| CVE |
Vendors |
Products |
Updated |
CVSS v3.1 |
| Memory corruption while invoking IOCTL calls for MSM module from the user space during audio playback and record. |
| Memory corruption while unmapping the fastrpc map when two threads can free the same map in concurrent scenario. |
| PHPSpreadsheet is a pure PHP library for reading and writing spreadsheet files. It's possible for an attacker to construct an XLSX file which links media from external URLs. When opening the XLSX file, PhpSpreadsheet retrieves the image size and type by reading the file contents, if the provided path is a URL. By using specially crafted `php://filter` URLs an attacker can leak the contents of any file or URL. Note that this vulnerability is different from GHSA-w9xv-qf98-ccq4, and resides in a different component. An attacker can access any file on the server, or leak information form arbitrary URLs, potentially exposing sensitive information such as AWS IAM credentials. This issue has been addressed in release versions 1.29.2, 2.1.1, and 2.3.0. All users are advised to upgrade. There are no known workarounds for this vulnerability. |
| Information disclosure while parsing the multiple MBSSID IEs from the beacon. |
| Memory corruption while redirecting log file to any file location with any file name. |
| Transient DOS when transmission of management frame sent by host is not successful and error status is received in the host. |
| Transient DOS while parsing ESP IE from beacon/probe response frame. |
| Transient DOS while parsing the MBSSID IE from the beacons when IE length is 0. |
| An issue in ILIFE com.ilife.home.global 1.8.7 allows a remote attacker to obtain sensitive information via the firmware update process. |
| File Upload vulnerability in DYCMS Open-Source Version v2.0.9.41 allows a remote attacker to execute arbitrary code via the application only detecting the extension of image files in the front-end. |
| An issue in Wanxing Technology Yitu Project Management Kirin Edition 2.3.6 allows a remote attacker to execute arbitrary code via a specially constructed so file/opt/EdrawProj-2/plugins/imageformat. |
| Incorrect access control in Mirotalk before commit 9de226 allows attackers to arbitrarily change usernames via sending a crafted roomAction request to the server. |
| Incorrect access control in the function handleDataChannelChat(dataMessage) of Mirotalk before commit c21d58 allows attackers to forge chat messages using an arbitrary sender name. |
| Incorrect access control in the component app/src/server.js of Mirotalk before commit 9de226 allows unauthenticated attackers without presenter privileges to arbitrarily eject users from a meeting. |
| The Indeed Membership Pro plugin for WordPress is vulnerable to authorization bypass due to missing capability checks on various AJAX actions in versions 7.3 - 8.6. This makes it possible for authenticated attacker, with minimal permission, such as a subscriber, to perform a variety of actions such as modifying settings and viewing sensitive data. |
| Improper Neutralization of Input During Web Page Generation (XSS or 'Cross-site Scripting') vulnerability in Microchip TimeProvider 4100 (data plot modules) allows Reflected XSS.This issue affects TimeProvider 4100: from 1.0 before 2.4.7. |
| The Facebook Chat Plugin for WordPress is vulnerable to authorization bypass due to a missing capability check on the wp_ajax_update_options function in versions up to, and including, 1.5. This flaw makes it possible for low-level authenticated attackers to connect their own Facebook Messenger account to any site running the vulnerable plugin and engage in chats with site visitors on affected sites. |
| The Discount Rules for WooCommerce plugin for WordPress is vulnerable to missing authorization via several AJAX actions in versions up to, and including, 2.0.2 due to missing capability checks on various functions. This makes it possible for subscriber-level attackers to execute various actions and perform a wide variety of actions such as modifying rules and saving configurations. |
| The Product Filter by WooBeWoo plugin for WordPress is vulnerable to authorization bypass in versions up to, and including 1.4.9 due to missing authorization checks on various functions. This makes it possible for unauthenticated attackers to perform unauthorized actions such as creating new filters and injecting malicious javascript into a vulnerable site. This was actively exploited at the time of discovery. |
| PHPSpreadsheet is a pure PHP library for reading and writing spreadsheet files. It's possible for an attacker to construct an XLSX file that links images from arbitrary paths. When embedding images has been enabled in HTML writer with `$writer->setEmbedImages(true);` those files will be included in the output as `data:` URLs, regardless of the file's type. Also URLs can be used for embedding, resulting in a Server-Side Request Forgery vulnerability. When embedding images has been enabled, an attacker can read arbitrary files on the server and perform arbitrary HTTP GET requests. Note that any PHP protocol wrappers can be used, meaning that if for example the `expect://` wrapper is enabled, also remote code execution is possible. This issue has been addressed in release versions 1.29.2, 2.1.1, and 2.3.0. All users are advised to upgrade. there are no known workarounds for this vulnerability. |
