The Common Vulnerabilities and Exposures (CVE) project, maintained by the MITRE Corporation, is a list of all standardized names for vulnerabilities and security exposures.
ID | Description | Priority | Modified date | Fixed Release |
---|---|---|---|---|
CVE-2018-15498 | YSoft SafeQ Server 6 allows a replay attack. | -- | Mar 27, 2019 | n/a |
CVE-2023-35934 | yt-dlp is a command-line program to download videos from video sites. During file downloads, yt-dlp or the external downloaders that yt-dlp employs may leak cookies on HTTP redirects to a different host, or leak them when the host for download fragments differs from their parent manifest\'s host. This vulnerable behavior is present in yt-dlp prior to 2023.07.06 and nightly 2023.07.06.185519. All native and external downloaders are affected, except for `curl` and `httpie` (version 3.1.0 or later). At the file download stage, all cookies are passed by yt-dlp to the file downloader as a `Cookie` header, thereby losing their scope. This also occurs in yt-dlp\'s info JSON output, which may be used by external tools. As a result, the downloader or external tool may indiscriminately send cookies with requests to domains or paths for which the cookies are not scoped. yt-dlp version 2023.07.06 and nightly 2023.07.06.185519 fix this issue by removing the `Cookie` header upon HTTP redirects; having native downloaders calculate the `Cookie` header from the cookiejar, utilizing external downloaders\' built-in support for cookies instead of passing them as header arguments, disabling HTTP redirectiong if the external downloader does not have proper cookie support, processing cookies passed as HTTP headers to limit their scope, and having a separate field for cookies in the info dict storing more information about scoping Some workarounds are available for those who are unable to upgrade. Avoid using cookies and user authentication methods. While extractors may set custom cookies, these usually do not contain sensitive information. Alternatively, avoid using `--load-info-json`. Or, if authentication is a must: verify the integrity of download links from unknown sources in browser (including redirects) before passing them to yt-dlp; use `curl` as external downloader, since it is not impacted; and/or avoid fragmented formats such as HLS/m3u8, DASH/mpd and ISM. | -- | Jul 10, 2023 | n/a |
CVE-2023-46121 | yt-dlp is a youtube-dl fork with additional features and fixes. The Generic Extractor in yt-dlp is vulnerable to an attacker setting an arbitrary proxy for a request to an arbitrary url, allowing the attacker to MITM the request made from yt-dlp\'s HTTP session. This could lead to cookie exfiltration in some cases. Version 2023.11.14 removed the ability to smuggle `http_headers` to the Generic extractor, as well as other extractors that use the same pattern. Users are advised to upgrade. Users unable to upgrade should disable the Ggneric extractor (or only pass trusted sites with trusted content) and ake caution when using `--no-check-certificate`. | -- | Nov 15, 2023 | n/a |
CVE-2024-22423 | yt-dlp is a youtube-dl fork with additional features and fixes. The patch that addressed CVE-2023-40581 attempted to prevent RCE when using `--exec` with `%q` by replacing double quotes with two double quotes. However, this escaping is not sufficient, and still allows expansion of environment variables. Support for output template expansion in `--exec`, along with this vulnerable behavior, was added to `yt-dlp` in version 2021.04.11. yt-dlp version 2024.04.09 fixes this issue by properly escaping `%`. It replaces them with `%%cd:~,%`, a variable that expands to nothing, leaving only the leading percent. It is recommended to upgrade yt-dlp to version 2024.04.09 as soon as possible. Also, always be careful when using `--exec`, because while this specific vulnerability has been patched, using unvalidated input in shell commands is inherently dangerous. For Windows users who are not able to upgrade, avoid using any output template expansion in `--exec` other than `{}` (filepath); if expansion in `--exec` is needed, verify the fields you are using do not contain ``, `|` or `&`; and/or instead of using `--exec`, write the info json and load the fields from it instead. | -- | Apr 9, 2024 | n/a |
