139 matches found
CVE-2024-49504
CVE-2024-49504 is referenced in multiple security advisories for grub2 (GRUB2) across EulerOS and Tencent/TencentOS Server ecosystems. The linked Nessus/OPENVAS entries identify that “grub2 allowed attackers with access to the grub shell to access files on the encrypted disks,” indicating a vulne...
CVE-2024-43781
A vulnerability has been identified in SINUMERIK 828D V4 All versions V4.95 SP3, SINUMERIK 840D sl V4 All versions V4.95 SP3 in connection with using Create MyConfig CMC = V4.8 SP1 HF6, SINUMERIK ONE All versions V6.23 in connection with using Create MyConfig CMC = V6.6, SINUMERIK ONE All version...
CVE-2023-50810
In certain Sonos products before Sonos S1 Release 11.12 and S2 release 15.9, a vulnerability exists in the U-Boot component of the firmware that allow persistent arbitrary code execution with Linux kernel privileges. A failure to correctly handle the return value of the setenv command can be used...
CVE-2023-50810
In certain Sonos products before Sonos S1 Release 11.12 and S2 release 15.9, a vulnerability exists in the U-Boot component of the firmware that allow persistent arbitrary code execution with Linux kernel privileges. A failure to correctly handle the return value of the setenv command can be used...
CVE-2024-37219 WordPress Page Builder Sandwich plugin <= 5.1.0 - Cross Site Scripting (XSS) vulnerability
Improper Neutralization of Input During Web Page Generation XSS or 'Cross-site Scripting' vulnerability in PBN Hosting SL Page Builder Sandwich – Front-End Page Builder allows Stored XSS.This issue affects Page Builder Sandwich – Front-End Page Builder: from n/a through 5.1.0...
CVE-2024-37219
CVE-2024-37219 refers to a stored XSS in Page Builder Sandwich – Front-End Page Builder for WordPress, affecting versions n/a through 5.1.0. Root cause: improper neutralization of input during web page generation. Impact stated as Stored XSS; exploitation details are not provided in the sources. ...
CVE-2024-37219 WordPress Page Builder Sandwich plugin <= 5.1.0 - Cross Site Scripting (XSS) vulnerability
Improper Neutralization of Input During Web Page Generation XSS or 'Cross-site Scripting' vulnerability in PBN Hosting SL Page Builder Sandwich – Front-End Page Builder allows Stored XSS.This issue affects Page Builder Sandwich – Front-End Page Builder: from n/a through 5.1.0...
PT-2024-40727 · Hdf5 · Hdf5
Name of the Vulnerable Software and Affected Versions: HDF5 affected versions not specified Description: A crash issue has been identified, characterized as an UNKNOWN READ. The crash state involves functions such as H5SL release common, H5SL close common, and H5SL destroy. Recommendations: At th...
sl-gakkou.com Cross Site Scripting vulnerability OBB-3922104
Following the coordinated and responsible vulnerability disclosure guidelines of the ISO 29147 standard, Open Bug Bounty has: a. verified the vulnerability and confirmed its existence; b. notified the website operator about its existence. Technical details of the vulnerability are currently hidde...
CVE-2024-24707 WordPress Cwicly plugin <= 1.4.0.2 - Auth. Remote Code Execution (RCE) vulnerability
Improper Control of Generation of Code 'Code Injection' vulnerability in Cwicly Builder, SL. Cwicly allows Code Injection.This issue affects Cwicly: from n/a through 1.4.0.2...
kernel: null-ptr-deref vulnerabilities in sl_tx_timeout in drivers/net/slip
A flaw was found in the Linux kernel. A NULL pointer dereference may occur while a slip driver is in progress to detach in sltxtimeout in drivers/net/slip/slip.c. This issue could allow an attacker to crash the system or leak internal kernel information...
kernel: null-ptr-deref vulnerabilities in sl_tx_timeout in drivers/net/slip
A flaw was found in the Linux kernel. A NULL pointer dereference may occur while a slip driver is in progress to detach in sltxtimeout in drivers/net/slip/slip.c. This issue could allow an attacker to crash the system or leak internal kernel information...
CVE-2023-51946
Multiple reflected cross-site scripting XSS vulnerabilities in nasSvr.php in actidata actiNAS-SL-2U-8 3.2.03-SP1 allow remote attackers to inject arbitrary web script or HTML...
CVE-2023-51946
Multiple reflected cross-site scripting XSS vulnerabilities in nasSvr.php in actidata actiNAS-SL-2U-8 3.2.03-SP1 allow remote attackers to inject arbitrary web script or HTML...
CVE-2023-51947
Improper access control on nasSvr.php in actidata actiNAS SL 2U-8 RDX 3.2.03-SP1 allows remote attackers to read and modify different types of data without authentication...
Improper access control
Improper access control on nasSvr.php in actidata actiNAS SL 2U-8 RDX 3.2.03-SP1 allows remote attackers to read and modify different types of data without authentication...
CVE-2023-51948
A Site-wide directory listing vulnerability in /fm in actidata actiNAS SL 2U-8 RDX 3.2.03-SP1 allows remote attackers to list the files hosted by the web application...
CVE-2023-51946
CVE-2023-51946 concerns actidata actiNAS-SL-2U-8 (version 3.2.03-SP1). Multiple reflected XSS vulnerabilities exist in nasSvr.php, enabling remote attackers to inject arbitrary web script or HTML. Connected sources (Red Hat, NVD, CNNVD, CVE listing) confirm the vulnerability description but do no...
CVE-2023-51947
The CVE-2023-51947 issue affects actidata actiNAS SL 2U-8 RDX (firmware 3.2.03-SP1). It stems from improper access control in nasSvr.php, enabling remote attackers to read and modify data without authentication. According to sources, the vulnerability is critical (CVSS 3.1: AV:N/AC:L/PR:N/UI:N/S:...
CVE-2023-51947
Improper access control on nasSvr.php in actidata actiNAS SL 2U-8 RDX 3.2.03-SP1 allows remote attackers to read and modify different types of data without authentication...