28 matches found
Linux Distros Unpatched Vulnerability : CVE-2020-2758
The Linux/Unix host has one or more packages installed that are impacted by a vulnerability without a vendor supplied patch available. - Vulnerability in the Oracle VM VirtualBox product of Oracle Virtualization component: Core. Supported versions that are affected are Prior to 5.2.40, prior to...
CVE-2024-9585
The Image Map Pro plugin for WordPress is vulnerable to Stored Cross-Site Scripting via the 'saveproject' function with an arbitrary shortcode in versions up to, and including, 6.0.20 due to insufficient input sanitization and output escaping on user supplied attributes. This makes it possible fo...
MongoDB Server 访问控制错误漏洞
MongoDB Server is a set of open source NoSQL databases from the American company MongoDB. The database provides collection-oriented storage, dynamic querying, data replication and automatic failover. A security vulnerability exists in MongoDB Server that stems from the possibility that an...
CVE-2024-9585
The Image Map Pro plugin for WordPress is vulnerable to Stored Cross-Site Scripting via the 'saveproject' function with an arbitrary shortcode in versions up to, and including, 6.0.20 due to insufficient input sanitization and output escaping on user supplied attributes. This makes it possible fo...
WordPress plugin Image Map Pro 安全漏洞
WordPress and WordPress plugin are both products of the WordPress Foundation.WordPress is a blogging platform developed using the PHP language. The platform supports setting up personal blog sites on servers with PHP and MySQL.WordPress plugin is an application plugin. A security vulnerability...
WordPress Image Map Pro Plugin <= 6.0.20 is vulnerable to Cross Site Scripting (XSS)
Software Image Map Pro Type Plugin Vulnerable versions = 6.0.20 Fixed in 6.0.21 OWASP Top 10 A7: Cross-Site Scripting XSS Classification Cross Site Scripting XSS CVE CVE-2024-9585 Patch priority Low CVSS severity Low 6.5 Developer Claim ownership PSID a95cd9692952 Credits István Márton Required...
BIT-VALKEY-2022-24834 Heap overflow issue with the Lua cjson library used by Redis
Redis is an in-memory database that persists on disk. A specially crafted Lua script executing in Redis can trigger a heap overflow in the cjson library, and result with heap corruption and potentially remote code execution. The problem exists in all versions of Redis with Lua scripting support,...
UBUNTU-CVE-2024-38535
Suricata is a network Intrusion Detection System, Intrusion Prevention System and Network Security Monitoring engine. Suricata can run out of memory when parsing crafted HTTP/2 traffic. Upgrade to 6.0.20 or 7.0.6...
BIT-REDIS-2022-24834 Heap overflow issue with the Lua cjson library used by Redis
Redis is an in-memory database that persists on disk. A specially crafted Lua script executing in Redis can trigger a heap overflow in the cjson library, and result with heap corruption and potentially remote code execution. The problem exists in all versions of Redis with Lua scripting support,...
Redis < 6.0.20, 6.2.x < 6.2.13, 7.x < 7.0.12 Heap Overflow Vulnerability
Redis is prone to a heap overflow vulnerability. SPDX-FileCopyrightText: 2023 Greenbone AG Some text descriptions might be excerpted from a referenced sources, and are Copyright C by the respective right holders. SPDX-License-Identifier: GPL-2.0-only CPE = "cpe:/a:redis:redis"; if description...
.NET Core Multiple Vulnerabilities (KB5028705, KB5028706) - Windows
.NET Core prone to security feature bypass and elevation of privilege vulnerabilities. SPDX-FileCopyrightText: 2023 Greenbone AG Some text descriptions might be excerpted from a referenced sources, and are Copyright C by the respective right holders. SPDX-License-Identifier: GPL-2.0-only CPE =...
Remote Code Execution (RCE)
Overview Affected versions of this package are vulnerable to Remote Code Execution RCE. A vulnerability exists in .NET applications where the diagnostic server can be exploited to achieve cross-session/cross-user elevation of privilege EoP and code execution. Remediation Upgrade...
SUSE CVE-2020-2907
Vulnerability in the Oracle VM VirtualBox product of Oracle Virtualization component: Core. Supported versions that are affected are Prior to 5.2.40, prior to 6.0.20 and prior to 6.1.6. Difficult to exploit vulnerability allows high privileged attacker with logon to the infrastructure where Oracl...
CVE-2022-44938
Weak reset token generation in SeedDMS v6.0.20 and v5.1.7 allows attackers to execute a full account takeover via a brute force attack...
PT-2022-27339 · Seeddms · Seeddms
Name of the Vulnerable Software and Affected Versions: SeedDMS versions 5.1.7 through 6.0.20 Description: The issue is related to weak reset token generation, allowing attackers to execute a full account takeover via a brute force attack. Recommendations: For SeedDMS version 5.1.7, update to a...
CVE-2021-44057
An improper authentication vulnerability has been reported to affect QNAP device running Photo Station. If exploited, this vulnerability allows attackers to compromise the security of the system. We have already fixed this vulnerability in the following versions of Photo Station: Photo Station...
UBUNTU-CVE-2020-2575
Vulnerability in the Oracle VM VirtualBox product of Oracle Virtualization component: Core. Supported versions that are affected are Prior to 5.2.40, prior to 6.0.20 and prior to 6.1.6. Difficult to exploit vulnerability allows high privileged attacker with logon to the infrastructure where Oracl...
Oracle Unauthorized Read Vulnerability
Oracle Virtualization is a set of virtualization solutions from Oracle Corporation. The product is used to unify the management of the entire hardware and software system from applications to disks, enabling virtualization from the desktop to the data center.VM VirtualBox is one of the virtual...
Unspecified Vulnerability in Oracle Virtualization VM VirtualBox (CNVD-2020-24424)
Oracle Virtualization is a set of virtualization solutions from Oracle Corporation. The product is used to unify the management of the entire hardware and software system from applications to disks, enabling virtualization from the desktop to the data center.VM VirtualBox is one of the virtual...
Unspecified Vulnerability in Oracle Virtualization VM VirtualBox (CNVD-2020-24427)
Oracle Virtualization is a set of virtualization solutions from Oracle Corporation. The product is used to unify the management of the entire hardware and software system from applications to disks, enabling virtualization from the desktop to the data center.VM VirtualBox is one of the virtual...