CVE-2023-40581 | yt-dlp is a youtube-dl fork with additional features and fixes. yt-dlp allows the user to provide shell command lines to be executed at various stages in its download steps through the `--exec` flag. This flag allows output template expansion in its argument, so that metadata values may be used in the shell commands. The metadata fields can be combined with the `%q` conversion, which is intended to quote/escape these values so they can be safely passed to the shell. However, the escaping used for `cmd` (the shell used by Python\'s `subprocess` on Windows) does not properly escape special characters, which can allow for remote code execution if `--exec` is used directly with maliciously crafted remote data. This vulnerability only impacts `yt-dlp` on Windows, and the vulnerability is present regardless of whether `yt-dlp` is run from `cmd` or from `PowerShell`. Support for output template expansion in `--exec`, along with this vulnerable behavior, was added to `yt-dlp` in version 2021.04.11. yt-dlp version 2023.09.24 fixes this issue by properly escaping each special character. `\\n` will be replaced by `\\r` as no way of escaping it has been found. It is recommended to upgrade yt-dlp to version 2023.09.24 as soon as possible. Also, always be careful when using --exec, because while this specific vulnerability has been patched, using unvalidated input in shell commands is inherently dangerous. For Windows users who are not able to upgrade: 1. Avoid using any output template expansion in --exec other than {} (filepath). 2. If expansion in --exec is needed, verify the fields you are using do not contain , | or &. 3. Instead of using --exec, write the info json and load the fields from it instead. | -- | Sep 26, 2023 | n/a |
CVE-2009-3887 | ytnef has directory traversal | HIGH | Oct 29, 2019 | n/a |
CVE-2017-16219 | yttivy is a static file server. yttivy is vulnerable to a directory traversal issue, giving an attacker access to the filesystem by placing ../ in the url. | MEDIUM | Jun 6, 2018 | n/a |
CVE-2022-34937 | Yuba u5cms v8.3.5 was discovered to contain a Cross-Site Request Forgery (CSRF) via the component savepage.php. This vulnerability allows attackers to execute arbitrary code. | -- | Aug 3, 2022 | n/a |
CVE-2018-20340 | Yubico libu2f-host 1.1.6 contains unchecked buffers in devs.c, which could enable a malicious token to exploit a buffer overflow. An attacker could use this to attempt to execute malicious code using a crafted USB device masquerading as a security token on a computer where the affected library is currently in use. It is not possible to perform this attack with a genuine YubiKey. | MEDIUM | Mar 28, 2019 | n/a |
CVE-2011-4120 | Yubico PAM Module before 2.10 performed user authentication when \'use_first_pass\' PAM configuration option was not used and the module was configured as \'sufficient\' in the PAM configuration. A remote attacker could use this flaw to circumvent common authentication process and obtain access to the account in question by providing a NULL value (pressing Ctrl-D keyboard sequence) as the password string. | HIGH | Nov 26, 2019 | n/a |
CVE-2019-12209 | Yubico pam-u2f 1.0.7 attempts parsing of the configured authfile (default $HOME/.config/Yubico/u2f_keys) as root (unless openasuser was enabled), and does not properly verify that the path lacks symlinks pointing to other files on the system owned by root. If the debug option is enabled in the PAM configuration, part of the file contents of a symlink target will be logged, possibly revealing sensitive information. | MEDIUM | Jun 20, 2019 | n/a |
CVE-2021-31924 | Yubico pam-u2f before 1.1.1 has a logic issue that, depending on the pam-u2f configuration and the application used, could lead to a local PIN bypass. This issue does not allow user presence (touch) or cryptographic signature verification to be bypassed, so an attacker would still need to physically possess and interact with the YubiKey or another enrolled authenticator. If pam-u2f is configured to require PIN authentication, and the application using pam-u2f allows the user to submit NULL as the PIN, pam-u2f will attempt to perform a FIDO2 authentication without PIN. If this authentication is successful, the PIN requirement is bypassed. | MEDIUM | May 26, 2021 | n/a |
