IBM UrbanCode Deploy Encryption Issue Vulnerability (CNVD-2022-63372)

IBM UrbanCode Deploy UCD is a set of application automation deployment tools from IBM Corporation in the United States. The tool is based on an application deployment automation management information model, and through remote agent technology to automate the deployment of complex applications in...

India’s New Super App Has a Privacy Problem

Tata Neu is the country’s latest do-everything app. When users signed up, their personal information was already there...

Oracle Linux 6 / 7 : Unbreakable Enterprise kernel (ELSA-2022-9348)

The remote Oracle Linux 6 / 7 host has packages installed that are affected by multiple vulnerabilities as referenced in the ELSA-2022-9348 advisory. - fget: check that the fd still exists after getting a ref to it Linus Torvalds Orabug: 33679806 CVE-2021-0920 - afunix: fix garbage collect vs...

Amazon Linux 2 : kernel (ALASKERNEL-5.4-2022-007)

The version of kernel installed on the remote host is prior to 5.4.144-69.257. It is, therefore, affected by multiple vulnerabilities as referenced in the ALAS2KERNEL-5.4-2022-007 advisory. A race problem was seen in the vtkioctl in drivers/tty/vt/vtioctl.c in the Linux kernel, which may cause an...

Amazon Linux 2 : kernel, --advisory ALAS2KERNEL-5.10-2022-011 (ALASKERNEL-5.10-2022-011)

The version of kernel installed on the remote host is prior to 5.10.102-99.473. It is, therefore, affected by multiple vulnerabilities as referenced in the ALAS2KERNEL-5.10-2022-011 advisory. AMD recommends using a software mitigation for this issue, which the kernel is enabling by default. The...

Amazon Linux 2 : kernel (ALASKERNEL-5.10-2022-005)

The version of kernel installed on the remote host is prior to 5.10.62-55.141. It is, therefore, affected by multiple vulnerabilities as referenced in the ALAS2KERNEL-5.10-2022-005 advisory. A flaw was found in the Linux kernel's implementation of wireless drivers using the Atheros chipsets. An...

CVE-2019-16158

Fortinet FortiManager GUI contains an improper neutralization of input in the buffer parameter, enabling an authenticated attacker to perform an XSS attack. This vulnerability is documented in FG-IR-19-271 and is referenced in CNVD-2020-19918. No specific patch/version details are provided in the...

CVE-2014-9511

Summary: CVE-2014-9511 maps to a WordPress vulnerability in the Sell Downloads plugin (versions ≤ 1.0.1). The issue arises from a lack of input sanitization, allowing an attacker to disclose arbitrary files on the server by accessing them through the web context. This can lead to exposure of serv...

CVE-2020-24230

This CVE entry maps to a CSRF vulnerability in the WordPress Patreon plugin (versions ≤ 1.6.9). The flaw allows an attacker to overwrite or create user meta via CSRF, enabling unauthorized changes to user metadata. Impact is tied to insufficient request authentication for certain actions, as desc...

CVE-2021-29232

Summary: Multiple connected sources confirm a concrete vulnerability in WordPress Simple Membership plugin (versions ≤ 4.0.3; remediation to at least 4.0.4) enabling authenticated SQL injection from the admin backend. Affected component: WordPress Simple Membership plugin, backend/admin queries. ...

CVE-2021-25632

This candidate has been reserved by an organization or individual that will use it when announcing a new security problem. When the candidate has been publicized, the details for this candidate will be provided...

CVE-2019-19233

The connected OpenVAS/Mageia OSV/OSVDB entries document CVEs related to sudo in CVE-2019-19232 and CVE-2019-19234. The advisory MGASA-2020-0246 explains that sudo could run commands with unknown user/group ids when configured with aliases like ALL, potentially letting sudo impersonate non-existen...

CVE-2017-10516

CVE-2017-10516 is linked to a cross-site scripting (XSS) vulnerability in Pallets Werkzeug prior to 0.11.11. The issue resides in the render_full function within the debug/tbtools.py debugger, allowing remote attackers to inject arbitrary script/HTML via an exception message. Affected product/ver...

CVE-2014-1197

CVE-2014-1197 concerns GNU Cpio 2.11 where the --no-absolute-filenames option can be bypassed via symlinks during extraction, allowing rogue archives to write files outside the current directory. Mageia MGASA-2015-0080 documents this issue (CVE-2014-1197) and references a fix in updated cpio pack...

CVE-2018-1832

IBM Event Streams 2018.3.0 and 2018.3.1 are affected by CVE-2018-1832, where a remote attacker could bypass security restrictions by modifying the UI session cookie after authentication, potentially exposing user and session data during an encrypted session. The remediation is to upgrade to IBM E...

CVE-2022-1280

A use-after-free vulnerability was found in drmleaseheld in drivers/gpu/drm/drmlease.c in the Linux kernel due to a race problem. This flaw allows a local user privilege attacker to cause a denial of service DoS or a kernel information leak...

CVE-2022-1280

A use-after-free vulnerability was found in drmleaseheld in drivers/gpu/drm/drmlease.c in the Linux kernel due to a race problem. This flaw allows a local user privilege attacker to cause a denial of service DoS or a kernel information leak...

Design/Logic Flaw

A use-after-free vulnerability was found in drmleaseheld in drivers/gpu/drm/drmlease.c in the Linux kernel due to a race problem. This flaw allows a local user privilege attacker to cause a denial of service DoS or a kernel information leak...

CVE-2022-1280

A use-after-free vulnerability was found in drmleaseheld in drivers/gpu/drm/drmlease.c in the Linux kernel due to a race problem. This flaw allows a local user privilege attacker to cause a denial of service DoS or a kernel information leak...

WordPress Download Manager plugin encryption problem vulnerability

WordPress is the Wordpress Foundation's set of blogging platform developed using the PHP language. The platform supports the erection of personal blog sites on PHP and MySQL servers. WordPress plugin is a WordPress open source application plugin. WordPress Download Manager plugin version 3.2.39...