Lucene search
K

195 matches found

Patchstack
Patchstack
added 2022/08/29 12:0 a.m.21 views

WordPress WP Users Exporter plugin <= 1.4.2 - CSV Injection vulnerability

CSV Injection vulnerability discovered by Zhouyuan Yang in WordPress WP Users Exporter plugin versions = 1.4.2. Solution Deactivate and delete. This plugin has been closed as of January 8, 2020 and is not available for download. Reason: Security Issue...

8.8CVSS2.9AI score0.01116EPSS
Exploits1References1Affected Software1
Patchstack
Patchstack
added 2022/08/29 12:0 a.m.19 views

WordPress Beaver Builder plugin <= 2.5.5.2 - Authenticated Stored Cross-Site Scripting (XSS) vulnerability via Image URL

Authenticated Stored Cross-Site Scripting XSS vulnerability via Image URL discovered by Zhouyuan Yang in WordPress Beaver Builder plugin versions = 2.5.5.2. Solution Update the WordPress Beaver Builder plugin to the latest available version at least 2.5.5.3...

6.4CVSS2.5AI score0.00457EPSS
Exploits0References1Affected Software1
Patchstack
Patchstack
added 2022/08/29 12:0 a.m.31 views

WordPress Beaver Builder plugin <= 2.5.5.2 - Authenticated Stored Cross-Site Scripting (XSS) vulnerability via Text Editor

Authenticated Stored Cross-Site Scripting XSS vulnerability discovered by Zhouyuan Yang in WordPress Beaver Builder plugin versions = 2.5.5.2. Solution Update the WordPress Beaver Builder plugin to the latest available version at least 2.5.5.3...

6.4CVSS2.6AI score0.00457EPSS
Exploits0References1Affected Software1
Patchstack
Patchstack
added 2022/08/29 12:0 a.m.34 views

WordPress Visual Composer Website Builder plugin <= 45.0 - Authenticated Stored Cross-Site Scripting (XSS) vulnerability via Title

Authenticated Stored Cross-Site Scripting XSS vulnerability via Title discovered by Zhouyuan Yang in WordPress Visual Composer Website Builder plugin versions = 45.0. Solution Update the WordPress Visual Composer Website Builder plugin to the latest available version at least 45.0.1...

6.4CVSS2.7AI score0.00508EPSS
Exploits1References1Affected Software1
Ubuntu
Ubuntu
added 2022/02/28 1:3 p.m.163 views

USN-5307-1: QEMU vulnerabilities

Gaoning Pan discovered that QEMU incorrectly handled the floppy disk emulator. An attacker inside the guest could use this issue to cause QEMU to crash, resulting in a denial of service. CVE-2021-20196 Gaoning Pan discovered that the QEMU vmxnet3 NIC emulator incorrectly handled certain values. A...

8.5CVSS7.3AI score0.02904EPSS
Exploits3
Apple
Apple
added 2022/01/26 12:0 a.m.112 views

About the security content of Security Update 2022-001 Catalina

About the security content of Security Update 2022-001 Catalina This document describes the security content of Security Update 2022-001 Catalina. About Apple security updates For our customers' protection, Apple doesn't disclose, discuss, or confirm security issues until an investigation has...

9.3CVSS8.3AI score0.01688EPSS
Exploits0References1Affected Software1
BDU FSTEC
BDU FSTEC
added 2021/09/20 12:0 a.m.8 views

The vulnerability of the read_yin_container() function in the syntax analyzer and data modeling tool of the YANG Libyang language lies in its unvalidated return value. This allows attackers to trigger a service failure.

The vulnerability of the readyincontainer function in the syntax analyzer and data modeling tool of the YANG Libyang language is related to the lack of checking for NULL values in retval-extr. Exploiting this vulnerability could allow a malicious actor to cause service failures...

7.5CVSS7.2AI score0.01555EPSS
Exploits1References4Affected Software2
BDU FSTEC
BDU FSTEC
added 2021/09/20 12:0 a.m.7 views

The vulnerability of the lyxml_parse_mem() function in the syntax analyzer and data modeling tool YANG Libyang, related to an uncontrolled recursion, allows attackers to cause service failures.

The vulnerability of the lyxmlparsemem function, a syntax analyzer and tool for data modeling in the YANG Libyang language, is related to an uncontrolled recursion in the lyxmlparseelem function. Exploiting this vulnerability could allow a malicious actor to cause service failures...

7.5CVSS7.2AI score0.02425EPSS
Exploits1References4Affected Software2
BDU FSTEC
BDU FSTEC
added 2021/09/20 12:0 a.m.7 views

The vulnerability of the ext_get_plugin() function in the syntax analyzer and data modeling tool of YANG Libyang, related to an unvalidated return value, allows a malicious actor to trigger a service failure.

The vulnerability of the extgetplugin function in the syntax analyzer and data modeling tool of the YANG Libyang language is related to the lack of checking for a NULL revision. Exploiting this vulnerability could allow an attacker to cause service failures...

