Show filters
99 Total Results
Displaying 31-40 of 99
Sort by:
Attacker Value
Unknown
CVE-2020-27374
Disclosure Date: April 07, 2022 (last updated October 07, 2023)
Dr Trust USA iCheck Connect BP Monitor BP Testing 118 1.2.1 is vulnerable to a Replay Attack to BP Monitoring.
0
Attacker Value
Unknown
CVE-2020-27373
Disclosure Date: April 07, 2022 (last updated October 07, 2023)
Dr Trust USA iCheck Connect BP Monitor BP Testing 118 1.2.1 is vulnerable to Plain text command over BLE.
0
Attacker Value
Unknown
CVE-2021-24926
Disclosure Date: February 01, 2022 (last updated October 07, 2023)
The Domain Check WordPress plugin before 1.0.17 does not sanitise and escape the domain parameter before outputting it back in the page, leading to a Reflected Cross-Site Scripting issue
0
Attacker Value
Unknown
CVE-2022-0129
Disclosure Date: January 11, 2022 (last updated October 07, 2023)
Uncontrolled search path element vulnerability in McAfee TechCheck prior to 4.0.0.2 allows a local administrator to load their own Dynamic Link Library (DLL) gaining elevation of privileges to system user. This was achieved through placing the malicious DLL in the same directory that the process was run from.
0
Attacker Value
Unknown
CVE-2021-24908
Disclosure Date: November 29, 2021 (last updated October 07, 2023)
The Check & Log Email WordPress plugin before 1.0.4 does not escape the d parameter before outputting it back in an attribute, leading to a Reflected Cross-Site Scripting
0
Attacker Value
Unknown
CVE-2021-43577
Disclosure Date: November 12, 2021 (last updated October 25, 2023)
Jenkins OWASP Dependency-Check Plugin 5.1.1 and earlier does not configure its XML parser to prevent XML external entity (XXE) attacks.
0
Attacker Value
Unknown
CVE-2021-24774
Disclosure Date: October 25, 2021 (last updated November 28, 2024)
The Check & Log Email WordPress plugin before 1.0.3 does not validate and escape the "order" and "orderby" GET parameters before using them in a SQL statement when viewing logs, leading to SQL injections issues
0
Attacker Value
Unknown
CVE-2021-42257
Disclosure Date: October 11, 2021 (last updated November 14, 2023)
check_smart before 6.9.1 allows unintended drive access by an unprivileged user because it only checks for a substring match of a device path (the /dev/bus substring and a number), aka an unanchored regular expression.
0
Attacker Value
Unknown
CVE-2021-3803
Disclosure Date: September 17, 2021 (last updated November 28, 2024)
nth-check is vulnerable to Inefficient Regular Expression Complexity
0
Attacker Value
Unknown
CVE-2021-32724
Disclosure Date: September 09, 2021 (last updated November 28, 2024)
check-spelling is a github action which provides CI spell checking. In affected versions and for a repository with the [check-spelling action](https://github.com/marketplace/actions/check-spelling) enabled that triggers on `pull_request_target` (or `schedule`), an attacker can send a crafted Pull Request that causes a `GITHUB_TOKEN` to be exposed. With the `GITHUB_TOKEN`, it's possible to push commits to the repository bypassing standard approval processes. Commits to the repository could then steal any/all secrets available to the repository. As a workaround users may can either: [Disable the workflow](https://docs.github.com/en/actions/managing-workflow-runs/disabling-and-enabling-a-workflow) until you've fixed all branches or Set repository to [Allow specific actions](https://docs.github.com/en/github/administering-a-repository/managing-repository-settings/disabling-or-limiting-github-actions-for-a-repository#allowing-specific-actions-to-run). check-spelling isn't a verified creato…
0