The Common Vulnerabilities and Exposures (CVE) project, maintained by the MITRE Corporation, is a list of all standardized names for vulnerabilities and security exposures.
| ID | Description | Priority | Modified date |
|---|---|---|---|
| CVE-2018-12045 | DedeCMS through V5.7SP2 allows arbitrary file upload in dede/file_manage_control.php via a dede/file_manage_view.php?fmdo=upload request with an upfile1 parameter, as demonstrated by uploading a .php file. | HIGH | Jun 7, 2018 |
| CVE-2019-8362 | DedeCMS through V5.7SP2 allows arbitrary file upload in dede/album_edit.php or dede/album_add.php, as demonstrated by a dede/album_edit.php?dopost=save&formzip=1 request with a ZIP archive that contains a file such as \"1.jpg.php\" (because input validation only checks that .jpg, .png, or .gif is present as a substring, and does not otherwise check the file name or content). | MEDIUM | Mar 20, 2019 |
| CVE-2018-12046 | DedeCMS through 5.7SP2 allows arbitrary file write in dede/file_manage_control.php via a dede/file_manage_view.php?fmdo=newfile request with name and str parameters, as demonstrated by writing to a new .php file. | MEDIUM | Jun 7, 2018 |
| CVE-2017-17730 | DedeCMS through 5.7 has SQL Injection via the logo parameter to plus/flink_add.php. | HIGH | Dec 18, 2017 |
| CVE-2017-17731 | DedeCMS through 5.7 has SQL Injection via the $_FILES superglobal to plus/recommend.php. | HIGH | Dec 18, 2017 |
| CVE-2017-17727 | DedeCMS through 5.6 allows arbitrary file upload and PHP code execution by embedding the PHP code in a .jpg file, which is used in the templet parameter to member/article_edit.php. | MEDIUM | Dec 18, 2017 |
| CVE-2022-46442 | dedecms <=V5.7.102 is vulnerable to SQL Injection. In sys_ sql_ n query.php there are no restrictions on the sql query. | -- | Dec 28, 2022 |
| CVE-2022-40886 | DedeCMS 5.7.98 has a file upload vulnerability in the background. | -- | Oct 4, 2022 |
| CVE-2024-22895 | DedeCMS 5.7.112 has a File Upload vulnerability via uploads/dede/module_upload.php. | -- | Jan 22, 2024 |
| CVE-2023-40784 | DedeCMS 5.7.102 has a File Upload vulnerability via uploads/dede/module_make.php. | -- | Sep 12, 2023 |
| CVE-2018-19061 | DedeCMS 5.7 SP2 has SQL Injection via the dede\\co_do.php ids parameter. | HIGH | Nov 7, 2018 |
| CVE-2018-18578 | DedeCMS 5.7 SP2 allows XSS via the plus/qrcode.php type parameter. | MEDIUM | Oct 22, 2018 |
| CVE-2018-18608 | DedeCMS 5.7 SP2 allows XSS via the function named GetPageList defined in the include/datalistcp.class.php file that is used to display the page numbers list at the bottom of some templates, as demonstrated by the PATH_INFO to /member/index.php, /member/pm.php, /member/content_list.php, or /plus/feedback.php. | MEDIUM | Oct 23, 2018 |
| CVE-2018-18781 | DedeCMS 5.7 SP2 allows XSS via the /member/uploads_select.php f or keyword parameter. | MEDIUM | Oct 29, 2018 |
| CVE-2018-16786 | DedeCMS 5.7 SP2 allows XSS via an onhashchange attribute in the msg parameter to /plus/feedback_ajax.php. | MEDIUM | Sep 21, 2018 |
| CVE-2018-16784 | DedeCMS 5.7 SP2 allows XML injection, and resultant remote code execution, via a <file type='file' name='../ substring. | MEDIUM | Sep 21, 2018 |
| CVE-2018-7700 | DedeCMS 5.7 has CSRF with an impact of arbitrary code execution, because the partcode parameter in a tag_test_action.php request can specify a runphp field in conjunction with PHP code. | MEDIUM | Mar 27, 2018 |
| CVE-2018-9175 | DedeCMS 5.7 allows remote attackers to execute arbitrary PHP code via the egroup parameter to uploads/dede/stepselect_main.php because code within the database is accessible to uploads/dede/sys_cache_up.php. | HIGH | Apr 1, 2018 |
