CVE-2022-44519

CVE-2022-44519 affects Acrobat Reader DC (versions 22.001.20085 and earlier, 20.005.3031x and earlier, 17.012.30205 and earlier). Root cause: a use-after-free in a component used when opening a malicious file, leading to possible disclosure of sensitive memory and the ability to bypass ASLR. Expl...

CVE-2023-47838

CVE-2023-47838 affects the WordPress plugin Conditional Fields for Contact Form 7 (cf7-conditional-fields). Root cause: Missing Authorization / Broken Access Control due to incorrectly configured access control levels, allowing exploitation by low-privilege users. Affected versions:

CVE-2018-9404

The CVE-2018-9404 issue affects Google Pixel/Nexus devices and is centered on the oemCallback function in ril.cpp, where an out-of-bounds write can result from an integer overflow. This could enable local elevation of privilege with System execution privileges required, and exploitation does not ...

CVE-2017-18307

CVE-2017-18307 is linked to Qualcomm chipsets (notably qcacld-3.0) and is described as an information-disclosure vulnerability that can occur during audio playback. The Red Hat and CVE listings corroborate an information leak, with Qualcomm’s product-security notes showing a local attack vector a...

CVE-2018-11922

Technical details (affected product/version, root cause, impact, fixes) for CVE-2018-11922 are not publicly available in the provided connected documents. Monitor for updates from vendors and security bulletins.

CVE-2017-13312

CVE-2017-13312 affects Android’s Media framework (MediaCas.java) where a parcel read/write mismatch in createFromParcel, due to improper input validation, can enable local elevation of privilege on Android 8.0 (Oreo). An app could start an activity with system privileges without extra execution p...

CVE-2021-1470

Cisco SD-WAN vManage Software is affected by CVE-2021-1470, an SQL injection vulnerability in the web-based management interface. The issue arises from improper input validation of SQL queries, allowing an authenticated, remote attacker to send malicious queries and potentially modify values on t...

CVE-2022-20853

CVE-2022-20853 concerns Cisco Expressway Series and Cisco TelePresence VCS. The issue is a CSRF vulnerability in the REST API/web-based management interface caused by insufficient CSRF protections, allowing an unauthenticated, remote attacker to persuade a logged-in user to follow a crafted link,...

CVE-2023-1973

CVE-2023-1973 is an Undertow vulnerability that allows a remote attacker to cause a Denial of Service by exploiting FormAuthenticationMechanism, leading to OutOfMemory on the server. The connected records (e.g., Red Hat RHSA-2025-9583) confirm this issue and indicate remediation via security upda...

CVE-2022-25777

CVE-2022-25777 affects Mautic with a Server-Side Request Forgery (SSRF) in the Asset section. An authenticated user could read system files and access internal addresses of the application. Mitigation: patch to Mautic 4.4.12 or later or 5.0.4 or later (per PT-2024-11539 and related advisories). I...

CVE-2024-31320

CVE-2024-31320 relates to Android’s setSkipPrompt in AssociationRequest.java, where an attacker could establish a companion device association without user confirmation, enabling local elevation of privilege with no user interaction. The Red Hat and CNVD entries align on an Android elevation-of-p...

CVE-2024-33870

CVE-2024-33870 affects Artifex Ghostscript up to version 10.03.1. The issue is a path traversal vulnerability in PostScript handling that can reach arbitrary files when the current directory is within permitted paths, e.g., transforming ../../foo to ./../../foo and gaining access if ./ is allowed...

CVE-2024-22232

CVE-2024-22232 describes a directory traversal in Salt’s file server triggered by a specially crafted URL. The underlying issue is input validation that allows traversal sequences, enabling a malicious user to read arbitrary files from a Salt master’s filesystem. Affected component: Salt master/f...

CVE-2023-40004

CVE-2023-40004 is a Missing Authorization vulnerability affecting multiple ServMask WordPress extensions (Box, OneDrive, Dropbox, Google Drive) for All-in-One WP Migration. Connected sources (Patchstack) confirm unauthenticated access token manipulation due to insufficient authorization in the pl...

CVE-2023-46148

CVE-2023-46148 – Themify Ultra (WordPress Theme) \n\nTechnical details from the provided sources indicate a Missing Authorization vulnerability in Themify Ultra (affecting versions up to 7.3.5). The root cause is insufficient access control that allows an authenticated user with subscriber-level ...

CVE-2024-1204

The CVE-2024-1204 issue affects the Meta Box WordPress Custom Fields Framework (versions prior to 5.9.4). It allows users with at least the Contributor role to access arbitrary custom fields assigned to other users’ posts, indicating a broken access control vulnerability. Remediation, per multipl...

CVE-2023-7201

CVE-2023-7201 affects the Everest Backup WordPress plugin (versions prior to 2.2.5). The flaw allows high-privilege users (e.g., admin) to upload arbitrary files due to improper validation, including in multisite setups. Red Hat and CVE sources corroborate the same description. Remediation: upgra...

CAN-2004-1076

CVE-2004-1076 affects the Atari800 emulator. The provided sources describe multiple buffer overflows in the RtConfigLoad function in rt-config.c, affecting versions before 1.3.4, allowing local users to execute arbitrary code via large values in the configuration file. Exploitation details are no...

CAN-2004-1183

CVE-2004-1183 is a documented integer overflow in the tiffdump utility of libtiff (affecting versions prior to the patch). Several advisories (Ubuntu USN-54-1, Red Hat RHSA-2005:035, Gentoo GLSA-200501-06, SUSE-SA:2005:001, Debian/others) describe that processing carefully crafted TIFF images can...

CAN-2004-1027

CVE-2004-1027 is a directory traversal vulnerability in unarj. The issue arises when extracting ARJ archives with the -x option; specially crafted archives can cause files to be created in the parent directory (…/.. paths) and, when used recursively, may overwrite critical system files. Publicly ...