| CVE |
Vendors |
Products |
Updated |
CVSS v3.1 |
| In shiftfs, a non-upstream patch to the Linux kernel included in the Ubuntu 5.0 and 5.3 kernel series, shiftfs_btrfs_ioctl_fd_replace() installs an fd referencing a file from the lower filesystem without taking an additional reference to that file. After the btrfs ioctl completes this fd is closed, which then puts a reference to that file, leading to a refcount underflow. |
| Privilege escalation vulnerability in MicroK8s allows a low privilege user with local access to obtain root access to the host by provisioning a privileged container. Fixed in MicroK8s 1.15.3. |
| Clara Genomics Analysis before 0.2.0 has an integer overflow for cudapoa memory management in allocate_block.cpp. |
| libZetta.rs through 0.1.2 has an integer overflow in the zpool parser (for error stats) that leads to a panic. |
| ROBOTIS Dynamixel SDK through 3.7.11 has a buffer overflow via a large rxpacket. |
| FontForge 20190813 through 20190820 has a buffer overflow in PrefsUI_LoadPrefs in prefs.c. |
| Secure Reliable Transport (SRT) through 1.3.4 has a CSndUList array overflow if there are many SRT connections. |
| Lute-Tab before 2019-08-23 has a buffer overflow in pdf_print.cc. |
| WebTorrent before 0.107.6 allows XSS in the HTTP server via a title or file name. |
| The facebook-by-weblizar plugin before 2.8.5 for WordPress has CSRF. |
| The formidable plugin before 4.02.01 for WordPress has unsafe deserialization. |
| The insta-gallery plugin before 2.4.8 for WordPress has no nonce validation for qligg_dismiss_notice or qligg_form_item_delete. |
| The woo-variation-gallery plugin before 1.1.29 for WordPress has XSS. |
| The shapepress-dsgvo plugin before 2.2.19 for WordPress has wp-admin/admin-ajax.php?action=admin-common-settings&admin_email= XSS. |
| The simple-301-redirects-addon-bulk-uploader plugin before 1.2.5 for WordPress has no protection against 301 redirect rule injection via a CSV file. |
| The nd-learning plugin before 4.8 for WordPress has a nopriv_ AJAX action that allows modification of the siteurl setting. |
| The nd-booking plugin before 2.5 for WordPress has a nopriv_ AJAX action that allows modification of the siteurl setting. |
| The nd-travel plugin before 1.7 for WordPress has a nopriv_ AJAX action that allows modification of the siteurl setting. |
| The nd-donations plugin before 1.4 for WordPress has a nopriv_ AJAX action that allows modification of the siteurl setting. |
| The nd-shortcodes plugin before 6.0 for WordPress has a nopriv_ AJAX action that allows modification of the siteurl setting. |
