17 matches found
CVE-2024-35155 IBM MQ information disclosure
IBM MQ Console 9.3 LTS and 9.3 CD could disclose could allow a remote attacker to obtain sensitive information when a detailed technical error message is returned in the browser. This information could be used in further attacks against the system. IBM X-Force ID: 292765...
Microweber Security Breach
Microweber is an online store management system that provides drag and drop functionality from the Microweber community in the United States. The system includes modules for adding products, images, and more. A security vulnerability exists in Microweber version v.2.0.1. A remote attacker can...
Microsoft Windows Hyper-V Elevation of Privilege (CVE-2022-35751)
An elevation of privilege vulnerability exists in Microsoft Windows. Successful exploitation of this vulnerability could allow a remote attacker to execute arbitrary code on the affected system...
CVE-2022-1271
An arbitrary file write vulnerability was found in GNU gzip's zgrep utility. When zgrep is applied on the attacker's chosen file name for example, a crafted file name, this can overwrite an attacker's content to an arbitrary attacker-selected file. This flaw occurs due to insufficient validation...
CVE-2021-33981
An insecure, direct object vulnerability in hunting/fishing license retrieval function of the "Fish | Hunt FL" iOS app versions 3.8.0 and earlier allows a remote authenticated attacker to retrieve other people's personal information and images of their hunting/fishing licenses...
CVE-2020-25868
Pexip Infinity 22.x through 24.x before 24.2 has Improper Input Validation for call setup. An unauthenticated remote attacker can trigger a software abort temporary loss of service...
[ASA-201904-10] libpng: denial of service
Arch Linux Security Advisory ASA-201904-10 ========================================== Severity: Low Date : 2019-04-24 CVE-ID : CVE-2019-7317 Package : libpng Type : denial of service Remote : No Link : https://security.archlinux.org/AVG-868 Summary ======= The package libpng before version 1.6.37...
CVE-2018-6126
A precision error in Skia in Google Chrome prior to 67.0.3396.62 allowed a remote attacker to perform an out of bounds memory write via a crafted HTML page...
CVE-2018-6071
An integer overflow in Skia in Google Chrome prior to 65.0.3325.146 allowed a remote attacker to perform an out of bounds memory read via a crafted HTML page...
WordPress 4.8.x < 4.8.2 Multiple Vulnerabilities
According to its self-reported version number, the detected WordPress application is affected by multiple vulnerabilities : - A flaw in $wpdb-prepare can create unsafe queries leading to potential SQL injection flaws with plugins and themes. - Multiple cross-site scripting XSS vulnerabilities...
Cisco Unified Customer Voice Portal Denial of Service Vulnerability
A vulnerability in the application server of the Cisco Unified Customer Voice Portal CVP could allow an unauthenticated, remote attacker to cause a denial of service DoS condition on the affected device. The vulnerability is due to malformed SIP INVITE traffic received on the CVP during...
CVE-2016-10703
A regular expression Denial of Service DoS vulnerability in the file lib/ecstatic.js of the ecstatic npm package, before version 2.0.0, allows a remote attacker to overload and crash a server by passing a maliciously crafted string...
Design/Logic Flaw
A use after free in Google Chrome prior to 56.0.2924.76 for Linux, Windows and Mac, and 56.0.2924.87 for Android, allowed a remote attacker to perform an out of bounds memory read via a crafted HTML page...
CVE-2017-3822
A vulnerability in the logging subsystem of the Cisco Firepower Threat Defense FTD Firepower Device Manager FDM could allow an unauthenticated, remote attacker to add arbitrary entries to the audit log. This vulnerability affects Cisco Firepower Threat Defense Software versions 6.1.x on the...
Flashchat aedating4CMS.php dirinc Parameter PHP Code Execution - Ver2 (CVE-2006-4583)
A code execution vulnerability has been reported in FlashChat. Successful exploitation of this vulnerability could allow a remote attacker to execute arbitrary code on the affected system...
RedHat Security Advisory RHSA-2009:1651
The remote host is missing updates announced in advisory RHSA-2009:1651. The Network Time Protocol NTP is used to synchronize a computer SPDX-FileCopyrightText: 2009 E-Soft Inc. Some text descriptions might be excerpted from a referenced sources, and are Copyright C by the respective right holder...
DNN (DotNetNuke) < 5.2.0 SearchResults.aspx XSS
The version of DNN installed on the remote host is affected by a cross-site scripting vulnerability due to a failure to properly sanitize user-supplied input to the 'Search' parameter of the 'SearchResults.aspx' script before using it to generate dynamic HTML output. An unauthenticated, remote...