CVE-2024-4877

OpenVPN version 2.4.0 through 2.6.10 on Windows allows an external, lesser privileged process to create a named pipe which the OpenVPN GUI component would connect to allowing it to escalate its privileges...

CVE-2019-16151

Fortinet FortiOS 6.4.1 and below and FortiOS 6.2.9 and below are affected by an improper neutralization of input during web page generation (CWE-79). A remote unauthenticated attacker can exploit a crafted Host header to redirect users to malicious sites or to execute JavaScript in the victim’s b...

CVE-2024-4990

CVE-2024-4990 (Yii2

CVE-2021-22126

CVE-2021-22126 relates to Fortinet FortiWLC and is a hard-coded password vulnerability. A local, authenticated attacker could connect to the managed APs (Meru AP and FortiAP-U) as root using the default hard-coded username and password. Affected FortiWLC versions are 8.5.2 and below, 8.4.8 and be...

CVE-2021-32584

CVE-2021-32584 describes an improper access control (CWE-284) in Fortinet FortiWLC across multiple versions (e.g., 8.6.0, 8.5.3 and below, 8.4.8 and below, 8.3.3 and below, 8.2.7 to 8.2.4, 8.1.3). An unauthenticated, remote attacker could access certain areas of the web management CGI by specifyi...

CVE-2021-26087

The CVE-2021-26087 entry documents a stored Cross-Site Scripting (XSS) vulnerability in Fortinet FortiWLC web interfaces. Affected FortiWLC releases include 8.6.0, 8.5.3 and earlier, 8.4.8 and earlier, and 8.3.3. Root cause is improper neutralization of input during web page generation, enabling ...

CVE-2022-31631

CVE-2022-31631 affects PHP versions where PDO::quote() on SQLite can misquote long input, enabling potential SQL injection. Affected: PHP 8.0.x before 8.0.27, 8.1.x before 8.1.15, and 8.2.x before 8.2.2. The issue stems from incorrect quoting in the SQLite path, as documented in multiple advisori...

CVE-2022-31631

In PHP versions 8.0. before 8.0.27, 8.1. before 8.1.15, 8.2. before 8.2.2 when using PDO::quote function to quote user-supplied data for SQLite, supplying an overly long string may cause the driver to incorrectly quote the data, which may further lead to SQL injection vulnerabilities...

CVE-2022-31631

In PHP versions 8.0. before 8.0.27, 8.1. before 8.1.15, 8.2. before 8.2.2 when using PDO::quote function to quote user-supplied data for SQLite, supplying an overly long string may cause the driver to incorrectly quote the data, which may further lead to SQL injection vulnerabilities...

CVE-2022-3180

The WPGateway Plugin for WordPress is vulnerable to privilege escalation in versions up to, and including, 3.5. This allows unauthenticated attackers to create arbitrary malicious administrator accounts. Recent assessments: Assessed Attacker Value: 0 Assessed Attacker Value: 0Assessed Attacker...

CVE-2022-26388

CVE-2022-26388 affects Hillrom Welch Allyn ELI resting electrocardiographs: ELI 380 (versions ≤ 2.6.0), ELI 280/BUR280/MLBUR 280 (≤ 2.3.1), ELI 250c/BUR 250c (≤ 2.1.2), and ELI 150c/BUR 150c/MLBUR 150c (≤ 2.2.0). Root cause is a hard-coded password used for inbound authentication or outbound comm...

CVE-2024-2878

Summary (CVE-2024-2878) : A DoS vulnerability in GitLab CE/EE affects all versions from 15.7 up to 16.9.7, 16.10 up to 16.10.5, and 16.11 up to 16.11.2. An attacker could cause service disruption by crafting unusual branch-name search terms. Impact: availability loss as described in the sources. ...

CVE-2024-3976

CVE-2024-3976 affects GitLab CE/EE, with an issue that allowed disclosure of the title and description of confidential issues from public projects to unauthorized users via the UI. Impacted versions are: 14.0–16.9.7, 16.10–16.10.5, and 16.11–16.11.2. The root cause is described as missing/incorre...

CVE-2024-1539

GitLab EE/CE vulnerability CVE-2024-1539 affects GitLab versions: 15.2 up to 16.9.7 (excluding 16.9.7), 16.10 up to 16.10.5 (excluding 16.10.5), and 16.11 up to 16.11.2 (excluding 16.11.2). The issue allows a banned group member to receive issue updates via the API. Root cause and explicit exploi...

CVE-2023-6386

GitLab CE/EE is affected by CVE-2023-6386. A denial-of-service arises from allocation of resources without limits/throttling, impacting all versions 15.11 up to but not including 16.6.7, 16.7 up to but not including 16.7.5, and 16.8 up to but not including 16.8.2. Remediation is to upgrade to fix...

CVE-2022-1736

CVE-2022-1736 affects Ubuntu systems where the gnome-control-center configuration allowed Remote Desktop Sharing to be enabled by default. The root cause is the gnome-control-center setup permitting RDP sharing to be active upon login, resulting in potential unauthorized remote access with high i...

CVE-2022-1736

Ubuntu's configuration of gnome-control-center allowed Remote Desktop Sharing to be enabled by default...

CVE-2020-11936

CVE-2020-11936 affects the Ubuntu Apport component. The issue is a gdbus setgid privilege escalation caused by Apport dropping privileges incorrectly when making certain D-Bus calls, enabling a local attacker to read arbitrary files and potentially escalate privileges. The Ubuntu advisory USN-444...

CVE-2023-6195

CVE-2023-6195 is a GitLab SSRF issue in GitLab CE/EE affecting all versions from 15.5 before 16.9.7, 16.10 before 16.10.5, and 16.11 before 16.11.2. The root cause is a Server-Side Request Forgery triggered when an attacker supplies a malicious URL in the markdown image value during GitHub reposi...

CVE-2021-3978

CVE-2021-3978 affects Cloudflare CFRPKI’s octorpki. The root cause is that copying files with rsync uses the “-a” flag 0, causing binaries with the SUID bit to be copied as root. The service definition defaults to root, creating a potential local privilege escalation vector if a malicious TAL fil...