Apache Spark < 3.4.0 Privilege Escalation (CVE-2023-22946)

In Apache Spark versions prior to 3.4.0, applications using spark-submit can specify a 'proxy-user' to run as, limiting privileges. The application can execute code with the privileges of the submitting user, however, by providing malicious configuration-related classes on the classpath. This...

CVE-2023-43713

Os Commerce is currently susceptible to a Cross-Site Scripting XSS vulnerability, which allows attackers to inject JS via the "title" parameter, in the "/admin/admin-menu/add-submit" endpoint, which can lead to unauthorized execution of scripts in a user's web browser...

Kernel: smsusb: use-after-free caused by do_submit_urb()

...

CVE-2022-46484

Information disclosure in password protected surveys in Data Illusion Survey Software Solutions NGSurvey v2.4.28 and below allows attackers to view the password to access and arbitrarily submit surveys...

CVE-2022-46484

Information disclosure in password protected surveys in Data Illusion Survey Software Solutions NGSurvey v2.4.28 and below allows attackers to view the password to access and arbitrarily submit surveys...

WordPress WP Front User Submit / Front Editor Plugin < 4.0.4 is vulnerable to Cross Site Scripting (XSS)

Software WP Front User Submit / Front Editor Type Plugin Vulnerable versions 4.0.4 Fixed in 4.0.4 OWASP Top 10 A7: Cross-Site Scripting XSS Classification Cross Site Scripting XSS CVE CVE-2023-1982 Patch priority Low CVSS severity Low 5.9 Developer Claim ownership PSID f5fb2f3572ae Credits Vikas...

The vulnerability of the submit_lookup_cmds() function in Linux operating systems allows a hacker to cause a service failure.

The vulnerability of the submitlookupcmds function in Linux operating systems is related to pointer arithmetic errors. Exploiting this vulnerability could allow an attacker to cause a service failure...

Palo Alto Networks PAN-OS 安全漏洞

Palo Alto Networks PAN-OS is a next-generation firewall software from Palo Alto Networks, USA. A security vulnerability exists in Palo Alto Networks PAN-OS that originates from an authenticated administrator having the right to submit a specially created configuration to read local files and...

Null pointer dereference in submit_lookup_cmds() in drivers/gpu/drm/msm/msm_gem_submit.c

...

Cross site request forgery (csrf)

The MultiVendorX plugin for WordPress is vulnerable to Cross-Site Request Forgery in versions up to, and including, 3.5.7. This is due to missing or incorrect nonce validation on the submitcomment function. This makes it possible for unauthenticated attackers to submit comments via a forged reque...

CVE-2023-3355

A NULL pointer dereference flaw was found in the Linux kernel's drivers/gpu/drm/msm/msmgemsubmit.c code in the submitlookupcmds function, which fails because it lacks a check of the return value of kmalloc. This issue allows a local user to crash the system...

AZL-27366 CVE-2023-3355 affecting package kernel for versions less than 5.15.118.1-2

A NULL pointer dereference flaw was found in the Linux kernel's drivers/gpu/drm/msm/msmgemsubmit.c code in the submitlookupcmds function, which fails because it lacks a check of the return value of kmalloc. This issue allows a local user to crash the system...

UBUNTU-CVE-2023-3355

A NULL pointer dereference flaw was found in the Linux kernel's drivers/gpu/drm/msm/msmgemsubmit.c code in the submitlookupcmds function, which fails because it lacks a check of the return value of kmalloc. This issue allows a local user to crash the system...

SUSE CVE-2023-3355

A NULL pointer dereference flaw was found in the Linux kernel's drivers/gpu/drm/msm/msmgemsubmit.c code in the submitlookupcmds function, which fails because it lacks a check of the return value of kmalloc. This issue allows a local user to crash the system...

WordPress WP Front User Submit / Front Editor Plugin < 3.8.0 is vulnerable to Cross Site Scripting (XSS)

Software WP Front User Submit / Front Editor Type Plugin Vulnerable versions 3.8.0 Fixed in 3.8.0 OWASP Top 10 A7: Cross-Site Scripting XSS Classification Cross Site Scripting XSS CVE N/A Patch priority High CVSS severity High 6.5 Developer Claim ownership PSID 8294b3556758 Credits Unknown Requir...

CVE-2023-28344

An issue was discovered in Faronics Insight 10.0.19045 on Windows. The Insight Teacher Console application allows unauthenticated attackers to view constantly updated screenshots of student desktops and to submit falsified screenshots on behalf of students. Attackers are able to view screenshots ...

Cross-site Scripting (XSS)

SSCMS is vulnerable to Cross-site Scripting XSS. The vulnerability exists because of the improper sanitization in the ajaxDivId argument in the Submit function of ActionsSearchController.Submit.cs, which allows an attacker to inject and execute malicious javascript through the...

Icegram Engage < 3.1.12 - Reflected XSS

The plugin does not escape a parameter before outputting it back in an attribute, leading to a Reflected Cross-Site Scripting which could be used against high privilege users such as admin Make a logged in admin open a page with the code below...

CVE-2023-2715

The Groundhogg plugin for WordPress is vulnerable to unauthorized modification of data due to a missing capability check on the 'submitticket' function in versions up to, and including, 2.7.9.8. This makes it possible for authenticated attackers to create a support ticket that sends the website's...

CVE-2023-2715

The Groundhogg plugin for WordPress is vulnerable to unauthorized modification of data due to a missing capability check on the 'submitticket' function in versions up to, and including, 2.7.9.8. This makes it possible for authenticated attackers to create a support ticket that sends the website's...