| CVE |
Vendors |
Products |
Updated |
CVSS v3.1 |
| The Post Indexer plugin before 3.0.6.2 for WordPress has incorrect handling of data passed to the unserialize function. |
| The Post Indexer plugin before 3.0.6.2 for WordPress has SQL injection via the period parameter by a super admin. |
| The wp-d3 plugin before 2.4.1 for WordPress has CSRF. |
| The PageLines theme 1.1.4 for WordPress has wp-admin/admin-post.php?page=pagelines CSRF. |
| The multisite-post-duplicator plugin before 1.1.3 for WordPress has wp-admin/tools.php?page=mpd CSRF. |
| The zx-csv-upload plugin 1 for WordPress has SQL injection via the id parameter. |
| The zm-gallery plugin 1.0 for WordPress has SQL injection via the order parameter. |
| The xtremelocator plugin 1.5 for WordPress has SQL injection via the id parameter. |
| IMAPFilter through 2.6.12 does not validate the hostname in an SSL certificate. |
| An issue was discovered in drivers/net/ethernet/arc/emac_main.c in the Linux kernel before 4.5. A use-after-free is caused by a race condition between the functions arc_emac_tx and arc_emac_tx_clean. |
| An issue was discovered in fs/gfs2/rgrp.c in the Linux kernel before 4.8. A use-after-free is caused by the functions gfs2_clear_rgrpd and read_rindex_entry. |
| The simple-membership plugin before 3.3.3 for WordPress has multiple CSRF issues. |
| The wp-database-backup plugin before 4.3.3 for WordPress has CSRF. |
| edx-platform before 2016-06-06 allows CSRF. |
| hostapd before 2.6 does not prevent use of the low-quality PRNG that is reached by an os_random() function call. |
| jQuery 3.0.0-rc.1 is vulnerable to Denial of Service (DoS) due to removing a logic that lowercased attribute names. Any attribute getter using a mixed-cased name for boolean attributes goes into an infinite recursion, exceeding the stack call limit. |
| openframe-ascii-image module is an openframe plugin which adds support for ascii images via fim. openframe-ascii-image downloads resources over HTTP, which leaves it vulnerable to MITM attacks. It may be possible to cause remote code execution (RCE) by swapping out the requested resources with an attacker controlled copy if the attacker is on the network or positioned in between the user and the remote server. |
| Haxe 3 : The Cross-Platform Toolkit (a fork from David Mouton's damoebius/haxe-npm) haxe3 downloads resources over HTTP, which leaves it vulnerable to MITM attacks. It may be possible to cause remote code execution (RCE) by swapping out the requested resources with an attacker controlled copy if the attacker is on the network or positioned in between the user and the remote server. |
| adamvr-geoip-lite is a light weight native JavaScript implementation of GeoIP API from MaxMind adamvr-geoip-lite downloads geoip resources over HTTP, which leaves it vulnerable to MITM attacks. This impacts the integrity and availability of this geoip data that may alter the decisions made by an application using this data. |
| wixtoolset is a Node module wrapper around the wixtoolset binaries wixtoolset downloads binary resources over HTTP, which leaves it vulnerable to MITM attacks. It may be possible to cause remote code execution (RCE) by swapping out the requested resources with an attacker controlled copy if the attacker is on the network or positioned in between the user and the remote server. |
