18 matches found
CVE-2020-9711
CVE-2020-9711 describes an out-of-bounds read (CWE-125) in Adobe Acrobat/Reader. Affected products include multiple lines of Acrobat/Reader: DC Continuous and Classic channels, across 2015, 2017, 2020 release families (e.g., 2020.009.20074, 2020.001.30002, 2017.011.30171, 2015.006.30523 and earli...
CVE-2024-31119
CVE-2024-31119 is a DOM-based XSS vulnerability in the WordPress plugin Special Box for Content by Vasilis Triantafyllou. The issue is described as an improper neutralization of input during web page generation, enabling DOM‑Based XSS. Affected version range is listed as from “n/a through 1” (i.e...
CVE-2018-9394
The CVE-2018-9394 entry concerns the MediaTek MTK P2P driver: mtk_p2p_wext_set_key in drivers/misc/mediatek/connectivity/wlan/gen2/os/linux/gl_p2p.c. The vulnerability is an out-of-bounds (OOB) write caused by improper input validation, enabling local privilege escalation with System execution pr...
CVE-2024-1846
CVE-2024-1846 affects the WordPress plugin “Responsive Tabs” (versions before 4.0.7). The issue is a lack of validation/escaping of shortcode attributes, leading to Stored XSS when the shortcode is rendered in a post/page. The root cause is improper handling of attributes in the plugin’s output. ...
CVE-2024-1999
The WordPress plugin Gutenberg Blocks by Kadence Blocks – Page Builder Features is affected by CVE-2024-1999: Stored XSS via the Testimonial Widget anchor style parameter in versions up to 3.2.25. Exploitation requires at least Contributor‑level access and can lead to stored scripts executing on ...
CAN-2004-0982
CVE-2004-0982 is linked to mpg123 and is described in multiple feeds as a heap-based buffer overflow in httpdget.c that allows remote code execution via a long URL, affecting mpg123 before the 0.59s-rll patch. The issue is cited in later entries (e.g., CVE-2006-3355 as an incomplete patch continu...
CVE-2022-32758
CVE-2022-32758 is listed in IBM’s Security Directory Suite bulletin as a vulnerability where a remote attacker could hijack the clicking action of a victim by guiding them to a malicious site. The affected product context is IBM Security Directory Server within IBM Security Directory Suite, with ...
CVE-2018-12119
CVE-2018-12119 is a reserved candidate in Initial Description; connected data indicates a Cross-site Scripting (XSS) issue in knowledge_repo due to lack of sanitization of user-supplied parameters (e.g., comments) when rendering templates. The vulnerability is tied to knowledge_repo’s web renderi...
CVE-2021-0847
CVE-2021-0847 is listed under Android 12 in the Media Framework category as a Remote Code Execution (RCE) issue with Moderate severity. The Android 12 release notes confirm this CVE is part of vulnerabilities fixed in this release, and patches to AOSP are expected with the Android 12 update. The ...
CVE-2021-0841
CVE-2021-0841 is listed in Android 12 Security Release Notes under the System component with Type: Elevation of Privilege (EoP) and Severity: Moderate. The notes state this issue is addressed as part of Android 12, and devices with a patch level of 2021-10-01 or later are protected. No exploitati...
CVE-2021-0839
CVE-2021-0839 is listed in the Android 12 Media Framework. It is classified as a Denial of Service (DoS) vulnerability with a Moderate severity. The provided documents do not include exploit details, affected versions, root cause, or a remediation/patch for this CVE. No additional public exploit ...
CVE-2021-0795
CVE-2021-0795 is listed in Android 12 security release notes under the System component with Android bug ID A-180422331, Type ID, and Severity Moderate. The document provides no details on the root cause, affected subcomponents, exploit information, or remediation; no public technical specifics a...
CVE-2021-0761
CVE-2021-0761 is listed under Android 12, Framework, with type ID (information disclosure) and moderate severity. The connected Android 12 release notes confirm issue grouping and that updates to Android 12 patch level 2021-10-01 or later address these issues. No explicit root-cause details or ex...
CVE-2020-4847
IBM Verify Gateway (IVG) contains CVE-2020-4847: when IVG components make API calls, tenant secrets can be exposed (client API secrets, access tokens, cookies) and used to impersonate a tenant. Base score 7.1. Affected IVG versions: RADIUS 1.0.0; PAM 1.0.0, 1.0.1; WinLogin 1.0.0, 1.0.1. Remediati...
CVE-2020-4844
CVE-2020-4844 is addressed in IBM Security Identity Governance and Intelligence (IGI) 5.2.6. The IBM Security Directory Integrator component used by IGI had hard coded credentials, which has been removed in the fix. Affected product: IBM Security Identity Governance and Intelligence, version 5.2....
CVE-2020-19599
CVE-2020-19599 is covered within a Gentoo advisories set on Binutils: Multiple vulnerabilities. The connected Gentoo GLSA-202107-24 references CVE-2020-19599 among other CVEs and notes multipleBinutils vulnerabilities with no workaround availability. The Gentoo advisory recommends upgrading Binut...
CVE-2020-9709
CVE-2020-9709 is referenced in APSB20-45 as a security bypass that could lead to privilege escalation in Adobe Photoshop CC 2019/2020. The connected Nessus entries indicate affected products are Photoshop on Windows and macOS prior to 20.0.10/21.2.1, with the advisory describing multiple vulnerab...
CVE-2021-11192
Technical details for CVE-2021-11192 are not publicly available in the provided documents. Monitor for updates.