CVE-2024-37051 - GitHub access token could be exposed to third-party sites in JetBrains IDEs after version 2023.1 and less than: IntelliJ IDEA 2023.1.7, 2023.2.7, 2023.3.7, 2024.1.3, 2024.2 EAP3; Aqua 2024.1.2; CLion 2023.1.7, 2023.2.4, 2023.3.5, 2024.1.3, 2024.2 ...
1 year ago Tenable.com
CVE-2023-54258 - In the Linux kernel, the following vulnerability has been resolved: ...
2 months ago
CVE-2023-3934 - Rejected reason: Please discard this CVE, we are not using this anymore. The vulnerability turned out to be a non-security issue ...
2 years ago Tenable.com
CVE-2020-3934 - TAIWAN SECOM CO., LTD., a Door Access Control and Personnel Attendance Management system, contains a vulnerability of Pre-auth SQL Injection, allowing attackers to inject a specific SQL command. ...
4 years ago
CVE-2021-3934 - ohmyzsh is vulnerable to Improper Neutralization of Special Elements used in an OS Command ...
4 years ago
CVE-2010-3934 - The browser in Research In Motion (RIM) BlackBerry Device Software 5.0.0.593 Platform 5.1.0.147 on the BlackBerry 9700 does not properly restrict cross-domain execution of JavaScript, which allows remote attackers to bypass the Same Origin Policy via ...
15 years ago
CVE-2013-3934 - Stack-based buffer overflow in Kingsoft Writer 2012 8.1.0.3030, as used in Kingsoft Office 2013 before 9.1.0.4256, allows remote attackers to execute arbitrary code via a long font name in a WPS file. ...
12 years ago
CVE-2011-3934 - Double free vulnerability in the vp3_update_thread_context function in libavcodec/vp3.c in FFmpeg before 0.10 allows remote attackers to have an unspecified impact via crafted vp3 data. ...
12 years ago
CVE-2014-3934 - SQL injection vulnerability in the Submit_News module for PHP-Nuke 8.3 allows remote attackers to execute arbitrary SQL commands via the topics[] parameter to modules.php. ...
11 years ago
CVE-2016-3934 - drivers/media/platform/msm/camera_v2/sensor/io/msm_camera_cci_i2c.c in the Qualcomm camera driver in Android before 2016-10-05 on Nexus 5, Nexus 5X, Nexus 6, Nexus 6P, and Android One devices relies on variable-length arrays, which allows attackers ...
9 years ago
CVE-2005-3934 - Buffer overflow in Symantec pcAnywhere 11.0.1, 11.5.1, and all other 32-bit versions allows remote attackers to cause a denial of service (application crash) via unknown attack vectors. ...
8 years ago
CVE-2009-3934 - The WebFrameLoaderClient::dispatchDidChangeLocationWithinPage function in src/webkit/glue/webframeloaderclient_impl.cc in Google Chrome before 3.0.195.32 allows user-assisted remote attackers to cause a denial of service via a page-local link, ...
8 years ago
CVE-2007-3934 - PHP remote file inclusion vulnerability in postscript/postscript.php in BBS E-Market allows remote attackers to execute arbitrary PHP code via a URL in the p_mode parameter. ...
8 years ago
CVE-2017-3934 - Missing HTTP Strict Transport Security state information vulnerability in the server in McAfee Network Data Loss Prevention (NDLP) 9.3.x allows man-in-the-middle attackers to expose confidential data via read files on the webserver. ...
8 years ago
CVE-2015-3934 - Multiple SQL injection vulnerabilities in Fiyo CMS 2.0_1.9.1 allow remote attackers to execute arbitrary SQL commands via the (1) id parameter to apps/app_article/controller/rating.php or (2) user parameter to user/login. ...
8 years ago
CVE-2008-3934 - Unspecified vulnerability in Wireshark (formerly Ethereal) 0.99.6 through 1.0.2 allows attackers to cause a denial of service (crash) via a crafted Tektronix .rf5 file. ...
7 years ago
CVE-2006-3934 - Absolute path traversal vulnerability in downloadTrigger.jsp in Alkacon OpenCms before 6.2.2 allows remote authenticated users to download arbitrary files via an absolute pathname in the filePath parameter. This vulnerability is addressed in the ...
7 years ago
CVE-2019-3934 - Crestron AM-100 with firmware 1.6.0.2 and AM-101 with firmware 2.7.0.2 allows anyone to bypass the presentation code sending a crafted HTTP POST request to login.cgi. A remote, unauthenticated attacker can use this vulnerability to download the ...
5 years ago
CVE-2018-3934 - An exploitable code execution vulnerability exists in the firmware update functionality of Yi Home Camera 27US 1.8.7.0D. A specially crafted set of UDP packets can cause a logic flaw, resulting in an authentication bypass. An attacker can sniff ...
3 years ago
CVE-2022-3934 - The FlatPM WordPress plugin before 3.0.13 does not sanitise and escape some parameters before outputting them back in pages, leading to Reflected Cross-Site Scripting which could be used against high privilege users such as admin ...
3 years ago
CVE-2024-3934 - The Mercado Pago payments for WooCommerce plugin for WordPress is vulnerable to Path Traversal in versions 7.3.0 to 7.5.1 via the mercadopagoDownloadLog function. This makes it possible for authenticated attackers, with subscriber-level access and ...
1 year ago
Threat landscape for industrial automation systems. H2 2023 - In the second half of 2023, the percentage of ICS computers on which malicious objects were blocked decreased by 2.1 pp to 31.9%. Percentage of ICS computers on which malicious objects were blocked, by half year. In H2 2023, building automation once ...
1 year ago Securelist.com