711 matches found
Croc Security Breach
croc is a tool from the individual developers at Zack that allows any two computers to simply and securely transfer files and folders. A security vulnerability exists in Croc version 9.6.5 and earlier versions, which originates from a sender being able to place an ANSI or CSI escape sequence in a...
croc path traversal vulnerability
croc is a tool from the individual developers at Zack that allows any two computers to simply and securely transfer files and folders. A path traversal vulnerability exists in Croc version 9.6.5 and prior versions, which originates from a sender that can cause the receiver to overwrite files duri...
PT-2023-6289 · Linux +2 · Linux Kernel +2
Name of the Vulnerable Software and Affected Versions: Linux kernel versions prior to 6.5.4 Description: The issue is related to a use-after-free error in the ext4 file system driver of the Linux kernel, specifically in the fs/ext4/extents status.c file, related to the ext4 es insert extent...
CVE-2023-2982
The WordPress Social Login and Register Discord, Google, Twitter, LinkedIn plugin for WordPress is vulnerable to authentication bypass in versions up to, and including, 7.6.4. This is due to insufficient encryption on the user being supplied during a login validated through the plugin. This makes...
CVE-2023-27629
Auth. contributor+ Stored Cross-Site Scripting XSS vulnerability in Paul Ryley Site Reviews plugin = 6.5.1 versions...
CVE-2023-3218
Race Condition within a Thread in GitHub repository it-novum/openitcockpit prior to 4.6.5...
PT-2023-24577 · Unknown · Ciprian Popescu Youtube Playlist Player
Name of the Vulnerable Software and Affected Versions: Ciprian Popescu YouTube Playlist Player plugin versions prior to 4.6.5 Description: The issue is related to a Cross-Site Request Forgery CSRF vulnerability. This means an attacker could potentially trick a user into performing unintended...
PT-2023-4689
Name of the Vulnerable Software and Affected Versions Qt versions prior to 5.15.14 Qt versions 6.0.x through 6.2.x before 6.2.9 Qt versions 6.3.x through 6.5.x before 6.5.1 Description The issue is related to the QtSvg QSvgFont function in the Qt framework, which can be exploited to bypass...
PT-2023-17411
Name of the Vulnerable Software and Affected Versions Shopware 6 versions 6.4.20.0 through 6.4.20.0 Shopware 6 versions 6.5.0.0-rc1 through 6.5.0.0-rc4 Description The issue allows remote attackers with access to a Twig environment without the Sandbox extension to bypass validation checks and...
PowerDNS Recursor 安全漏洞
PowerDNS Recursor pdnsrecursor is a domain name resolution server from the Dutch company PowerDNS. A security vulnerability exists in PowerDNS Recursor. An attacker has exploited the vulnerability to cause a denial of service on the system. The following versions are affected: 4.6.5 and earlier,...
SUSE CVE-2023-26437
Denial of service vulnerability in PowerDNS Recursor allows authoritative servers to be marked unavailable.This issue affects Recursor: through 4.6.5, through 4.7.4 , through 4.8.3...
CVE-2023-22253
Experience Manager versions 6.5.15.0 and earlier are affected by a reflected Cross-Site Scripting XSS vulnerability. If a low-privileged attacker is able to convince a victim to visit a URL referencing a vulnerable page, malicious JavaScript content may be executed within the context of the...
SUSE CVE-2007-3207
Buffer overflow in the NFS mount daemon XNFS.NLM in Novell NetWare 6.5 SP6, and probably earlier, allows remote attackers to cause a denial of service abend via a long path in a mount request...
SUSE CVE-2012-4166
DO NOT USE THIS CANDIDATE NUMBER. ConsultIDs: CVE-2012-4165. Reason: This candidate is a duplicate of CVE-2012-4165. Notes: All CVE users should reference CVE-2012-4165 instead of this candidate. All references and descriptions in this candidate have been removed to prevent accidental usage...
SUSE CVE-2018-1000845
DO NOT USE THIS CANDIDATE NUMBER. ConsultID: CVE-2017-6519. Reason: This candidate is a duplicate of CVE-2017-6519. Notes: All CVE users should reference CVE-2017-6519 instead of this candidate. All references and descriptions in this candidate have been removed to prevent accidental usage...
CVE-2022-44470
Adobe Experience Manager version 6.5.14 and earlier is affected by a reflected Cross-Site Scripting XSS vulnerability. If a low-privileged attacker is able to convince a victim to visit a URL referencing a vulnerable page, malicious JavaScript content may be executed within the context of the...
CVE-2022-44471
Adobe Experience Manager version 6.5.14 and earlier is affected by a reflected Cross-Site Scripting XSS vulnerability. If a low-privileged attacker is able to convince a victim to visit a URL referencing a vulnerable page, malicious JavaScript content may be executed within the context of the...
CVE-2022-42367
Adobe Experience Manager version 6.5.14 and earlier is affected by a reflected Cross-Site Scripting XSS vulnerability. If a low-privileged attacker is able to convince a victim to visit a URL referencing a vulnerable page, malicious JavaScript content may be executed within the context of the...
PT-2022-6000 · Adobe · Experience Manager
Name of the Vulnerable Software and Affected Versions: Adobe Experience Manager versions 6.5.14 and earlier Description: The issue exists due to inadequate protection of the web page structure in Adobe Experience Manager, allowing a remote attacker to perform cross-site scripting attacks using a...
PT-2022-27313 · Interspire · Interspire Email Marketer
Name of the Vulnerable Software and Affected Versions: Interspire Email Marketer versions 6.5.1 and earlier Description: The issue allows SQL Injection via the surveys module. An unauthenticated attacker could successfully perform an attack to extract potentially sensitive information from the...