Oracle Database Password Hash Unauthorized Access

Title: CVE-2020-2969 – Unauthorized Access to Password Hashes by Account with DBA role Product: Database Manufacturer: Oracle Affected Versions: 11.2.0.4, 12.1.0.2, 12.2.0.1, 18c, 19c Tested Versions: 11.2.0.4, 12.1.0.2, 12.2.0.1, 18c, 19c Risk Level: Medium Solution Status: Fixed CVE Reference:...

Exploit for Improper Authentication in Veeam Veeam_Backup_\&_Replication

CVE-2024-29849 Veeam Backup Enterprise Manager Authentication...

Exploit for Uncontrolled Resource Consumption in Siemens 6Bk1602-0Aa12-0Tp0_Firmware

Exploiting-CVE-2021-44228-Log4Shell-in-a-Banking-Environment O...

UBUNTU-CVE-2024-36969

In the Linux kernel, the following vulnerability has been resolved: drm/amd/display: Fix division by zero in setupdscconfig When sliceheight is 0, the division by sliceheight in the calculation of the number of slices will cause a division by zero driver crash. This leaves the kernel in a state...

CVE-2024-4621

The ARForms - Premium WordPress Form Builder Plugin WordPress plugin before 6.6 does not sanitise and escape some of its settings, which could allow high privilege users such as admin to perform Stored Cross-Site Scripting attacks even when the unfilteredhtml capability is disallowed for example ...

CVE-2024-4756

The WP Backpack WordPress plugin through 2.1 does not sanitise and escape some of its settings, which could allow high privilege users such as admin to perform Stored Cross-Site Scripting attacks even when the unfilteredhtml capability is disallowed for example in multisite setup...

CVE-2024-4756 WP Backpack <= 2.1 - Admin+ Stored XSS

The WP Backpack WordPress plugin through 2.1 does not sanitise and escape some of its settings, which could allow high privilege users such as admin to perform Stored Cross-Site Scripting attacks even when the unfilteredhtml capability is disallowed for example in multisite setup...

PT-2024-4355 · NetGear · Netgear Wnr614 N300

Name of the Vulnerable Software and Affected Versions: Netgear WNR614 N300 version JNR1010V2/N300-V1.1.0.54 1.0.1 Description: The issue is related to the implementation of the WPS in the Netgear WNR614 N300 router, which allows attackers to gain access to the router's pin. This can enable a remo...

GHSA-7HRH-V6WP-53VW Evmos allows unvested token delegations

Impact What kind of vulnerability is it? Who is impacted? At the moment, users are able to delegate tokens that have not yet been vested. This affects employees and grantees who have funds managed via ClawbackVestingAccount. Patches Has the problem been patched? What versions should users upgrade...

XenCenter 2024.2.0 - For Citrix Hypervisor and XenServer

Who Should Install This Update? This XenCenter update is for customers who use XenCenter as the management console for Citrix Hypervisor 8.2 CU1 and XenServer 8. This version of XenCenter supersedes any previous version of XenCenter. It constitutes the following deliverable: File Name|...

Typo3 Arbitrary file upload and XML External Entity processing

It has been discovered that Flow 3.0.0 allows arbitrary file uploads, inlcuding server-side scripts, posing the risk of attacks. If those scripts are executed by the server when accessed through their public URL, anything not blocked through other means is possible information disclosure, placeme...

Frontend Checklist <= 2.3.2 - Admin+ Stored XSS via Items

Description The plugin does not sanitise and escape some of its settings, which could allow high privilege users such as admin to perform Stored Cross-Site Scripting attacks even when the unfilteredhtml capability is disallowed for example in multisite setup PoC 1. Add a checklist and for an item...

CVE-2024-21478 NULL Pointer Dereference in Graphics

transient DOS when setting up a fence callback to free a KGSL memory entry object during DMA...

PT-2024-18555 · Modem · Modem

Name of the Vulnerable Software and Affected Versions: Modem affected versions not specified Description: The issue is related to a possible information disclosure in the modem due to the use of a risky cryptographic algorithm during connection establishment negotiation. This could lead to remote...

RHEL 5 : setup (Unpatched Vulnerability)

The remote Redhat Enterprise Linux 5 host has one or more packages installed that are affected by a vulnerability that has been acknowledged by the vendor but will not be patched. - setup: nologin listed in /etc/shells violates security expectations CVE-2018-1113 Note that Nessus has not tested f...

RHEL 6 : setup (Unpatched Vulnerability)

The remote Redhat Enterprise Linux 6 host has one or more packages installed that are affected by a vulnerability that has been acknowledged by the vendor but will not be patched. - setup: nologin listed in /etc/shells violates security expectations CVE-2018-1113 Note that Nessus has not tested f...

Exploit for SQL Injection in Bplugins Html5_Video_Player

CVE-2024-5522-Poc CVE-2024-5522 HTML5 Video Player = 2.5.2...

Google CSE <= 1.0.7 - Admin+ Stored XSS

Description The plugin does not sanitise and escape some of its settings, which could allow high privilege users such as admin to perform Stored Cross-Site Scripting attacks even when the unfilteredhtml capability is disallowed for example in multisite setup PoC 1. Go to...

Widget Bundle <= 2.0.0 - Admin+ Stored XSS

Description The plugin does not sanitise and escape some of its settings, which could allow high privilege users such as admin to perform Stored Cross-Site Scripting attacks even when the unfilteredhtml capability is disallowed for example in multisite setup PoC 1. Enable the "Text Form" widget...

CVE-2024-36926 powerpc/pseries/iommu: LPAR panics during boot up with a frozen PE

In the Linux kernel, the following vulnerability has been resolved: powerpc/pseries/iommu: LPAR panics during boot up with a frozen PE At the time of LPAR boot up, partition firmware provides Open Firmware property ibm,dma-window for the PE. This property is provided on the PCI bus the PE is...