‼️CVE-2023-50333‼️
📖 Read more
Via "National Vulnerability Database"
Mattermost fails to update the permissions of the current session for a user who was just demoted to guest, allowing freshly demoted guests to change group names. 📖 Read more
Via "National Vulnerability Database"
‼️CVE-2023-6693‼️
📖 Read more
Via "National Vulnerability Database"
A stack based buffer overflow was found in the virtionet device of QEMU. This issue occurs when flushing TX in the virtionetflushtx function if guest features VIRTIONETFHASHREPORT, VIRTIOFVERSION1 and VIRTIONETFMRGRXBUF are enabled. This could allow a malicious user to overwrite local variables allocated on the stack. Specifically, the outsg variable could be used to read a part of process memory and send it to the wire, causing an information leak.📖 Read more
Via "National Vulnerability Database"
‼️CVE-2023-6436‼️
📖 Read more
Via "National Vulnerability Database"
Improper Neutralization of Special Elements used in an SQL Command 'SQL Injection' vulnerability in Ekol Informatics Website Template allows SQL Injection.This issue affects Website Template through 20231215. 📖 Read more
Via "National Vulnerability Database"
‼️CVE-2015-10128‼️
📖 Read more
Via "National Vulnerability Database"
A vulnerability was found in rtprettyphoto Plugin up to 1.2 on WordPress and classified as problematic. Affected by this issue is the function royalprettyphotopluginlinks of the file rtprettyphoto.php. The manipulation leads to cross site scripting. The attack may be launched remotely. Upgrading to version 1.3 is able to address this issue. The patch is identified as 0d3d38cfa487481b66869e4212df1cefc281ecb7. It is recommended to upgrade the affected component. VDB249422 is the identifier assigned to this vulnerability.📖 Read more
Via "National Vulnerability Database"
‼️CVE-2017-20188‼️
📖 Read more
Via "National Vulnerability Database"
A vulnerability has been found in Zimbra zmajax up to 8.8.1 and classified as problematic. Affected by this vulnerability is the function XFormItem.prototype.setError of the file WebRootjsajaxdwtxformsXFormItem.js. The manipulation of the argument message leads to cross site scripting. The attack can be launched remotely. The complexity of an attack is rather high. The exploitation appears to be difficult. Upgrading to version 8.8.2 is able to address this issue. The identifier of the patch is 8d039d6efe80780adc40c6f670c06d21de272105. It is recommended to upgrade the affected component. The identifier VDB249421 was assigned to this vulnerability.📖 Read more
Via "National Vulnerability Database"
‼️CVE-2024-0188‼️
📖 Read more
Via "National Vulnerability Database"
A vulnerability, which was classified as problematic, was found in RRJ Nueva Ecija Engineer Online Portal 1.0. This affects an unknown part of the file changepasswordteacher.php. The manipulation leads to weak password requirements. It is possible to initiate the attack remotely. The complexity of an attack is rather high. The exploitability is told to be difficult. The exploit has been disclosed to the public and may be used. The identifier VDB249501 was assigned to this vulnerability.📖 Read more
Via "National Vulnerability Database"
‼️CVE-2018-25097‼️
📖 Read more
Via "National Vulnerability Database"
A vulnerability, which was classified as problematic, was found in Acumos Design Studio up to 2.0.7. Affected is an unknown function. The manipulation leads to cross site scripting. It is possible to launch the attack remotely. Upgrading to version 2.0.8 is able to address this issue. The name of the patch is 0df8a5e8722188744973168648e4c74c69ce67fd. It is recommended to upgrade the affected component. The identifier of this vulnerability is VDB249420.📖 Read more
Via "National Vulnerability Database"
‼️CVE-2023-4280‼️
📖 Read more
Via "National Vulnerability Database"
An unvalidated input in Silicon Labs TrustZone implementation in v4.3.x and earlier of the Gecko SDK allows an attacker to access the trusted region of memory from the untrusted region.📖 Read more
Via "National Vulnerability Database"
‼️CVE-2024-0189‼️
📖 Read more
Via "National Vulnerability Database"
A vulnerability has been found in RRJ Nueva Ecija Engineer Online Portal 1.0 and classified as problematic. This vulnerability affects unknown code of the file teachermessage.php of the component Create Message Handler. The manipulation of the argument Content with the input alertx leads to cross site scripting. The attack can be initiated remotely. The exploit has been disclosed to the public and may be used. VDB249502 is the identifier assigned to this vulnerability.📖 Read more
Via "National Vulnerability Database"
‼️CVE-2024-0193‼️
📖 Read more
Via "National Vulnerability Database"
A useafterfree flaw was found in the netfilter subsystem of the Linux kernel. If the catchall element is garbagecollected when the pipapo set is removed, the element can be deactivated twice. This can cause a useafterfree issue on an NFTCHAIN object or NFTOBJECT object, allowing a local unprivileged user to escalate their privileges on the system.📖 Read more
Via "National Vulnerability Database"
‼️CVE-2022-3010‼️
📖 Read more
Via "National Vulnerability Database"
The Priva TopControl Suite contains predictable credentials for the SSH service, based on the Serial number. Which makes it possible for an attacker to calculate the login credentials for the Priva TopControll suite.📖 Read more
Via "National Vulnerability Database"
‼️CVE-2023-48419‼️
📖 Read more
Via "National Vulnerability Database"
An attacker in the wifi vicinity of a target Google Home can spy on the victim, resulting in Elevation of Privilege 📖 Read more
Via "National Vulnerability Database"
‼️CVE-2023-7192‼️
📖 Read more
Via "National Vulnerability Database"