| CVE-2018-6910 | DedeCMS 5.7 allows remote attackers to discover the full path via a direct request for include/downmix.inc.php or inc/inc_archives_functions.php. | MEDIUM | Feb 13, 2018 |
| CVE-2022-44118 | dedecmdv6 v6.1.9 is vulnerable to Remote Code Execution (RCE) via file_manage_control.php. | -- | Nov 24, 2022 |
| CVE-2022-43196 | dedecmdv6 v6.1.9 is vulnerable to Arbitrary file deletion via file_manage_control.php. | -- | Nov 24, 2022 |
| CVE-2022-44120 | dedecmdv6 6.1.9 is vulnerable to SQL Injection. via sys_sql_query.php. | -- | Nov 24, 2022 |
| CVE-2023-43234 | DedeBIZ v6.2.11 was discovered to contain multiple remote code execution (RCE) vulnerabilities at /admin/file_manage_control.php via the $activepath and $filename parameters. | -- | Sep 29, 2023 |
| CVE-2022-36215 | DedeBIZ v6 was discovered to contain a remote code execution vulnerability in sys_info.php. | -- | Aug 19, 2022 |
| CVE-2023-49355 | decToString in decNumber/decNumber.c in jq 88f01a7 has a one-byte out-of-bounds write via the []-1.2e-1111111111 input. NOTE: this is not the same as CVE-2023-50246. The CVE-2023-50246 71c2ab5 reference mentions -10E-1000010001, which is not in normalized scientific notation. | -- | Dec 11, 2023 |
| CVE-2024-31206 | dectalk-tts is a Node package to interact with the aeiou Dectalk web API. In `dectalk-tts@1.0.0`, network requests to the third-party API are sent over HTTP, which is unencrypted. Unencrypted traffic can be easily intercepted and modified by attackers. Anyone who uses the package could be the victim of a man-in-the-middle (MITM) attack. The network request was upgraded to HTTPS in version `1.0.1`. There are no workarounds, but some precautions include not sending any sensitive information and carefully verifying the API response before saving it. | -- | Apr 5, 2024 |
| CVE-2018-12372 | Decrypted S/MIME parts, when included in HTML crafted for an attack, can leak plaintext when included in a a HTML reply/forward. This vulnerability affects Thunderbird < 52.9. | MEDIUM | Oct 18, 2018 |
| CVE-2021-28831 | decompress_gunzip.c in BusyBox through 1.32.1 mishandles the error bit on the huft_build result pointer, with a resultant invalid free or segmentation fault, via malformed gzip data. | MEDIUM | Mar 19, 2021 |
| CVE-2022-23435 | decoding.c in android-gif-drawable before 1.2.24 does not limit the maximum length of a comment, leading to denial of service. | MEDIUM | Jan 19, 2022 |
| CVE-2017-14939 | decode_line_info in dwarf2.c in the Binary File Descriptor (BFD) library (aka libbfd), as distributed in GNU Binutils 2.29, mishandles a length calculation, which allows remote attackers to cause a denial of service (heap-based buffer over-read and application crash) via a crafted ELF file, related to read_1_byte. | Medium | Oct 3, 2017 |
| CVE-2017-14932 | decode_line_info in dwarf2.c in the Binary File Descriptor (BFD) library (aka libbfd), as distributed in GNU Binutils 2.29, allows remote attackers to cause a denial of service (infinite loop) via a crafted ELF file. | Medium | Oct 3, 2017 |
| CVE-2017-15025 | decode_line_info in dwarf2.c in the Binary File Descriptor (BFD) library (aka libbfd), as distributed in GNU Binutils 2.29, allows remote attackers to cause a denial of service (divide-by-zero error and application crash) via a crafted ELF file. | MEDIUM | Oct 4, 2017 |
| CVE-2020-35965 | decode_frame in libavcodec/exr.c in FFmpeg 4.3.1 has an out-of-bounds write because of errors in calculations of when to perform memset zero operations. | MEDIUM | Jan 5, 2021 |
| CVE-2016-0835 | decoder/impeg2d_dec_hdr.c in mediaserver in Android 6.x before 2016-04-01 allows remote attackers to execute arbitrary code or cause a denial of service (memory corruption) via a crafted media file that triggers a certain negative value, aka internal bug 26070014. | HIGH | Apr 20, 2016 |
