19 matches found
EUVD-2020-3461
Malware in sbrugna...
RedisBloom 2.6.12 Integer Overflow
There is an integer overflow vulnerability in RedisBloom version 2.6.12, which is a module used in redis. The integer overflow vulnerability allows an attacker a redis client which knows the password to allocate memory in the heap lesser than the required memory due to wraparound. Then read and...
PT-2025-20608 · WordPress · Jeg Elementor Kit
Name of the Vulnerable Software and Affected Versions: Jeg Elementor Kit plugin for WordPress versions up to, and including, 2.6.12 Description: The issue is related to Stored Cross-Site Scripting via the plugin's Video Button and Countdown Widgets due to insufficient input sanitization and outpu...
UBUNTU-CVE-2024-21803
Use After Free vulnerability in Linux Linux kernel kernel on Linux, x86, ARM bluetooth modules allows Local Execution of Code. This vulnerability is associated with program files https://gitee.Com/anolis/cloud-kernel/blob/devel-5.10/net/bluetooth/afbluetooth.C. This issue affects Linux kernel: fr...
SUSE CVE-2017-0899
RubyGems version 2.6.12 and earlier is vulnerable to maliciously crafted gem specifications that include terminal escape characters. Printing the gem specification would execute terminal escape sequences...
PT-2023-34919 · Linux · Linux Kernel
Name of the Vulnerable Software and Affected Versions: Linux Kernel versions prior to v4.14.303 Description: The issue concerns the handling of extension header length in rawv6 push pending frames. It was introduced in version v2.6.12 and fixed in version v4.14.303. The actual impact and attack...
GHSA-J5JH-HPR4-H332 Symfony Session Fixation Vulnerability
A session fixation vulnerability within the "Remember Me" login feature allows an attacker to impersonate the victim towards the web application if the session id value was previously known to the attacker. This issue has been fixed in Symfony 2.3.35, 2.6.12, and 2.7.7. Note that no fixes are...
CVE-2021-24793
The WPeMatico RSS Feed Fetcher WordPress plugin before 2.6.12 does not escape the Feed URL added to a campaign before outputting it in an attribute, allowing high privilege users to perform Cross-Site Scripting attacks even when the unfilteredhtml capability is disallowed...
Lenovo XClarity Administrator (LXCA) Vulnerability - Lenovo Support US
Lenovo Security Advisory: LEN-29942 Potential Impact: Information disclosure Severity: High Scope of Impact: Lenovo-specific CVE Identifier: CVE-2019-19756 Summary Description: An internal product security audit of Lenovo XClarity Administrator LXCA discovered Windows OS credentials, used to...
IMAPFilter Trust Management Issues Vulnerability
IMAPFilter is an IMAP mail filtering utility. A trust management issue vulnerability exists in IMAPFilter 2.6.12 and earlier versions, which arises from the lack of an effective trust management mechanism in a networked system or product, and can be exploited by an attacker to attack affected...
CVE-2017-0901
RubyGems version 2.6.12 and earlier fails to validate specification names, allowing a maliciously crafted gem to potentially overwrite any file on the filesystem...
Design/Logic Flaw
RubyGems version 2.6.12 and earlier is vulnerable to maliciously crafted gem specifications that include terminal escape characters. Printing the gem specification would execute terminal escape sequences...
Command injection
RubyGems version 2.6.12 and earlier is vulnerable to maliciously crafted gem specifications to cause a denial of service attack against RubyGems clients who have issued a query command...
CVE-2017-0900
RubyGems version 2.6.12 and earlier is vulnerable to maliciously crafted gem specifications to cause a denial of service attack against RubyGems clients who have issued a query command...
RubyGems Denial of Service Vulnerability (CNVD-2017-30734)
RubyGems is a Ruby package manager from the RubyGems organization, which is used to distribute and manage Ruby packages. A security vulnerability exists in RubyGems 2.6.12 and earlier versions. An attacker can exploit this vulnerability to cause a denial of service...
UBUNTU-CVE-2017-0902
RubyGems version 2.6.12 and earlier is vulnerable to a DNS hijacking vulnerability that allows a MITM attacker to force the RubyGems client to download and install gems from a server that the attacker controls...
RubyGems vulnerability in the gem installer that allowed a malicious gem to overwrite arbitrary files
RubyGems version 2.6.12 and earlier fails to validate specification names, allowing a maliciously crafted gem to potentially overwrite any file on the filesystem...
RubyGems DoS vulnerability in the query command
RubyGems version 2.6.12 and earlier is vulnerable to maliciously crafted gem specifications to cause a denial of service attack against RubyGems clients who have issued a query command...
security flaw
The iptrecent kernel module iptrecent.c in Linux kernel 2.6.12 and earlier does not properly perform certain time tests when the jiffies value is greater than LONGMAX, which can cause iptrecent netfilter rules to block too early, a different vulnerability than CVE-2005-2872...