CVSS: 8.8EPSS: 0%CPEs: 1EXPL: 0CVE-2022-29489 – WordPress Sucuri Security plugin <= 1.8.33 - Cross-Site Request Forgery (CSRF) vulnerability
https://notcve.org/view.php?id=CVE-2022-29489
14 Sep 2022 — Cross-Site Request Forgery (CSRF) vulnerability in Sucuri Security plugin <= 1.8.33 at WordPress leading to Event log entry creation. Una vulnerabilidad de tipo Cross-Site Request Forgery (CSRF) en el plugin de seguridad Sucuri versiones anteriores a 1.8.33 incluyéndola, en WordPress conllevando a una creación de una entrada de Registro de Eventos The Sucuri Security plugin for WordPress is vulnerable to Cross-Site Request Forgery in versions up to, and including, 1.8.33. This is due to missing or incorrect... • https://patchstack.com/database/vulnerability/sucuri-scanner/wordpress-sucuri-security-plugin-1-8-33-cross-site-request-forgery-csrf-vulnerability • CWE-352: Cross-Site Request Forgery (CSRF) •
CVSS: 5.5EPSS: 0%CPEs: 2EXPL: 0CVE-2022-37347 – Trend Micro Maximum Security Out-Of-Bounds Read Information Disclosure Vulnerability
https://notcve.org/view.php?id=CVE-2022-37347
31 Aug 2022 — Trend Micro Security 2021 and 2022 (Consumer) is vulnerable to an Out-Of-Bounds Read Information Disclosure Vulnerability that could allow an attacker to read sensitive information from other memory locations and cause a crash on an affected machine. This vulnerability is similar to, but not the same as CVE-2022-35234. Trend Micro Security versiones 2021 y 2022 (Consumer) es susceptible a una Vulnerabilidad de Divulgación de Información de Lectura Fuera de Límites que podría permitir a un atacante leer info... • https://helpcenter.trendmicro.com/en-us/article/tmka-11058 • CWE-125: Out-of-bounds Read •
CVSS: 5.5EPSS: 0%CPEs: 2EXPL: 0CVE-2022-37348 – Trend Micro Maximum Security Out-Of-Bounds Read Information Disclosure Vulnerability
https://notcve.org/view.php?id=CVE-2022-37348
31 Aug 2022 — Trend Micro Security 2021 and 2022 (Consumer) is vulnerable to an Out-Of-Bounds Read Information Disclosure Vulnerability that could allow an attacker to read sensitive information from other memory locations and cause a crash on an affected machine. This vulnerability is similar to, but not the same as CVE-2022-37347. Trend Micro Security versiones 2021 y 2022 (Consumer) es vulnerable a una Vulnerabilidad de Divulgación de Información de Lectura Fuera de Límites que podría permitir a un atacante leer infor... • https://helpcenter.trendmicro.com/en-us/article/tmka-11058 • CWE-125: Out-of-bounds Read •
CVSS: 7.8EPSS: 0%CPEs: 2EXPL: 0CVE-2022-34893 – Trend Micro Maximum Security Link Following Local Privilege Escalation Vulnerability
https://notcve.org/view.php?id=CVE-2022-34893
31 Aug 2022 — Trend Micro Security 2022 (consumer) has a link following vulnerability where an attacker with lower privileges could manipulate a mountpoint which could lead to escalation of privilege on an affected machine. Trend Micro Security versión 2022 (consumer), presenta una vulnerabilidad de tipo link following en la que un atacante con bajos privilegios podría manipular un punto de montaje que podría conllevar a una escalada de privilegios en una máquina afectada This vulnerability allows local attackers to esca... • https://helpcenter.trendmicro.com/en-us/article/tmka-11053 • CWE-59: Improper Link Resolution Before File Access ('Link Following') •
CVSS: 7.8EPSS: 0%CPEs: 15EXPL: 0CVE-2021-37851 – Local Privilege Escalation in ESET product for Windows
https://notcve.org/view.php?id=CVE-2021-37851
11 May 2022 — Local privilege escalation in Windows products of ESET allows user who is logged into the system to exploit repair feature of the installer to run malicious code with higher privileges. This issue affects: ESET, spol. s r.o. ESET NOD32 Antivirus 11.2 versions prior to 15.1.12.0. ESET, spol. s r.o. ESET Internet Security 11.2 versions prior to 15.1.12.0. • https://support.eset.com/en/ca8268 • CWE-280: Improper Handling of Insufficient Permissions or Privileges CWE-755: Improper Handling of Exceptional Conditions •
CVSS: 7.1EPSS: 0%CPEs: 15EXPL: 0CVE-2022-27167 – Arbitrary File Deletion in ESET products for Windows
https://notcve.org/view.php?id=CVE-2022-27167
10 May 2022 — Privilege escalation vulnerability in Windows products of ESET, spol. s r.o. allows attacker to exploit "Repair" and "Uninstall" features what may lead to arbitrary file deletion. This issue affects: ESET, spol. s r.o. ESET NOD32 Antivirus 11.2 versions prior to 15.1.12.0. ESET, spol. s r.o. ESET Internet Security 11.2 versions prior to 15.1.12.0. • https://support.eset.com/en/ca8268 • CWE-280: Improper Handling of Insufficient Permissions or Privileges CWE-755: Improper Handling of Exceptional Conditions •
CVSS: 5.5EPSS: 0%CPEs: 14EXPL: 0CVE-2020-26941
https://notcve.org/view.php?id=CVE-2020-26941
21 Jan 2021 — A local (authenticated) low-privileged user can exploit a behavior in an ESET installer to achieve arbitrary file overwrite (deletion) of any file via a symlink, due to insecure permissions. The possibility of exploiting this vulnerability is limited and can only take place during the installation phase of ESET products. Furthermore, exploitation can only succeed when Self-Defense is disabled. Affected products are: ESET NOD32 Antivirus, ESET Internet Security, ESET Smart Security, ESET Smart Security Premi... • https://support.eset.com/en/ca7794-local-privilege-escalation-vulnerability-fixed-in-eset-products-for-windows • CWE-276: Incorrect Default Permissions •
CVSS: 7.2EPSS: 49%CPEs: 1EXPL: 3CVE-2018-12636 – iThemes Security <= 7.0.2 - Authenticated SQL Injection
https://notcve.org/view.php?id=CVE-2018-12636
22 Jun 2018 — The iThemes Security (better-wp-security) plugin before 7.0.3 for WordPress allows SQL Injection (by attackers with Admin privileges) via the logs page. El plugin iThemes Security (better-wp-security) en versiones anteriores a la 7.0.3 para WordPress permite la inyección SQL (por atacantes con privilegios Admin) mediante la página de logs. WordPress iThemes Security plugin versions prior to 7.0.3 suffer from a remote SQL injection vulnerability. • https://packetstorm.news/files/id/148294 • CWE-89: Improper Neutralization of Special Elements used in an SQL Command ('SQL Injection') •
CVSS: 7.5EPSS: 0%CPEs: 1EXPL: 0CVE-2018-7433 – iThemes Security <= 6.9.0 - Cross-Site Scripting
https://notcve.org/view.php?id=CVE-2018-7433
02 Mar 2018 — The iThemes Security plugin before 6.9.1 for WordPress does not properly perform data escaping for the logs page. El plugin iThemes Security, en versiones anteriores a la 6.9.1, para WordPress no realiza correctamente el escapado de datos para la página de logs. • https://wordpress.org/plugins/better-wp-security/#developers • CWE-79: Improper Neutralization of Input During Web Page Generation ('Cross-site Scripting') CWE-532: Insertion of Sensitive Information into Log File •