| CVE |
Vendors |
Products |
Updated |
CVSS v3.1 |
| Insertion of Sensitive Information Into Sent Data vulnerability in DevItems HT Mega ht-mega-for-elementor.This issue affects HT Mega: from n/a through <= 2.4.7. |
| Insertion of Sensitive Information Into Sent Data vulnerability in InstaWP InstaWP Connect instawp-connect.This issue affects InstaWP Connect: from n/a through <= 0.1.0.9. |
| Insertion of Sensitive Information Into Sent Data vulnerability in tainacan Tainacan tainacan.This issue affects Tainacan: from n/a through <= 0.20.6. |
| An issue has been discovered in GitLab EE affecting all versions starting from 16.8 before 16.8.2. When a user is assigned a custom role with manage_group_access_tokens permission, they may be able to create group access tokens with Owner privileges, which may lead to privilege escalation. |
| An issue has been discovered in GitLab EE with Advanced Search affecting all versions from 13.9 to 16.3.6, 16.4 prior to 16.4.2 and 16.5 prior to 16.5.1 that could allow a denial of service in the Advanced Search function by chaining too many syntax operators. |
| An issue has been discovered in GitLab CE/EE affecting all versions starting from 16.0 before 16.3.6, all versions starting from 16.4 before 16.4.2, and all versions starting from 16.5.0 before 16.5.1 which have the `super_sidebar_logged_out` feature flag enabled. Affected versions with this default-disabled feature flag enabled may unintentionally disclose GitLab version metadata to unauthorized actors. |
| An issue has been discovered in GitLab affecting all versions before 16.4.3, all versions starting from 16.5 before 16.5.3, all versions starting from 16.6 before 16.6.1. Under certain circumstances, a malicious actor bypass prohibited branch checks using a specially crafted branch name to manipulate repository content in the UI. |
| Cisco PIX and Adaptive Security Appliance (ASA) 5500 devices 7.2 before 7.2(4)2, 8.0 before 8.0(3)14, and 8.1 before 8.1(1)4, when configured as a client VPN endpoint, do not properly process IPSec client authentication, which allows remote attackers to cause a denial of service (device reload) via a crafted authentication attempt, aka Bug ID CSCso69942. |
| Multiple unspecified vulnerabilities in HP Performance Insight 5.3 allow remote attackers to have an unknown impact, related to (1) a "Remote exploit" on Windows platforms, and (2) a "Remote preauthentication exploit" on the Windows Server 2003 SP2 platform, as demonstrated by certain modules in VulnDisco Pack Professional 8.11. NOTE: as of 20090903, this disclosure has no actionable information. However, because the VulnDisco Pack author is a reliable researcher, the issue is being assigned a CVE identifier for tracking purposes. |
| A certain ActiveX control in the Indexing Service in Microsoft Windows 2000 SP4, XP SP2 and SP3, and Server 2003 SP2 does not properly process URLs, which allows remote attackers to execute arbitrary programs via unspecified vectors that cause a "vulnerable binary" to load and run, aka "Memory Corruption in Indexing Service Vulnerability." |
| Unspecified vulnerability in the Oracle JDeveloper component in Oracle Application Server 10.1.2.2 allows local users to affect confidentiality via unknown vectors. |
| Multiple unspecified vulnerabilities in WebKit in Apple Safari before 4.0.4 on Windows allow remote FTP servers to execute arbitrary code, cause a denial of service (application crash), or obtain sensitive information via a crafted directory listing in a reply. |
| Unspecified vulnerability in the Oracle Portal component in Oracle Application Server 10.1.2.3 and 10.1.4.2 has unknown impact and remote attack vectors, a different vulnerability than CVE-2008-2593. |
| Unspecified vulnerability in the TCP/IP support in Microsoft Windows Vista allows remote DHCP servers to cause a denial of service (hang and restart) via a crafted DHCP packet. |
| Multiple unspecified vulnerabilities in phpns before 2.1.1beta1 have unknown impact and attack vectors. |
| Unspecified vulnerability in the Oracle Portal component in Oracle Application Server 9.0.4.3, 10.1.2.3, and 10.1.4.2 has unknown impact and remote attack vectors. |
| Unspecified vulnerability in libdevinfo in Sun Solaris 10 allows local users to access files and gain privileges via unknown vectors, related to login device permissions. |
| Unspecified vulnerability in the Upgrade component in Oracle Database 10.1.0.5 and 10.2.0.3 allows remote authenticated users to affect confidentiality and integrity via unknown vectors. |
| Multiple buffer overflows in VIX API 1.1.x before 1.1.4 build 93057 on VMware Workstation 5.x and 6.x, VMware Player 1.x and 2.x, VMware ACE 2.x, VMware Server 1.x, VMware Fusion 1.x, VMware ESXi 3.5, and VMware ESX 3.0.1 through 3.5 allow guest OS users to execute arbitrary code on the host OS via unspecified vectors. |
| Unspecified vulnerability in the PeopleSoft Enterprise FMS component in Oracle PeopleSoft Enterprise and JD Edwards EnterpriseOne 8.8 SP1, 8.9 Bundle 33, and 9.0 Bundle 24 allows remote authenticated users to affect confidentiality and integrity via unknown vectors. |
