1378 matches found
CVE-2022-25775
CVE-2022-25775 affects Mautic, specifically the Reports bundle. The vulnerability is an SQL injection in dynamic Reports, allowing an authenticated, logged-in user to retrieve and alter data, potentially exposing sensitive information, compromising credentials, and, depending on database permissi...
CVE-2022-25774
CVE-2022-25774 affects Mautic prior to 4.4.12. A self‑XSS in the notifications you save for Dashboards allows logged‑in users to inject/execute JavaScript in the notification content. Remediation: update to Mautic 4.4.12 or later. No exploitation details are provided in the supplied documents.
CVE-2022-25769
CVE-2022-25769 relates to Mautic where the default .htaccess contains an improper regex in the htaccess FilesMatch rule that only checks the filename, not the full path. This logic flaw allows improper access control and could enable unauthorized access to restricted PHP files in the root directo...
CVE-2024-22303
CVE-2024-22303 is an Incorrect Privilege Assignment vulnerability in the favethemes Houzez WordPress theme (affected versions “n/a through 3.2.4”). The issue allows Privilege Escalation for authenticated users (Subscriber+). CVSS v3.1 base score 8.8 (HIGH) with network exposure, low attack comple...
CVE-2024-21743
CVE-2024-21743 is a Privilege Escalation in the favethemes Houzez Login Register WordPress plugin (houzez-login-register) affecting versions ≤ 3.2.5. The issue enables authenticated users (Subscriber level) to escalate privileges, effectively via an account takeover vector; it is described as a S...
CVE-2023-46809
Node.js versions which bundle an unpatched version of OpenSSL or run against a dynamically linked version of OpenSSL which are unpatched are vulnerable to the Marvin Attack - https://people.redhat.com/hkario/marvin/, if PCKS 1 v1.5 padding is allowed when performing RSA descryption using a privat...
CVE-2023-46809
CVE-2023-46809 affects Node.js runtimes that bundle an unpatched OpenSSL or use a dynamically linked OpenSSL version; exposed to the Marvin Attack when PKCS #1 v1.5 padding is allowed during RSA decryption with a private key. This is a timing/side-channel vulnerability affecting confidentiality a...
CVE-2023-39333
Maliciously crafted export names in an imported WebAssembly module can inject JavaScript code. The injected code may be able to access data and functions that the WebAssembly module itself does not have access to, similar to as if the WebAssembly module was a JavaScript module. This vulnerability...
CVE-2023-30583
CVE-2023-30583 : In Node.js 20, the fs.openAsBlob() API can bypass the experimental permission model when the file system read restriction is enabled with --allow-fs-read, due to a missing check in fs.openAsBlob(). The description notes this as part of the experimental feature set. Remediation/fi...
CVE-2023-30587
CVE-2023-30587: Node.js 20 inspector-based bypass allows an attacker to modify the Worker’s isInternal value when an inspector attaches inside the Worker constructor before initializing WorkerImpl, bypassing the experimental permission model. Affected: Node.js users using the permission model mec...
CVE-2023-30583
fs.openAsBlob can bypass the experimental permission model when using the file system read restriction with the --allow-fs-read flag in Node.js 20. This flaw arises from a missing check in the fs.openAsBlob API. Please note that at the time this CVE was issued, the permission model is an...
CVE-2023-30587
A vulnerability in Node.js version 20 allows for bypassing restrictions set by the --experimental-permission flag using the built-in inspector module node:inspector. By exploiting the Worker class's ability to create an "internal worker" with the kIsInternal Symbol, attackers can modify the...
RHEL 8 : kernel (RHSA-2024:4731)
The remote Redhat Enterprise Linux 8 host has packages installed that are affected by multiple vulnerabilities as referenced in the RHSA-2024:4731 advisory. The kernel packages contain the Linux kernel, the core of any Linux operating system. Security Fixes: kernel: GSM multiplexing race conditio...
CVE-2023-7012
CVE-2023-7012 affects Google Chrome’s Permission Prompts due to insufficient data validation, potentially enabling a sandbox escape when a user runs a malicious app. Described for Chrome versions before 117.0.5938.62; exploitation requires user interaction and a malicious file. Astra Linux bullet...
CVE-2024-3176
CVE-2024-3176 affects Google Chrome with an out-of-bounds write in SwiftShader triggered by a crafted HTML page, enabling remote memory corruption. Chrome versions prior to 117.0.5938.62 are vulnerable; upgrade to 117.0.5938.62 or later to mitigate. Other connected sources corroborate the same Ch...
CVE-2023-7010
CVE-2023-7010 is a use-after-free vulnerability in WebRTC in Google Chrome, with impact described as potential heap corruption. The affected software is Google Chrome (WebRTC component); the concrete detail provided indicates exploitation could be remote via a crafted HTML page, and the vulnerabi...
CVE-2023-4860
CVE-2023-4860 affects Google Chrome (Skia) via an inappropriate Skia implementation in Chromium before 115.0.5790.98, allowing a remote attacker who has compromised the renderer process to potentially escape the sandbox by crafting an HTML page. The vulnerability is rooted in the Skia component a...
CVE-2024-3174
The CVE-2024-3174 entry describes an issue in Google Chrome/Chromium’s V8: an inappropriate implementation allowed remote attackers to potentially trigger object corruption via a crafted HTML page. Affected version set is before 119.0.6045.105 (Chromium), with High severity per NVD. The vulnerabi...
CVE-2024-3175
CVE-2024-3175 concerns insufficient data validation in the Chrome Extensions component, enabling privilege escalation via a crafted Chrome Extension. The primary documentation states vulnerable component as Extensions, with affected Chrome versions before 120.0.6099.62 (remediation: update to 120...
CVE-2024-3169
The CVE-2024-3169 issue affects Google Chrome (V8/Chromium) and is caused by a Use after free in V8, leading to potential heap corruption via a crafted HTML page. Affected software includes Google Chrome with V8, prior to 121.0.6167.139. Impact is high: remote attacker could potentially exploit t...