π¨ CVE-2022-0913
Integer Overflow or Wraparound in GitHub repository microweber/microweber prior to 1.3.
π@cveNotify
Integer Overflow or Wraparound in GitHub repository microweber/microweber prior to 1.3.
π@cveNotify
π¨ CVE-2022-0928
Cross-site Scripting (XSS) - Stored in GitHub repository microweber/microweber prior to 1.2.12.
π@cveNotify
Cross-site Scripting (XSS) - Stored in GitHub repository microweber/microweber prior to 1.2.12.
π@cveNotify
GitHub
upgrade taxes to laravel routers Β· microweber/microweber@fc9137c
Drag and Drop Website Builder and CMS with E-commerce - upgrade taxes to laravel routers Β· microweber/microweber@fc9137c
π¨ CVE-2022-0870
Server-Side Request Forgery (SSRF) in GitHub repository gogs/gogs prior to 0.12.5.
π@cveNotify
Server-Side Request Forgery (SSRF) in GitHub repository gogs/gogs prior to 0.12.5.
π@cveNotify
GitHub
security: fix SSRF in repository migration (#6812) Β· gogs/gogs@91f2cde
Co-authored-by: Joe Chen <jc@unknwon.io>
# Conflicts:
#
CHANGELOG.md
#
internal/route/repo/webhook.go
# Conflicts:
#
CHANGELOG.md
#
internal/route/repo/webhook.go
π¨ CVE-2022-0871
Improper Authorization in GitHub repository gogs/gogs prior to 0.12.5.
π@cveNotify
Improper Authorization in GitHub repository gogs/gogs prior to 0.12.5.
π@cveNotify
GitHub
security: fix improper PAM authorization handling (#6819) Β· gogs/gogs@64102be
Co-authored-by: Joe Chen <jc@unknwon.io>
# Conflicts:
#
CHANGELOG.md
#
internal/auth/pam/pam.go
# Conflicts:
#
CHANGELOG.md
#
internal/auth/pam/pam.go
π¨ CVE-2022-0928
Cross-site Scripting (XSS) - Stored in GitHub repository microweber/microweber prior to 1.2.12.
π@cveNotify
Cross-site Scripting (XSS) - Stored in GitHub repository microweber/microweber prior to 1.2.12.
π@cveNotify
GitHub
upgrade taxes to laravel routers Β· microweber/microweber@fc9137c
Drag and Drop Website Builder and CMS with E-commerce - upgrade taxes to laravel routers Β· microweber/microweber@fc9137c
π¨ CVE-2022-0870
Server-Side Request Forgery (SSRF) in GitHub repository gogs/gogs prior to 0.12.5.
π@cveNotify
Server-Side Request Forgery (SSRF) in GitHub repository gogs/gogs prior to 0.12.5.
π@cveNotify
GitHub
security: fix SSRF in repository migration (#6812) Β· gogs/gogs@91f2cde
Co-authored-by: Joe Chen <jc@unknwon.io>
# Conflicts:
#
CHANGELOG.md
#
internal/route/repo/webhook.go
# Conflicts:
#
CHANGELOG.md
#
internal/route/repo/webhook.go
π¨ CVE-2022-0860
Improper Authorization in GitHub repository cobbler/cobbler prior to 3.3.2.
π@cveNotify
Improper Authorization in GitHub repository cobbler/cobbler prior to 3.3.2.
π@cveNotify
π¨ CVE-2022-26495
In nbd-server in nbd before 3.24, there is an integer overflow with a resultant heap-based buffer overflow. A value of 0xffffffff in the name length field will cause a zero-sized buffer to be allocated for the name, resulting in a write to a dangling pointer. This issue exists for the NBD_OPT_INFO, NBD_OPT_GO, and NBD_OPT_EXPORT_NAME messages.
π@cveNotify
In nbd-server in nbd before 3.24, there is an integer overflow with a resultant heap-based buffer overflow. A value of 0xffffffff in the name length field will cause a zero-sized buffer to be allocated for the name, resulting in a write to a dangling pointer. This issue exists for the NBD_OPT_INFO, NBD_OPT_GO, and NBD_OPT_EXPORT_NAME messages.
