7877 matches found
PT-2022-24717 · Unknown · Power Management Service
Name of the Vulnerable Software and Affected Versions: Power management service affected versions not specified Description: The issue is related to a missing permission check in the power management service. This could allow setting up the power management service without needing additional...
CVE-2022-39097
CVE-2022-39097 concerns a missing permission check in the power management service. Root cause described as allowing setup with no additional execution privileges. CVSS v3.1 score 7.8 (HIGH) with LOCAL, LOW complexity, LOW privileges required; impacts on confidentiality, integrity, and availabili...
CVE-2022-39101
CVE-2022-39101 concerns a missing permission check in the power management service. The vulnerability allows a local attacker with low privileges to set up the power management service without additional execution privileges, potentially compromising confidentiality, integrity, and availability (...
PT-2022-26569 · Unknown · Power Management Service
Name of the Vulnerable Software and Affected Versions: Power management service affected versions not specified Description: The issue is related to a missing permission check in the power management service. This could allow setting up the power management service without needing additional...
UNISOC chipset 安全漏洞
The UNISOC chipset is an integrated circuit chipset from China's Unisplendour UNISOC. A security vulnerability exists in the UNISOC chipset that stems from a lack of privilege checking in the power management service, which could result in setting up the power management service without additiona...
PT-2024-11827 · Linux +4 · Linux Kernel +4
Name of the Vulnerable Software and Affected Versions: Linux kernel affected versions not specified Description: A memory leak issue has been identified in the Linux kernel, specifically in the sja1105 setup devlink regions function. When dsa devlink region create fails, priv-regions is not...
CVE-2022-37325
In Sangoma Asterisk through 16.28.0, 17.x and 18.x through 18.14.0, and 19.x through 19.6.0, an incoming Setup message to addons/ooh323c/src/ooq931.c with a malformed Calling or Called Party IE can cause a crash...
DEBIAN-CVE-2022-37325
In Sangoma Asterisk through 16.28.0, 17.x and 18.x through 18.14.0, and 19.x through 19.6.0, an incoming Setup message to addons/ooh323c/src/ooq931.c with a malformed Calling or Called Party IE can cause a crash...
CVE-2022-37325
In Sangoma Asterisk through 16.28.0, 17.x and 18.x through 18.14.0, and 19.x through 19.6.0, an incoming Setup message to addons/ooh323c/src/ooq931.c with a malformed Calling or Called Party IE can cause a crash...
ALPINE-CVE-2022-37325
In Sangoma Asterisk through 16.28.0, 17.x and 18.x through 18.14.0, and 19.x through 19.6.0, an incoming Setup message to addons/ooh323c/src/ooq931.c with a malformed Calling or Called Party IE can cause a crash...
UBUNTU-CVE-2022-37325
In Sangoma Asterisk through 16.28.0, 17.x and 18.x through 18.14.0, and 19.x through 19.6.0, an incoming Setup message to addons/ooh323c/src/ooq931.c with a malformed Calling or Called Party IE can cause a crash...
CVE-2022-3838
The WPUpper Share Buttons WordPress plugin through 3.42 does not sanitise and escape some of its settings, which could allow high privilege users such as admin to perform Stored Cross-Site Scripting attacks even when the unfilteredhtml capability is disallowed for example in multisite setup...
CVE-2022-3909
The Add Comments WordPress plugin through 1.0.1 does not sanitise and escape some of its settings, which could allow high privilege users such as admin to perform Stored Cross-Site Scripting attacks even when the unfilteredhtml capability is disallowed for example in multisite setup...
Cross site scripting
The WP Page Builder WordPress plugin through 1.2.8 does not sanitise and escape some of its settings, which could allow high privilege users such as admin to perform Stored Cross-Site Scripting attacks even when the unfilteredhtml capability is disallowed for example in multisite setup...
Cross site scripting
The WPUpper Share Buttons WordPress plugin through 3.42 does not sanitise and escape some of its settings, which could allow high privilege users such as admin to perform Stored Cross-Site Scripting attacks even when the unfilteredhtml capability is disallowed for example in multisite setup...
CVE-2022-3838 WPUpper Share Buttons <= 3.42 - Admin+ Stored XSS
The WPUpper Share Buttons WordPress plugin through 3.42 does not sanitise and escape some of its settings, which could allow high privilege users such as admin to perform Stored Cross-Site Scripting attacks even when the unfilteredhtml capability is disallowed for example in multisite setup...
CVE-2022-3838 WPUpper Share Buttons <= 3.42 - Admin+ Stored XSS
The WPUpper Share Buttons WordPress plugin through 3.42 does not sanitise and escape some of its settings, which could allow high privilege users such as admin to perform Stored Cross-Site Scripting attacks even when the unfilteredhtml capability is disallowed for example in multisite setup...
CVE-2022-3892 WP OAuth Server < 4.2.2 - Admin+ Stored XSS
The WP OAuth Server OAuth Authentication WordPress plugin before 4.2.2 does not sanitize and escape Client IDs, which could allow high privilege users such as admin to perform Stored Cross-Site Scripting attacks even when the unfilteredhtml capability is disallowed for example in multisite setup...
CVE-2022-3837 Uji Countdown < 2.3.1 - Admin+ Stored XSS
The Uji Countdown WordPress plugin before 2.3.1 does not sanitise and escape some of its settings, which could allow high privilege users such as admin to perform Stored Cross-Site Scripting attacks even when the unfilteredhtml capability is disallowed for example in multisite setup...
PT-2022-24392 · WordPress · Uji Countdown
Name of the Vulnerable Software and Affected Versions: Uji Countdown WordPress plugin versions prior to 2.3.1 Description: The issue allows high privilege users, such as admins, to perform Stored Cross-Site Scripting attacks, even when the unfiltered html capability is disallowed, for example, in...