A memory leak problem was found in ctnetlinkcreateconntrack in netnetfilternfconntracknetlink.c in the Linux Kernel. This issue may allow a local attacker with CAPNETADMIN privileges to cause a denial of service DoS attack due to a refcount overflow.📖 Read more
Via "National Vulnerability Database"
‼️CVE-2024-0190‼️
📖 Read more
Via "National Vulnerability Database"
A vulnerability was found in RRJ Nueva Ecija Engineer Online Portal 1.0 and classified as problematic. This issue affects some unknown processing of the file addquiz.php of the component Quiz Handler. The manipulation of the argument Quiz TitleQuiz Description with the input alertx leads to cross site scripting. The attack may be initiated remotely. The exploit has been disclosed to the public and may be used. The associated identifier of this vulnerability is VDB249503.📖 Read more
Via "National Vulnerability Database"
‼️CVE-2023-49794‼️
📖 Read more
Via "National Vulnerability Database"
KernelSU is a Kernelbased root solution for Android devices. In versions 0.7.1 and prior, the logic of get apk path in KernelSU kernel module can be bypassed, which causes any malicious apk named me.weishu.kernelsu get root permission. If a KernelSU module installed device try to install any not checked apk which package name equal to the official KernelSU Manager, it can take over root privileges on the device. As of time of publication, a patched version is not available.📖 Read more
Via "National Vulnerability Database"
‼️CVE-2023-50711‼️
📖 Read more
Via "National Vulnerability Database"
vmmsysutil is a collection of modules that provides helpers and utilities used by multiple rustvmm components. Starting in version 0.5.0 and prior to version 0.12.0, an issue in the FamStructWrapperdeserialize implementation provided by the crate for vmmsysutilfamFamStructWrapper can lead to out of bounds memory accesses. The deserialization does not check that the length stored in the header matches the flexible array length. Mismatch in the lengths might allow out of bounds memory access through Rustsafe methods. The issue was corrected in version 0.12.0 by inserting a check that verifies the lengths of compared flexible arrays are equal for any deserialized header and aborting deserialization otherwise. Moreover, the API was changed so that header length can only be modified through Rustunsafe code. This ensures that users cannot trigger outofbounds memory access from Rustsafe code.📖 Read more
Via "National Vulnerability Database"
‼️CVE-2023-51652‼️
📖 Read more
Via "National Vulnerability Database"
OWASP AntiSamy .NET is a library for performing cleansing of HTML coming from untrusted sources. Prior to version 1.2.0, there is a potential for a mutation crosssite scripting mXSS vulnerability in AntiSamy caused by flawed parsing of the HTML being sanitized. To be subject to this vulnerability the preserveComments directive must be enabled in your policy file and also allow for certain tags at the same time. As a result, certain crafty inputs can result in elements in comment tags being interpreted as executable when using AntiSamy's sanitized output. This is patched in OWASP AntiSamy .NET 1.2.0 and later. See important remediation details in the reference given below. As a workaround, manually edit the AntiSamy policy file e.g., antisamy.xml by deleting the preserveComments directive or setting its value to false, if present. Also it would be useful to make AntiSamy remove the noscript tag by adding a line described in the GitHub Security Advisory to the tag definitions under the node, or deleting it entirely if present. As the previously mentioned policy settings are preconditions for the mXSS attack to work, changing them as recommended should be sufficient to protect you against this vulnerability when using a vulnerable version of this library. However, the existing bug would still be present in AntiSamy or its parser dependency HtmlAgilityPack. The safety of this workaround relies on configurations that may change in the future and don't address the root cause of the vulnerability. As such, it is strongly recommended to upgrade to a fixed version of AntiSamy.📖 Read more
Via "National Vulnerability Database"
‼️CVE-2024-0191‼️
📖 Read more
Via "National Vulnerability Database"
A vulnerability was found in RRJ Nueva Ecija Engineer Online Portal 1.0. It has been classified as problematic. Affected is an unknown function of the file adminuploads. The manipulation leads to file and directory information exposure. It is possible to launch the attack remotely. The exploit has been disclosed to the public and may be used. The identifier of this vulnerability is VDB249504.📖 Read more
Via "National Vulnerability Database"
‼️CVE-2024-0192‼️
📖 Read more
Via "National Vulnerability Database"
A vulnerability was found in RRJ Nueva Ecija Engineer Online Portal 1.0. It has been declared as critical. Affected by this vulnerability is an unknown functionality of the file downloadable.php of the component Add Downloadable. The manipulation leads to unrestricted upload. The attack can be launched remotely. The exploit has been disclosed to the public and may be used. The identifier VDB249505 was assigned to this vulnerability.📖 Read more
Via "National Vulnerability Database"
‼️CVE-2023-45561‼️
📖 Read more
Via "National Vulnerability Database"
An issue in AWORLD OIRASE BEERwaiting Line v.13.6.1 allows attackers to send crafted notifications via leakage of the channel access token.📖 Read more
Via "National Vulnerability Database"
‼️CVE-2023-45892‼️
📖 Read more
Via "National Vulnerability Database"
An issue discovered in the Order and Invoice pages in Floorsight Insights Q3 2023 allows an unauthenticated remote attacker to view sensitive customer information.📖 Read more
Via "National Vulnerability Database"