π@cveNotify
sourceforge.net
Network Block Device - Browse /nbd at SourceForge.net
Tools for the Linux Kernel's network block device, allowing you to use remote block devices over a TCP/IP network.
Note that we have moved toβ¦
Note that we have moved toβ¦
π¨ CVE-2022-21819
NVIDIA distributions of Jetson Linux contain a vulnerability where an error in the IOMMU configuration may allow an unprivileged attacker with physical access to the board direct read/write access to the entire system address space through the PCI bus. Such an attack could result in denial of service, code execution, escalation of privileges, and impact to data integrity and confidentiality. The scope impact may extend to other components.
π@cveNotify
NVIDIA distributions of Jetson Linux contain a vulnerability where an error in the IOMMU configuration may allow an unprivileged attacker with physical access to the board direct read/write access to the entire system address space through the PCI bus. Such an attack could result in denial of service, code execution, escalation of privileges, and impact to data integrity and confidentiality. The scope impact may extend to other components.
π@cveNotify
π¨ CVE-2022-26496
In nbd-server in nbd before 3.24, there is a stack-based buffer overflow. An attacker can cause a buffer overflow in the parsing of the name field by sending a crafted NBD_OPT_INFO or NBD_OPT_GO message with an large value as the length of the name.
π@cveNotify
In nbd-server in nbd before 3.24, there is a stack-based buffer overflow. An attacker can cause a buffer overflow in the parsing of the name field by sending a crafted NBD_OPT_INFO or NBD_OPT_GO message with an large value as the length of the name.
π@cveNotify
sourceforge.net
Network Block Device - Browse /nbd at SourceForge.net
Tools for the Linux Kernel's network block device, allowing you to use remote block devices over a TCP/IP network.
Note that we have moved toβ¦
Note that we have moved toβ¦
π¨ CVE-2021-46704
In GenieACS 1.2.x before 1.2.8, the UI interface API is vulnerable to unauthenticated OS command injection via the ping host argument (lib/ui/api.ts and lib/ping.ts). The vulnerability arises from insufficient input validation combined with a missing authorization check.
π@cveNotify
In GenieACS 1.2.x before 1.2.8, the UI interface API is vulnerable to unauthenticated OS command injection via the ping host argument (lib/ui/api.ts and lib/ping.ts). The vulnerability arises from insufficient input validation combined with a missing authorization check.
π@cveNotify
GitHub
Validate host arg passed to ping Β· genieacs/genieacs@7f295be
Fixes remote code execution vulnerability reported by Alex Hordijk.
π¨ CVE-2020-18327
Cross Site Scripting (XSS) vulnerability exists in Alfresco Alfresco Community Edition v5.2.0 via the action parameter in the alfresco/s/admin/admin-nodebrowser API. Fixed in v6.2
π@cveNotify
Cross Site Scripting (XSS) vulnerability exists in Alfresco Alfresco Community Edition v5.2.0 via the action parameter in the alfresco/s/admin/admin-nodebrowser API. Fixed in v6.2
π@cveNotify
Cvedetails
CVE security vulnerability database. Security vulnerabilities, exploits, references and more
CVEdetails.com is a free CVE security vulnerability database/information source. You can view CVE vulnerability details, exploits, references, metasploit modules, full list of vulnerable products and cvss score reports and vulnerability trends over time
π¨ CVE-2020-18324
Cross Site Scripting (XSS) vulnerability exists in Subrion CMS 4.2.1 via the q parameter in the Kickstart template.
π@cveNotify
Cross Site Scripting (XSS) vulnerability exists in Subrion CMS 4.2.1 via the q parameter in the Kickstart template.
π@cveNotify
Intelliants
Intelligent Web Solutions
Web design & development company with the creative & professional approach that makes your online presence successful!
π¨ CVE-2020-18325
Multilple Cross Site Scripting (XSS) vulnerability exists in Intelliants Subrion CMS v4.2.1 in the Configuration panel.
π@cveNotify
Multilple Cross Site Scripting (XSS) vulnerability exists in Intelliants Subrion CMS v4.2.1 in the Configuration panel.
