SUSE CVE-2014-4655

The sndctlelemadd function in sound/core/control.c in the ALSA control implementation in the Linux kernel before 3.15.2 does not properly maintain the userctlcount value, which allows local users to cause a denial of service integer overflow and limit bypass by leveraging /dev/snd/controlCX acces...

SUSE CVE-2014-4654

The sndctlelemadd function in sound/core/control.c in the ALSA control implementation in the Linux kernel before 3.15.2 does not check authorization for SNDRVCTLIOCTLELEMREPLACE commands, which allows local users to remove kernel controls and cause a denial of service use-after-free and system...

SUSE CVE-2016-5734

phpMyAdmin 4.0.x before 4.0.10.16, 4.4.x before 4.4.15.7, and 4.6.x before 4.6.3 does not properly choose delimiters to prevent use of the pregreplace e aka eval modifier, which might allow remote attackers to execute arbitrary PHP code via a crafted string, as demonstrated by the table...

SUSE CVE-2017-9118

PHP 7.1.5 has an Out of bounds access in phppcrereplaceimpl via a crafted pregreplace call...

SUSE CVE-2018-5164

Content Security Policy CSP is not applied correctly to all parts of multipart content sent with the "multipart/x-mixed-replace" MIME type. This could allow for script to run where CSP should block it, allowing for cross-site scripting XSS and other attacks. This vulnerability affects Firefox 60...

SUSE CVE-2021-28153

An issue was discovered in GNOME GLib before 2.66.8. When gfilereplace is used with GFILECREATEREPLACEDESTINATION to replace a path that is a dangling symlink, it incorrectly also creates the target of the symlink as an empty file, which could conceivably have security relevance if the symlink is...

SUSE CVE-2022-2625

A vulnerability was found in PostgreSQL. This attack requires permission to create non-temporary objects in at least one schema, the ability to lure or wait for an administrator to create or update an affected extension in that schema, and the ability to lure or wait for a victim to use the objec...

SUSE CVE-2022-23563

Tensorflow is an Open Source Machine Learning Framework. In multiple places, TensorFlow uses tempfile.mktemp to create temporary files. While this is acceptable in testing, in utilities and libraries it is dangerous as a different process can create the file between the check for the filename in...

SUSE CVE-2022-25647

The package com.google.code.gson:gson before 2.8.9 are vulnerable to Deserialization of Untrusted Data via the writeReplace method in internal classes, which may lead to DoS attacks...

CVE-2023-0255

The Enable Media Replace WordPress plugin before 4.0.2 does not prevent authors from uploading arbitrary files to the site, which may allow them to upload PHP shells on affected sites...

CVE-2023-0255

The Enable Media Replace WordPress plugin before 4.0.2 does not prevent authors from uploading arbitrary files to the site, which may allow them to upload PHP shells on affected sites...

Design/Logic Flaw

The Enable Media Replace WordPress plugin before 4.0.2 does not prevent authors from uploading arbitrary files to the site, which may allow them to upload PHP shells on affected sites...

CVE-2023-0255 Enable Media Replace < 4.0.2 - Author+ Arbitrary File Upload

The Enable Media Replace WordPress plugin before 4.0.2 does not prevent authors from uploading arbitrary files to the site, which may allow them to upload PHP shells on affected sites...

PT-2023-16115 · WordPress · Enable Media Replace

Name of the Vulnerable Software and Affected Versions: Enable Media Replace WordPress plugin versions prior to 4.0.2 Description: The issue allows authors to upload arbitrary files to the site, potentially enabling them to upload PHP shells on affected sites. Recommendations: For Enable Media...

WordPress plugin Enable Media Replace 代码问题漏洞

WordPress and WordPress plugin are both products of the WordPress Foundation.WordPress is a blogging platform developed using the PHP language. WordPress is a blogging platform developed using the PHP language, which supports personal blog sites on PHP and MySQL servers.WordPress plugin is an...

MAL-2023-1890 Malicious code in ktcalendar (PyPI)

--- -= Per source details. Do not edit below this line.=- Source: checkmarx 3dae7c8d1185e6518c9e9358deb5aaa5806eb6b2b206a8b05731baa4a45a5b9c Attacker distributed 900+ malicious packages via PyPi, infecting local browsers with malicious extension to manipulate clipboard and replace crypto wallet...

MAL-2023-2319 Malicious code in tkcalednar (PyPI)

--- -= Per source details. Do not edit below this line.=- Source: checkmarx 2751263c8ef9db6ea790ea61f6c7150637a90527d732057cb54706619c31cca7 Attacker distributed 900+ malicious packages via PyPi, infecting local browsers with malicious extension to manipulate clipboard and replace crypto wallet...

MAL-2023-1606 Malicious code in beautifullsoup (PyPI)

--- -= Per source details. Do not edit below this line.=- Source: checkmarx 04548ce815bd23055174dcc824e420faa7e2b47ba62b0fe5fdc944bc2fed31c8 Attacker distributed 900+ malicious packages via PyPi, infecting local browsers with malicious extension to manipulate clipboard and replace crypto wallet...

Malicious code in prompt-tooklit (PyPI)

--- -= Per source details. Do not edit below this line.=- Source: checkmarx 0292eb70515cacbc039258076708c4c85c30f09fa372c21c108efbea1a264615 Attacker distributed 900+ malicious packages via PyPi, infecting local browsers with malicious extension to manipulate clipboard and replace crypto wallet...

Malicious code in prompt-otolkit (PyPI)

--- -= Per source details. Do not edit below this line.=- Source: checkmarx 33a53acb696e4b7effb680ca3abc3b18e14006ec92d050945cf6cc35c5f9f30c Attacker distributed 900+ malicious packages via PyPi, infecting local browsers with malicious extension to manipulate clipboard and replace crypto wallet...