| CVE |
Vendors |
Products |
Updated |
CVSS v3.1 |
| Server-Side Request Forgery (SSRF) vulnerability in Md Yeasin Ul Haider URL Shortener exact-links allows Server Side Request Forgery.This issue affects URL Shortener: from n/a through <= 3.0.7. |
| Cross-Site Request Forgery (CSRF) vulnerability in mangup Personal Favicon personal-favicon allows Stored XSS.This issue affects Personal Favicon: from n/a through <= 2.0. |
| Cross-Site Request Forgery (CSRF) vulnerability in dilemma123 Recent Posts Slider Responsive recent-posts-slider-responsive allows Stored XSS.This issue affects Recent Posts Slider Responsive: from n/a through <= 1.0.1. |
| Improper Neutralization of Special Elements used in an SQL Command ('SQL Injection') vulnerability in Steve Truman Contact Us page - Contact people LITE contact-us-page-contact-people allows SQL Injection.This issue affects Contact Us page - Contact people LITE: from n/a through <= 3.7.4. |
| In the Linux kernel, the following vulnerability has been resolved:
scsi: pm80xx: Fix array-index-out-of-of-bounds on rmmod
Since commit f7b705c238d1 ("scsi: pm80xx: Set phy_attached to zero when
device is gone") UBSAN reports:
UBSAN: array-index-out-of-bounds in drivers/scsi/pm8001/pm8001_sas.c:786:17
index 28 is out of range for type 'pm8001_phy [16]'
on rmmod when using an expander.
For a direct attached device, attached_phy contains the local phy id.
For a device behind an expander, attached_phy contains the remote phy
id, not the local phy id.
I.e. while pm8001_ha will have pm8001_ha->chip->n_phy local phys, for a
device behind an expander, attached_phy can be much larger than
pm8001_ha->chip->n_phy (depending on the amount of phys of the
expander).
E.g. on my system pm8001_ha has 8 phys with phy ids 0-7. One of the
ports has an expander connected. The expander has 31 phys with phy ids
0-30.
The pm8001_ha->phy array only contains the phys of the HBA. It does not
contain the phys of the expander. Thus, it is wrong to use attached_phy
to index the pm8001_ha->phy array for a device behind an expander.
Thus, we can only clear phy_attached for devices that are directly
attached. |
| Improper Neutralization of Input During Web Page Generation ('Cross-site Scripting') vulnerability in Vladimir Prelovac WP Wall wp-wall allows Reflected XSS.This issue affects WP Wall: from n/a through <= 1.7.3. |
| Improper Neutralization of Special Elements used in an SQL Command ('SQL Injection') vulnerability in cybio Gallery Widget gallery-widget allows SQL Injection.This issue affects Gallery Widget: from n/a through <= 1.2.1. |
| Due to insufficient input parameter validation on the interface, authenticated users of certain HIKSEMI NAS products can execute arbitrary commands on the device by crafting specific messages. |
| Due to inadequate access control, authenticated users of certain HIKSEMI NAS products can manipulate other users' file resources without proper authorization. |
| Deserialization of Untrusted Data vulnerability in pep.vn WP Optimize By xTraffic wp-optimize-by-xtraffic allows Object Injection.This issue affects WP Optimize By xTraffic: from n/a through <= 5.1.6. |
| Improper Neutralization of Special Elements used in an SQL Command ('SQL Injection') vulnerability in Suhas Surse WP Employee Attendance System wp-employee-attendance-system allows Blind SQL Injection.This issue affects WP Employee Attendance System: from n/a through <= 3.5. |
| Path Traversal: '.../...//' vulnerability in AA-Team Pro Bulk Watermark Plugin for WordPress allows Path Traversal.This issue affects Pro Bulk Watermark Plugin for WordPress: from n/a through 2.0. |
| Improper Neutralization of Input During Web Page Generation ('Cross-site Scripting') vulnerability in redqteam Alike - WordPress Custom Post Comparison alike allows Reflected XSS.This issue affects Alike - WordPress Custom Post Comparison: from n/a through <= 3.0.1. |
| Improper Neutralization of Input During Web Page Generation ('Cross-site Scripting') vulnerability in Hung Trang Si SB Breadcrumbs sb-breadcrumbs allows Reflected XSS.This issue affects SB Breadcrumbs: from n/a through <= 1.0. |
| Missing Authorization vulnerability in Elastic Email Elastic Email Subscribe Form elastic-email-subscribe-form allows Exploiting Incorrectly Configured Access Control Security Levels.This issue affects Elastic Email Subscribe Form: from n/a through <= 1.2.2. |
| Improper Limitation of a Pathname to a Restricted Directory ('Path Traversal') vulnerability in machouinard Aviation Weather from NOAA aviation-weather-from-noaa allows Path Traversal.This issue affects Aviation Weather from NOAA: from n/a through <= 0.7.2. |
| Server-Side Request Forgery (SSRF) vulnerability in PressForward PressForward pressforward allows Server Side Request Forgery.This issue affects PressForward: from n/a through <= 5.9.5. |
| Improper Control of Filename for Include/Require Statement in PHP Program ('PHP Remote File Inclusion') vulnerability in snstheme Evon snsevon allows PHP Local File Inclusion.This issue affects Evon: from n/a through <= 3.4. |
| Missing Authorization vulnerability in viralloops Viral Loops WP Integration viral-loops-wp-integration allows Exploiting Incorrectly Configured Access Control Security Levels.This issue affects Viral Loops WP Integration: from n/a through <= 3.8.1. |
| Dell Avamar Server and Avamar Virtual Edition, versions prior to 19.10 SP1 with CHF338912, contain an Improper Limitation of a Pathname to a Restricted Directory ('Path Traversal') vulnerability in the Security. A high privileged attacker with remote access could potentially exploit this vulnerability, leading to arbitrary file delete. |