π@cveNotify
GitHub
GitHub - hamm0nz/CVE-2020-18325: Exploit PoC for CVE-2020-18325
Exploit PoC for CVE-2020-18325. Contribute to hamm0nz/CVE-2020-18325 development by creating an account on GitHub.
π¨ CVE-2021-46382
Unauthenticated cross-site scripting (XSS) in Netgear WAC120 AC Access Point may lead to mulitple attacks like session hijacking even clipboard hijacking.
π@cveNotify
Unauthenticated cross-site scripting (XSS) in Netgear WAC120 AC Access Point may lead to mulitple attacks like session hijacking even clipboard hijacking.
π@cveNotify
π¨ CVE-2020-18326
Cross Site Request Forgery (CSRF) vulnerability exists in Intelliants Subrion CMS v4.2.1 via the Members administrator function, which could let a remote unauthenticated malicious user send an authorised request to victim and successfully create an arbitrary administrator user.
π@cveNotify
Cross Site Request Forgery (CSRF) vulnerability exists in Intelliants Subrion CMS v4.2.1 via the Members administrator function, which could let a remote unauthenticated malicious user send an authorised request to victim and successfully create an arbitrary administrator user.
π@cveNotify
GitHub
GitHub - hamm0nz/CVE-2020-18326: Exploit PoC for CVE-2020-18326
Exploit PoC for CVE-2020-18326. Contribute to hamm0nz/CVE-2020-18326 development by creating an account on GitHub.
π¨ CVE-2022-25623
The Symantec Management Agent is susceptible to a privilege escalation vulnerability. A low privilege local account can be elevated to the SYSTEM level through registry manipulations.
π@cveNotify
The Symantec Management Agent is susceptible to a privilege escalation vulnerability. A low privilege local account can be elevated to the SYSTEM level through registry manipulations.
π@cveNotify
π¨ CVE-2021-32475
ID numbers displayed in the quiz grading report required additional sanitizing to prevent a stored XSS risk. Moodle 3.10 to 3.10.3, 3.9 to 3.9.6, 3.8 to 3.8.8, 3.5 to 3.5.17 and earlier unsupported versions are affected.
π@cveNotify
ID numbers displayed in the quiz grading report required additional sanitizing to prevent a stored XSS risk. Moodle 3.10 to 3.10.3, 3.9 to 3.9.6, 3.8 to 3.8.8, 3.5 to 3.5.17 and earlier unsupported versions are affected.
π@cveNotify
π¨ CVE-2022-0002
Non-transparent sharing of branch predictor within a context in some Intel(R) Processors may allow an authorized user to potentially enable information disclosure via local access.
π@cveNotify
Non-transparent sharing of branch predictor within a context in some Intel(R) Processors may allow an authorized user to potentially enable information disclosure via local access.
π@cveNotify
Intel
INTEL-SA-00598
π¨ CVE-2022-0001
Non-transparent sharing of branch predictor selectors between contexts in some Intel(R) Processors may allow an authorized user to potentially enable information disclosure via local access.
π@cveNotify
Non-transparent sharing of branch predictor selectors between contexts in some Intel(R) Processors may allow an authorized user to potentially enable information disclosure via local access.
π@cveNotify
Intel
INTEL-SA-00598
π¨ CVE-2021-27414
An attacker could trick a user of Hitachi ABB Power Grids Ellipse Enterprise Asset Management (EAM) versions prior to and including 9.0.25 into visiting a malicious website posing as a login page for the Ellipse application and gather authentication credentials.
π@cveNotify
An attacker could trick a user of Hitachi ABB Power Grids Ellipse Enterprise Asset Management (EAM) versions prior to and including 9.0.25 into visiting a malicious website posing as a login page for the Ellipse application and gather authentication credentials.
π@cveNotify
www.cisa.gov
Hitachi ABB Power Grids Ellipse EAM | CISA
1. EXECUTIVE SUMMARY CVSS v3 5.5 ATTENTION: Exploitable remotely/low skill level to exploit Vendor: Hitachi ABB Power Grids Equipment: Ellipse EAM Vulnerabilities: Cross-site Scripting, User Interface Misrepresentation of Critical Information 2.