‼ CVE-2021-20316 ‼
📖 Read
via "National Vulnerability Database".
A flaw was found in the way Samba handled file/directory metadata. This flaw allows an authenticated attacker with permissions to read or modify share metadata, to perform this operation outside of the share.📖 Read
via "National Vulnerability Database".
‼ CVE-2021-3800 ‼
📖 Read
via "National Vulnerability Database".
A flaw was found in glib before version 2.63.6. Due to random charset alias, pkexec can leak content from files owned by privileged users to unprivileged ones under the right condition.📖 Read
via "National Vulnerability Database".
‼ CVE-2021-3839 ‼
📖 Read
via "National Vulnerability Database".
A flaw was found in the vhost library in DPDK. Function vhost_user_set_inflight_fd() does not validate `msg->payload.inflight.num_queues`, possibly causing out-of-bounds memory read/write. Any software using DPDK vhost library may crash as a result of this vulnerability.📖 Read
via "National Vulnerability Database".
‼ CVE-2022-28882 ‼
📖 Read
via "National Vulnerability Database".
A Denial-of-Service (DoS) vulnerability was discovered in F-Secure & WithSecure products whereby the aegen.dll will go into an infinite loop when unpacking PE files. This eventually leads to scanning engine crash. The exploit can be triggered remotely by an attacker.📖 Read
via "National Vulnerability Database".
‼ CVE-2022-2946 ‼
📖 Read
via "National Vulnerability Database".
Use After Free in GitHub repository vim/vim prior to 9.0.0245.📖 Read
via "National Vulnerability Database".
‼ CVE-2022-34658 ‼
📖 Read
via "National Vulnerability Database".
Multiple Authenticated (contributor+) Persistent Cross-Site Scripting (XSS) vulnerabilities in W3 Eden Download Manager plugin <= 3.2.48 at WordPress.📖 Read
via "National Vulnerability Database".
‼ CVE-2022-35235 ‼
📖 Read
via "National Vulnerability Database".
Authenticated (admin+) Arbitrary File Read vulnerability in XplodedThemes WPide plugin <= 2.6 at WordPress.📖 Read
via "National Vulnerability Database".
‼ CVE-2022-35726 ‼
📖 Read
via "National Vulnerability Database".
Broken Authentication vulnerability in yotuwp Video Gallery plugin <= 1.3.4.5 at WordPress.📖 Read
via "National Vulnerability Database".
‼ CVE-2022-29476 ‼
📖 Read
via "National Vulnerability Database".
Unauthenticated Stored Cross-Site Scripting (XSS) vulnerability in 8 Degree Themes otification Bar for WordPress plugin <= 1.1.8 at WordPress.📖 Read
via "National Vulnerability Database".
‼ CVE-2022-36285 ‼
📖 Read
via "National Vulnerability Database".
Authenticated Arbitrary File Upload vulnerability in dmitrylitvinov Uploading SVG, WEBP and ICO files plugin <= 1.0.1 at WordPress.📖 Read
via "National Vulnerability Database".
‼ CVE-2021-3701 ‼
📖 Read
via "National Vulnerability Database".
A flaw was found in ansible-runner where the default temporary files configuration in ansible-2.0.0 are written to world R/W locations. This flaw allows an attacker to pre-create the directory, resulting in reading private information or forcing ansible-runner to write files as the legitimate user in a place they did not expect. The highest threat from this vulnerability is to confidentiality and integrity.📖 Read
via "National Vulnerability Database".
‼ CVE-2021-3724 ‼
📖 Read
via "National Vulnerability Database".
** REJECT ** DO NOT USE THIS CANDIDATE NUMBER. ConsultIDs: none. Reason: This candidate was withdrawn by its CNA. Further investigation showed that it was not a security issue. Notes: none.📖 Read
via "National Vulnerability Database".
‼ CVE-2022-36288 ‼
📖 Read
via "National Vulnerability Database".
Multiple Cross-Site Request Forgery (CSRF) vulnerabilities in W3 Eden Download Manager plugin <= 3.2.48 at WordPress.📖 Read
via "National Vulnerability Database".
‼ CVE-2022-34648 ‼
📖 Read
via "National Vulnerability Database".
Authenticated (author+) Stored Cross-Site Scripting (XSS) vulnerability in dmitrylitvinov Uploading SVG, WEBP and ICO files plugin <= 1.0.1 at WordPress.📖 Read
via "National Vulnerability Database".
‼ CVE-2021-3670 ‼
📖 Read
via "National Vulnerability Database".
MaxQueryDuration not honoured in Samba AD DC LDAP📖 Read
via "National Vulnerability Database".
‼ CVE-2021-3771 ‼
📖 Read
via "National Vulnerability Database".
** REJECT ** DO NOT USE THIS CANDIDATE NUMBER. ConsultIDs: none. Reason: This candidate was withdrawn by its CNA. Further investigation showed that it was not a security issue. Notes: none.📖 Read
via "National Vulnerability Database".
‼ CVE-2022-36282 ‼
📖 Read
via "National Vulnerability Database".
Authenticated (editor+) Stored Cross-Site Scripting (XSS) vulnerability in Roman Pronskiy's Search Exclude plugin <= 1.2.6 at WordPress.📖 Read
via "National Vulnerability Database".
‼ CVE-2022-36347 ‼
📖 Read
via "National Vulnerability Database".
Authenticated (admin+) Stored Cross-Site Scripting (XSS) vulnerability in Alpine Press Alpine PhotoTile for Pinterest plugin <= 1.3.1 at WordPress.📖 Read
via "National Vulnerability Database".
‼ CVE-2022-36394 ‼
📖 Read
via "National Vulnerability Database".
Authenticated (author+) SQL Injection (SQLi) vulnerability in Contest Gallery plugin <= 17.0.4 at WordPress.📖 Read
via "National Vulnerability Database".
👍1
‼ CVE-2022-36292 ‼
📖 Read
via "National Vulnerability Database".
Cross-Site Request Forgery (CSRF) vulnerabilities in WPChill Gallery PhotoBlocks plugin <= 1.2.6 at WordPress.📖 Read
via "National Vulnerability Database".
‼ CVE-2022-38663 ‼
📖 Read
via "National Vulnerability Database".
Jenkins Git Plugin 4.11.4 and earlier does not properly mask (i.e., replace with asterisks) credentials in the build log provided by the Git Username and Password (`gitUsernamePassword`) credentials binding.📖 Read
via "National Vulnerability Database".