CVE-2016-1000228

Summary: The provided connected advisories describe a DOM-based XSS vulnerability in the npm package Gmail.js (gmail-js). Affected versions contain unsafe handling in the functions tools.parse_response, helper.get.visible_emails_post, and helper.get.email_data_post, which pass user input directly...

CVE-2016-1000242

The connected advisories describe a Denial of Service in the mqtt package (GHSA-HG78-C92R-HVWR / OSV entry). Affected mqtt versions crash the Node.js process when handling specially crafted MQTT packets, leading to a DoS. Remediation: upgrade to v1.0.0 or later. References include GitHub Advisory...

CVE-2016-1000234

The CVE-2016-1000234 entry maps to a Cross-Site Scripting issue in the jqTree component. Connected advisories (GHSA-GJHX-GXWX-JX9J and OSV) describe that affected versions of jqtree are vulnerable to XSS via the drag-and-drop operation when modifying tree data, allowing script content within a no...

CVE-2013-7035

Technical details for CVE-2013-7035 are not publicly available in the provided documents; the CVE entry appears reserved. Monitor for updates.

CVE-2021-30492

The connected documents describe a real issue: zendesk_api_client_php is vulnerable to Server-Side Request Forgery (SSRF) because it does not validate the provided Zendesk subdomain in getAuthUrl and getAccessToken. Impact is that an attacker could cause arbitrary HTTP requests from the server. R...

CVE-2014-3143

CVE-2014-3143 is not just a placeholder; connected documents describe multiple curl/libcurl vulnerabilities. The issues involve memory safety in path handling and hostname parsing: (1) sanitize_cookie_path() may index memory with -1 when a path is a single double-quote, destroying heap memory; (2...

CVE-2008-1418

Technical details for CVE-2008-1418 are not publicly available in the provided documents. No affected products, impact, or remediation are specified here; monitor for updates from official advisories.

CVE-2015-6842

Technical details about CVE-2015-6842 are not publicly available in the provided documents. The connected Nessus plugin describes unrelated FreeBSD OTRS PID-file permissions but does not tie to this CVE. Monitor for updates.

CVE-2017-1307

Technical details for CVE-2017-1307 are not publicly available in the provided documents. Monitor for updates as new information may be published later.

CVE-2018-15860

Technical details for CVE-2018-15860 are not provided in the supplied documents. The entry appears reserved with no public details. Monitor for updates.

CVE-2021-11192

Technical details for CVE-2021-11192 are not publicly available in the provided documents. Monitor for updates.

CVE-2021-11191

Technical details for CVE-2021-11191 are not publicly available in the provided documents. Monitor for updates; no affected products, exploit info, or remediation details are stated in the supplied material.

CVE-2021-92253

CVE-2021-92253 is evidenced in the connected FreeBSD VuXML/Nessus entry as part of a set of cURL vulnerabilities, described as “Metalink download sends credentials.” The provided documents identify the issue as a problem in cURL (Metalink download) but do not include the technical details of affe...

SUSE SLES12 Security Update : kernel (Live Patch 38 for SLE 12 SP3) (SUSE-SU-2022:0552-1)

The remote SUSE Linux SLES12 / SLESSAP12 host has a package installed that is affected by multiple vulnerabilities as referenced in the SUSE-SU-2022:0552-1 advisory. - A read-after-free memory flaw was found in the Linux kernel's garbage collection for Unix domain socket file handlers in the way...

EulerOS 2.0 SP3 : kernel (EulerOS-SA-2022-1171)

According to the versions of the kernel packages installed, the EulerOS installation on the remote host is affected by the following vulnerabilities : - In the nl80211policy policy of nl80211.c, there is a possible out of bounds read due to a missing bounds check. This could lead to local...

Use-After-Free

A use-after-free flaw was found in ncirequest in net/nfc/nci/core.c in NFC Controller Interface NCI in the Linux kernel. This flaw could allow a local attacker with user privileges to cause a data race problem while the device is getting removed, leading to a privilege escalation problem...

CVE-2021-45008

Plesk CMS 18.0.37 is affected by an insecure permissions vulnerability that allows privilege Escalation from user to admin rights. OTE: the vendor states that this is only a site-specific problem on websites of one or more Plesk users...

CVE-2021-45008

Plesk CMS 18.0.37 is affected by an insecure permissions vulnerability that allows privilege Escalation from user to admin rights. OTE: the vendor states that this is only a site-specific problem on websites of one or more Plesk users...

CVE-2021-45007

Plesk 18.0.37 is affected by a Cross Site Request Forgery CSRF vulnerability that allows an attacker to insert data on the user and admin panel. NOTE: the vendor states that this is only a site-specific problem on websites of one or more Plesk users...

Denial Of Service (DoS)

RESERVED This candidate has been reserved by an organization or individual that will use it when announcing a new security problem. When the candidate has been publicized, the details for this candidate will be provided...