CVE-2022-3860

CVE-2024-26625 - In the Linux kernel, the following vulnerability has been resolved: ...
8 months ago

CVE-2022-3860 - The Visual Email Designer for WooCommerce WordPress plugin before 1.7.2 does not properly sanitise and escape a parameter before using it in a SQL statement, leading to a SQL injection exploitable by users with a role as low as author. ...
1 year ago

CVE-2008-5011 - Multiple cross-site scripting (XSS) vulnerabilities in IBM Lotus Quickr 8.1 before 8.1.0.2 services for Lotus Domino allow remote attackers to inject arbitrary web script or HTML via unspecified vectors, possibly related to qpconfig_sample.xml, aka ...
7 years ago

CVE-2008-3860 - Multiple cross-site scripting (XSS) vulnerabilities (1) in the WYSIWYG editors, (2) during local group creation, (3) during HTML redirects, (4) in the HTML import, (5) in the Rich text editor, and (6) in link-page in IBM Lotus Quickr 8.1 services for ...
7 years ago

CVE-2018-3860 - An exploitable out-of-bounds write exists in the TIFF parsing functionality of Canvas Draw version 4.0.0. A specially crafted TIFF image processed via the application can lead to an out-of-bounds write, overwriting arbitrary data. An attacker can ...
1 year ago

CVE-2018-3859 - An exploitable out-of-bounds write exists in the TIFF parsing functionality of Canvas Draw version 4.0.0. A specially crafted TIFF image processed via the application can lead to an out-of-bounds write, overwriting arbitrary data. An attacker can ...
1 year ago

CVE-2021-3860 - JFrog Artifactory before 7.25.4 (Enterprise+ deployments only), is vulnerable to Blind SQL Injection by a low privileged authenticated user due to incomplete validation when performing an SQL query. ...
8 months ago

CVE-2011-3860 - Cross-site scripting (XSS) vulnerability in the Cover WP theme before 1.6.6 for WordPress allows remote attackers to inject arbitrary web script or HTML via the s parameter. ...
13 years ago

CVE-2010-3860 - IcedTea 1.7.x before 1.7.6, 1.8.x before 1.8.3, and 1.9.x before 1.9.2, as based on OpenJDK 6, declares multiple sensitive variables as public, which allows remote attackers to obtain sensitive information including (1) user.name, (2) user.home, and ...
10 years ago

CVE-2015-3860 - packages/Keyguard/res/layout/keyguard_password_view.xml in Lockscreen in Android 5.x before 5.1.1 LMY48M does not restrict the number of characters in the passwordEntry input field, which allows physically proximate attackers to bypass intended ...
9 years ago

CVE-2016-3860 - sound/soc/msm/qdsp6v2/audio_calibration.c in the Qualcomm sound driver in Android before 2016-10-05 on Nexus 5X, Nexus 6P, and Android One devices allows attackers to obtain sensitive information via a crafted application, aka Android internal bug ...
7 years ago

CVE-2017-3860 - Multiple vulnerabilities in the EnergyWise module of Cisco IOS (12.2 and 15.0 through 15.6) and Cisco IOS XE (3.2 through 3.18) could allow an unauthenticated, remote attacker to cause a buffer overflow condition or a reload of an affected device, ...
7 years ago

CVE-2009-3860 - Multiple insecure method vulnerabilities in Idefense Labs COMRaider allow remote attackers to create or overwrite arbitrary files via the (1) CreateFolder and (2) Copy methods. NOTE: this might only be a vulnerability in certain insecure ...
6 years ago

CVE-2013-3860 - Microsoft .NET Framework 2.0 SP2, 3.5, 3.5 SP1, 3.5.1, 4, and 4.5 does not properly parse a DTD during XML digital-signature validation, which allows remote attackers to cause a denial of service (application crash or hang) via a crafted signed XML ...
6 years ago

CVE-2007-3860 - Unspecified vulnerability in Oracle Application Express (formerly Oracle HTML DB) 2.2.0.00.32 up to 3.0.0.00.20 allows developers to have an unknown impact via unknown attack vectors, aka APEX01. NOTE: a reliable researcher states that this is SQL ...
6 years ago

CVE-2006-3860 - IBM Informix Dynamic Server (IDS) before 9.40.xC7 and 10.00 before 10.00.xC3 allows allows remote authenticated users to execute arbitrary commands via the (1) "SET DEBUG FILE" SQL command, and the (2) start_onpload and (3) dbexp functions. ...
6 years ago

CVE-2005-3860 - PHP remote file inclusion vulnerability in athena.php in Oliver May Athena PHP Website Administration 0.1a allows remote attackers to execute arbitrary PHP code via a URL in the athena_dir parameter. ...
6 years ago

CVE-2019-3860 - An out of bounds read flaw was discovered in libssh2 before 1.8.1 in the way SFTP packets with empty payloads are parsed. A remote attacker who compromises a SSH server may be able to cause a Denial of Service or read data in the client memory. ...
5 years ago

CVE-2019-7690 - In MobaTek MobaXterm Personal Edition v11.1 Build 3860, the SSH private key and its password can be retrieved from process memory for the lifetime of the process, even after the user disconnects from the remote SSH server. This affects Passwordless ...
5 years ago

CVE-2014-3860 - Xilisoft Video Converter Ultimate 7.8.1 build-20140505 has a DLL Hijacking vulnerability ...
4 years ago

CVE-2020-3860 - A memory corruption issue was addressed with improved input validation. This issue is fixed in iOS 13.3.1 and iPadOS 13.3.1, watchOS 6.1.2. An application may be able to execute arbitrary code with kernel privileges. ...
3 years ago

CVE-2023-3860 - A vulnerability was found in phpscriptpoint Insurance 1.2. It has been classified as problematic. Affected is an unknown function of the file /page.php. The manipulation leads to cross site scripting. It is possible to launch the attack remotely. The ...
1 year ago

CVE-2024-3860 - An out-of-memory condition during object initialization could result in an empty shape list. If the JIT subsequently traced the object it would crash. This vulnerability affects Firefox < 125. ...
6 months ago Tenable.com

CVE-2024-26865 - In the Linux kernel, the following vulnerability has been resolved: ...
6 months ago

CVE-2024-26857 - In the Linux kernel, the following vulnerability has been resolved: ...
6 months ago