| CVE-2016-3765 | decoder/impeg2d_bitstream.c in mediaserver in Android 6.x before 2016-07-01 allows attackers to obtain sensitive information from process memory or cause a denial of service (out-of-bounds read) via a crafted application, aka internal bug 28168413. | MEDIUM | Jul 12, 2016 |
| CVE-2016-3742 | decoder/ih264d_process_intra_mb.c in mediaserver in Android 6.x before 2016-07-01 mishandles intra mode, which allows remote attackers to execute arbitrary code or cause a denial of service (memory corruption) via a crafted media file, aka internal bug 28165659. | HIGH | Jul 11, 2016 |
| CVE-2016-3755 | decoder/ih264d_parse_pslice.c in mediaserver in Android 6.x before 2016-07-01 does not properly select concealment frames, which allows remote attackers to cause a denial of service (device hang or reboot) via a crafted media file, aka internal bug 28470138. | HIGH | Jul 11, 2016 |
| CVE-2016-3878 | decoder/ih264d_api.c in mediaserver in Android 6.x before 2016-09-01 mishandles the case of decoding zero MBs, which allows remote attackers to cause a denial of service (device hang or reboot) via a crafted media file, aka internal bug 29493002. | HIGH | Sep 12, 2016 |
| CVE-2016-3828 | decoder/ih264d_api.c in mediaserver in Android 6.x before 2016-08-01 mishandles invalid PPS and SPS NAL units, which allows remote attackers to cause a denial of service (device hang or reboot) via a crafted media file, aka internal bug 28835995. | HIGH | Aug 10, 2016 |
| CVE-2016-3743 | decoder/ih264d_api.c in mediaserver in Android 6.x before 2016-07-01 does not initialize certain data structures, which allows remote attackers to execute arbitrary code or cause a denial of service (memory corruption) via a crafted media file, aka internal bug 27907656. | HIGH | Jul 11, 2016 |
| CVE-2022-38900 | decode-uri-component 0.2.0 is vulnerable to Improper Input Validation resulting in DoS. | -- | Dec 1, 2022 |
| CVE-2023-40193 | Deco M4 firmware versions prior to \'Deco M4(JP)_V2_1.5.8 Build 20230619\' allows a network-adjacent authenticated attacker to execute arbitrary OS commands. | -- | Sep 7, 2023 |
| CVE-2021-37631 | Deck is an open source kanban style organization tool aimed at personal planning and project organization for teams integrated with Nextcloud. In affected versions the Deck application didn\'t properly check membership of users in a Circle. This allowed other users in the instance to gain access to boards that have been shared with a Circle, even if the user was not a member of the circle. It is recommended that Nextcloud Deck is upgraded to 1.5.1, 1.4.4 or 1.2.9. If you are unable to update it is advised to disable the Deck plugin. | -- | Sep 8, 2021 |
| CVE-2023-22469 | Deck is a kanban style organization tool aimed at personal planning and project organization for teams integrated with Nextcloud. When getting the reference preview for Deck cards the user has no access to, unauthorized user could eventually get the cached data of a user that has access. There are currently no known workarounds. It is recommended that the Nextcloud app Deck is upgraded to 1.8.2. | -- | Jan 14, 2023 |
| CVE-2023-22472 | Deck is a kanban style organization tool aimed at personal planning and project organization for teams integrated with Nextcloud. It is possible to make a user send any POST request with an arbitrary body given they click on a malicious deep link on a Windows computer. (e.g. in an email, chat link, etc). There are currently no known workarounds. It is recommended that the Nextcloud Desktop client is upgraded to 3.6.2. | -- | Jan 13, 2023 |