7.5CVSS7.2AI score0.01407EPSS
Exploits1References4Affected Software2
BDU FSTEC
BDU FSTEC
added 2021/09/20 12:0 a.m.11 views

The vulnerability of the lys_node_free() function in the syntax analyzer and modeling tool of the YANG Libyang language, related to the insufficient use of the assert() function, allows attackers to trigger a service failure.

The vulnerability of the lysnodefree function in the syntax analyzer and modeling tool of the YANG Libyang language is related to the insufficient use of the assert function. Exploiting this vulnerability could allow a malicious actor to cause service failures...

7.5CVSS7.2AI score0.01423EPSS
Exploits1References4Affected Software2
Packet Storm
Packet Storm
added 2021/07/28 12:0 a.m.232 views

eGain Chat 15.5.5 Cross Site Scripting

Exploit Title: eGain Chat 15.5.5 Cross-Site Scripting Vendor Homepage: https://www.egain.com/ Software Link: https://www.egain.com/chat-software/ Exploit Authors: Brandon Ming Yang Ho https://www.linkedin.com/in/minhobrandon/, Hassy Vinod Eshan https://www.linkedin.com/in/hassy-vinod/ CVE:...

6.4AI score0.00912EPSS
Exploits3
Gentoo Linux
Gentoo Linux
added 2021/07/24 12:0 a.m.103 views

libyang: Multiple vulnerabilities

Background YANG data modeling language library. Description Multiple vulnerabilities have been discovered in libyang. Please review the CVE identifiers referenced below for details. Impact Please review the referenced CVE identifiers for details. Workaround There is no known workaround at this...

7.5CVSS2.7AI score0.02425EPSS
Exploits5
RedhatCVE
RedhatCVE
added 2021/05/24 3:13 p.m.30 views

CVE-2021-28904

A flaw was found in libyang. A NULL pointer dereference in extgetplugin function allows a remote attacker to crash an application that uses libyang with user-controlled YANG data. The highest threat from this vulnerability is the service availability...

7.5CVSS2.9AI score0.01407EPSS
Exploits1References3
CNVD
CNVD
added 2021/05/24 12:0 a.m.6 views

Unspecified vulnerability in libyang (CNVD-2021-37200)

libyang is a YANG data modeling language parser and toolkit written in C. It can be used as a toolkit for data modeling. A security vulnerability exists in libyang v1.0.225 and earlier versions, which stems from the readyincontainer function not checking if the value of retval-extr is NULL. no...

7.5CVSS6.6AI score0.01555EPSS
Exploits1References1
CNVD
CNVD
added 2021/05/24 12:0 a.m.12 views

Libyang has an unspecified vulnerability

libyang is a YANG data modeling language parser and toolkit written in C. It can be used as a toolkit for data modeling. A security vulnerability exists in libyang version 1.0.225 and earlier versions, which originates in lysnodefree, which does not check if the value of revision is NULL. no...

7.5CVSS6.7AI score0.01423EPSS
Exploits1References1
CNVD
CNVD
added 2021/05/21 12:0 a.m.12 views

Libyang Stack Overflow Vulnerability

libyang is a YANG data modeling language parser and toolkit written in C. It can be used as a toolkit for data modeling. A security vulnerability exists in libyang version 1.0.225 and earlier versions, which stems from a stack overflow that could lead to a denial of service via the function lysml...

7.5CVSS6.9AI score0.02425EPSS
Exploits1References1
RedHat Linux
RedHat Linux
added 2021/05/18 3:4 p.m.3 views

libyang: heap-based buffer over-read in function lys_type_free() due to malformed pattern

A heap-based buffer over-read flaw occurs in libyang in function lystypefree due to a malformed pattern statement value. Applications that use libyang to process untrusted input yang files may be vulnerable to this flaw, possibly causing a crash or information leaks...

6.5CVSS6.7AI score0.01914EPSS
Exploits1References4
RedHat Linux
RedHat Linux
added 2021/05/18 3:4 p.m.4 views

libyang: double-free in yyparse() when a type statement is used in a notification statement

A double-free flaw occurs in libyang in function yyparse when a type statement is used in a notification statement. Applications that use libyang to process untrusted input YANG files may be vulnerable to this flaw, possibly causing a crash or potential code execution...

8.8CVSS7.3AI score0.0279EPSS
Exploits1References4
RedHat Linux
RedHat Linux
added 2021/05/18 3:4 p.m.6 views

libyang: invalid memory access in resolve_feature_value() when a if-feature is used inside a bit

An invalid memory access flaw occurs in libyang in the function resolvefeaturevalue when an if-feature statement is used inside a bit. Applications that use libyang to process untrusted input YANG files may crash...

6.5CVSS6.6AI score0.01859EPSS
Exploits1References4
RedHat Linux
RedHat Linux
added 2021/05/18 3:4 p.m.3 views

libyang: NULL pointer dereference in function lys_extension_instances_free()

A NULL pointer dereference flaw occurs in libyang in the function lysextensioninstancesfree due to a copy of unresolved extensions in lysrestrdup. Applications that use libyang to process untrusted input YANG files may crash...

6.5CVSS6.6AI score0.01818EPSS
Exploits1References4
Rows per page
Query Builder