 Fixed in N/A OWASP Top 10 A7: Cross-Site Scripting XSS Classification Cross Site Scripting XSS CVE CVE-2023-25792 Patch priority Low CVSS severity Low 5.9 Developer Claim ownership PSID 68defe0a437e Credits Rio Darmawan Required...

WordPress WordPress Social Login and Register (Discord, Google, Twitter, LinkedIn) Plugin <= 7.5.14 is vulnerable to Cross Site Request Forgery (CSRF)

Software WordPress Social Login and Register Discord, Google, Twitter, LinkedIn Type Plugin Vulnerable versions = 7.5.14 Fixed in 7.6.0 OWASP Top 10 A5: Broken Access Control Classification Cross Site Request Forgery CSRF CVE CVE-2023-23706 Patch priority Low CVSS severity Low 4.3 Developer Claim...

WordPress Wp-Insert Plugin <= 2.5.0 is vulnerable to Cross Site Scripting (XSS)

Software Wp-Insert Type Plugin Vulnerable versions = 2.5.0 Fixed in 2.5.1 OWASP Top 10 A7: Cross-Site Scripting XSS Classification Cross Site Scripting XSS CVE CVE-2023-25461 Patch priority Low CVSS severity Low 5.9 Developer Claim ownership PSID d6f86fdf4f79 Credits Abdi Pranata Required privile...

WordPress JSON Content Importer Plugin <= 1.3.15 is vulnerable to Cross Site Scripting (XSS)

Software JSON Content Importer Type Plugin Vulnerable versions = 1.3.15 Fixed in 1.3.16 OWASP Top 10 A7: Cross-Site Scripting XSS Classification Cross Site Scripting XSS CVE CVE-2023-25485 Patch priority Low CVSS severity Low 5.9 Developer Claim ownership PSID 8e9e1b4a066a Credits Rio Darmawan...

CVE-2023-23459 Priority Windows – Command Execution via SQL Injection

Priority Windows may allow Command Execution via SQL Injection using an unspecified method...

Priority Windows SQL注入漏洞

Priority Window Glass Priority Windows is a web application from Priority Window Glass, Inc. A security vulnerability exists in Priority Windows versions prior to 22.1, which originates from the possibility of executing commands via SQL injection using an unspecified method...

WordPress Ocean Extra Plugin < 2.1.3 is vulnerable to Sensitive Data Exposure

Software Ocean Extra Type Plugin Vulnerable versions 2.1.3 Fixed in 2.1.3 OWASP Top 10 A3: Sensitive Data Exposure Classification Sensitive Data Exposure CVE CVE-2023-0749 Patch priority High CVSS severity High 6.5 Developer Claim ownership PSID 4139d2fa0b6a Credits Erwan LR WPScan Required...

CVE-2023-23460 Priority Web – Authentication bypass

Priority Web version 19.1.0.68, parameter manipulation on an unspecified end-point may allow authentication bypass...

Priority Web 授权问题漏洞

Priority Window Glass Priority Web is a web site from Priority Window Glass, Inc. A security vulnerability exists in Priority Web version 19.1.0.68, which stems from an authentication bypass due to incorrect operation of an unspecified endpoint parameter...

CVE-2023-23459 Priority Windows – Command Execution via SQL Injection

Priority Windows may allow Command Execution via SQL Injection using an unspecified method...

CVE-2023-23460 Priority Web – Authentication bypass

Priority Web version 19.1.0.68, parameter manipulation on an unspecified end-point may allow authentication bypass...

WordPress WordPress Social Login and Register (Discord, Google, Twitter, LinkedIn) Plugin <= 7.5.14 is vulnerable to Cross Site Scripting (XSS)

Software WordPress Social Login and Register Discord, Google, Twitter, LinkedIn Type Plugin Vulnerable versions = 7.5.14 Fixed in 7.6.0 OWASP Top 10 A7: Cross-Site Scripting XSS Classification Cross Site Scripting XSS CVE CVE-2023-23710 Patch priority Low CVSS severity Low 5.9 Developer Claim...

PT-2023-18967 · Unknown · Priority Windows

Name of the Vulnerable Software and Affected Versions: Priority Windows affected versions not specified Description: The issue allows Command Execution via SQL Injection using an unspecified method. There is no information available about the estimated number of potentially affected devices...