| CVE-2024-22213 | Deck is a kanban style organization tool aimed at personal planning and project organization for teams integrated with Nextcloud. In affected versions users could be tricked into executing malicious code that would execute in their browser via HTML sent as a comment. It is recommended that the Nextcloud Deck is upgraded to version 1.9.5 or 1.11.2. There are no known workarounds for this vulnerability. | -- | Jan 18, 2024 |
| CVE-2023-22471 | Deck is a kanban style organization tool aimed at personal planning and project organization for teams integrated with Nextcloud. Broken access control allows a user to delete attachments of other users. There are currently no known workarounds. It is recommended that the Nextcloud Deck app is upgraded to 1.6.5 or 1.7.3 or 1.8.2. | -- | Jan 14, 2023 |
| CVE-2023-27152 | DECISO OPNsense 23.1 does not impose rate limits for authentication, allowing attackers to perform a brute-force attack to bypass authentication. | -- | Oct 24, 2023 |
| CVE-2023-48220 | Decidim is a participatory democracy framework. Starting in version 0.4.rc3 and prior to version 2.0.9 of the `devise_invitable` gem, the invites feature allows users to accept the invitation for an unlimited amount of time through the password reset functionality. This issue creates vulnerable dependencies starting in version 0.0.1.alpha3 and prior to versions 0.26.9, 0.27.5, and 0.28.0 of the `decidim,` `decidim-admin`, and `decidim-system` gems. When using the password reset functionality, the `devise_invitable` gem always accepts the pending invitation if the user has been invited. The only check done is if the user has been invited but the code does not ensure that the pending invitation is still valid as defined by the `invite_for` expiry period. Decidim sets this configuration to `2.weeks` so this configuration should be respected. The bug is in the `devise_invitable` gem and should be fixed there and the dependency should be upgraded in Decidim once the fix becomes available. `devise_invitable` to version `2.0.9` and above fix this issue. Versions 0.26.9, 0.27.5, and 0.28.0 of the `decidim,` `decidim-admin`, and `decidim-system` gems contain this fix. As a workaround, invitations can be cancelled directly from the database. | -- | Feb 20, 2024 |
| CVE-2023-51447 | Decidim is a participatory democracy framework. Starting in version 0.27.0 and prior to versions 0.27.5 and 0.28.0, the dynamic file upload feature is subject to potential cross-site scripting attacks in case the attacker manages to modify the file names of the records being uploaded to the server. This appears in sections where the user controls the file upload dialogs themselves and has the technical knowledge to change the file names through the dynamic upload endpoint. Therefore I believe it would require the attacker to control the whole session of the particular user but in any case, this needs to be fixed. Successful exploit of this vulnerability would require the user to have successfully uploaded a file blob to the server with a malicious file name and then have the possibility to direct the other user to the edit page of the record where the attachment is attached. The users are able to craft the direct upload requests themselves controlling the file name that gets stored to the database. The attacker is able to change the filename e.g. to `<svg onload=alert(\'XSS\')>` if they know how to craft these requests themselves. And then enter the returned blob ID to the form inputs manually by modifying the edit page source. Versions 0.27.5 and 0.28.0 contain a patch for this issue. As a workaround, disable dynamic uploads for the instance, e.g. from proposals. | -- | Feb 20, 2024 |
