MiracleLinux 4 : kernel-2.6.32-504.12.2.el6 (AXSA:2015-106:03)

The remote MiracleLinux 4 host has packages installed that are affected by multiple vulnerabilities as referenced in the AXSA:2015-106:03 advisory. Description: The kernel package contains the Linux kernel vmlinuz, the core of any Linux operating system. The kernel handles the basic functions of...

MiracleLinux 7 : java-1.8.0-openjdk-1.8.0.91-0.b14.el7 (AXSA:2016-215:03)

The remote MiracleLinux 7 host has packages installed that are affected by multiple vulnerabilities as referenced in the AXSA:2016-215:03 advisory. The OpenJDK runtime environment. Security issues fixed with this release: CVE-2016-0686 RESERVED This candidate has been reserved by an organization ...

CVE-2022-26388

A use of hard-coded password vulnerability may allow authentication abuse.This issue affects ELI 380 Resting Electrocardiograph: Versions 2.6.0 and prior; ELI 280/BUR280/MLBUR 280 Resting Electrocardiograph: Versions 2.3.1 and prior; ELI 250c/BUR 250c Resting Electrocardiograph: Versions 2.1.2 an...

CVE-2023-46611

CVE-2023-46611 concerns the WordPress YOP Poll plugin (

CVE-2023-44988

CVE-2023-44988 affects the WordPress plugin WP Custom Admin Interface (versions

CVE-2020-9086

Summary: CVE-2020-9086 describes a buffer error vulnerability in some Huawei products where an unauthenticated attacker can trigger a flaw by sending specially crafted UPnP messages to vulnerable devices, due to insufficient input validation. The consequence is a potential service abnormality, wi...

CVE-2024-2201

CVE-2024-2201 describes a cross-privilege Spectre v2 vulnerability affecting Linux kernels on Intel systems, enabling a local attacker to bypass mitigations (including Fine IBT) and potentially leak arbitrary kernel memory. The issue is grounded in the kernel’s handling of Spectre v2 defenses and...

CVE-2018-9381

CVE-2018-9381 affects the gatt_sr.c component, specifically the gatts_process_read_by_type_req path, where uninitialized data can cause information disclosure. The issue enables remote information disclosure without additional execution privileges and requires no user interaction. Publicly disclo...

CVE-2018-9472

The CVE-2018-9472 entry concerns a flaw in xmlMemStrdupLoc within xmlmemory.c, causing an out-of-bounds write due to an integer overflow. This could enable remote code execution in an unprivileged process with no extra privileges, and requires user interaction to exploit. Red Hat and CVE sources ...

CVE-2023-7010

CVE-2023-7010 is a use-after-free vulnerability in WebRTC in Google Chrome, with impact described as potential heap corruption. The affected software is Google Chrome (WebRTC component); the concrete detail provided indicates exploitation could be remote via a crafted HTML page, and the vulnerabi...

CVE-2023-51543

CVE-2023-51543 describes an Authentication Bypass by Spoofing in the WordPress plugin RegistrationMagic (Metagauss) that allows bypassing ACL constraints to access restricted functionality. Affected versions are RegistrationMagic up to 5.2.5.0 (version range stated as n/a through 5.2.5.0). The vu...

CVE-2021-25817

The Initial CVE-2021-25817 entry is a reserved placeholder. Connected documents provide concrete details for CVE-2020-25817 (SilverStripe through 4.6.0-rc1) describing an XXE vulnerability in CSSContentParser. A developer utility used for parsing HTML in unit tests can be exploited to trigger XXE...

CVE-2023-4638

CVE-2023-4638 affects GitLab CE/EE (versions 13.3–16.1.4, 16.2.0–16.2.4, 16.3.0) where an unauthenticated/unauthorized user can fork a project outside of the current group due to improper permission validation. Impact includes potential privilege escalation or access to project data via misrouted...

CVE-2022-4134

Removed by vendor...

CVE-2021-0764

CVE-2021-0764 is listed in the Android 12 security release notes under the Framework component with type ID and Moderate severity. Patches were released to the Android Open Source Project as part of Android 12, and devices with Android 12 configured to a security patch level of 2021-10-01 or late...

CVE-2021-25632

This candidate has been reserved by an organization or individual that will use it when announcing a new security problem. When the candidate has been publicized, the details for this candidate will be provided...

CVE-2019-4245

CVE-2019-4245 is addressed in IBM Cognos TM1 via an unquoted Windows search path vulnerability that could allow a local user to execute arbitrary code with elevated privileges by placing a malicious file named like a legitimate file. The IBM Security Bulletin for TM1 (and Planning Analytics ecosy...

CVE-2018-1527

Affected software : IBM i2 Analyst’s Notebook (Premium) versions around 9.0.8. Vulnerability : XML Entity Injection (XXE) when processing XML during import (Cellebrite, XRY, Notebook Exchange from the Import menu). Root cause : processing XML data with external entities that can call out to exter...

CVE-2008-1418

Technical details for CVE-2008-1418 are not publicly available in the provided documents. No affected products, impact, or remediation are specified here; monitor for updates from official advisories.

CVE-2021-92253

CVE-2021-92253 is evidenced in the connected FreeBSD VuXML/Nessus entry as part of a set of cURL vulnerabilities, described as “Metalink download sends credentials.” The provided documents identify the issue as a problem in cURL (Metalink download) but do not include the technical details of affe...