CVE-2024-31498 | Yubico ykman-gui (aka YubiKey Manager GUI) before 1.2.6 on Windows, when Edge is not used, allows privilege escalation because browser windows can open as Administrator. | -- | Apr 8, 2024 | n/a |
CVE-2015-3298 | Yubico ykneo-openpgp before 1.0.10 has a typo in which an invalid PIN can be used. When first powered up, a signature will be issued even though the PIN has not been validated. | MEDIUM | Mar 30, 2022 | n/a |
CVE-2023-6002 | YugabyteDB is vulnerable to cross site scripting (XSS) via log injection. Writing invalidated user input to log files can allow an unprivileged attacker to forge log entries or inject malicious content into the logs. | -- | Nov 8, 2023 | n/a |
CVE-2019-1000004 | yugandhargangu JspMyAdmin2 version 1.0.6 and earlier contains a Cross Site Scripting (XSS) vulnerability in sidebar and table data that can result in Database fields aren\'t properly sanitized and allow code injection (Cross-Site Scripting). This attack appears to be exploitable via the payload needs to be stored in the database and the victim must see the db value in question. | Medium | Feb 6, 2019 | n/a |
CVE-2018-0700 | YukiWiki 2.1.3 and earlier does not process a particular request properly that may allow consumption of large amounts of CPU and memory resources and may result in causing a denial of service condition. | HIGH | Nov 15, 2018 | n/a |
CVE-2013-1910 | yum does not properly handle bad metadata, which allows an attacker to cause a denial of service and possibly have other unspecified impact via a Trojan horse file in the metadata of a remote repository. | HIGH | Oct 31, 2019 | n/a |
CVE-2018-9993 | YUNUCMS 1.0.7 has XSS via the content title on an admin/content/addcontent/cid/## page (aka a news center page). | LOW | Apr 10, 2018 | n/a |
CVE-2019-5310 | YUNUCMS 1.1.8 has XSS in app/admin/controller/System.php because crafted data can be written to the sys.php file, as demonstrated by site_title in an admin/system/basic POST request. | Medium | Jan 10, 2019 | n/a |
CVE-2021-43690 | YurunProxy v0.01 is affected by a Cross Site Scripting (XSS) vulnerability in src/Client.php. The exit function will terminate the script and print a message which have values from the socket_read. | MEDIUM | Dec 2, 2021 | n/a |
CVE-2022-36606 | Ywoa before v6.1 was discovered to contain a SQL injection vulnerability via /oa/setup/checkPool?database. | -- | Aug 19, 2022 | n/a |
CVE-2022-38808 | ywoa v6.1 is vulnerable to SQL Injection via backend/oa/visual/exportExcel.do interface. | -- | Sep 17, 2022 | n/a |
CVE-2020-25216 | yWorks yEd Desktop before 3.20.1 allows code execution via an XSL Transformation when using an XML file in conjunction with a custom stylesheet. | HIGH | Sep 17, 2020 | n/a |
CVE-2020-25215 | yWorks yEd Desktop before 3.20.1 allows XXE attacks via an XML or GraphML document. | HIGH | Sep 17, 2020 | n/a |
CVE-2018-8805 | Yxcms building system (compatible cell phone) v1.4.7 has XSS via the content parameter to protectedappsdefaultviewdefaultextend_guestbook.php or protectedappsdefaultviewmobileextend_guestbook.php in an index.php?r=default/column/index&col=guestbook request. | MEDIUM | Mar 20, 2018 | n/a |
CVE-2024-25713 | yyjson through 0.8.0 has a double free, leading to remote code execution in some cases, because the pool_free function lacks loop checks. (pool_free is part of the pool series allocator, along with pool_malloc and pool_realloc.) | -- | Feb 29, 2024 | n/a |
CVE-2017-16167 | yyooopack is a simple file server. yyooopack is vulnerable to a directory traversal issue, giving an attacker access to the filesystem by placing ../ in the url. | MEDIUM | Jun 6, 2018 | n/a |
CVE-2018-7479 | YzmCMS 3.6 allows remote attackers to discover the full path via a direct request to application/install/templates/s1.php. | MEDIUM | Feb 25, 2018 | n/a |
CVE-2018-8078 | YzmCMS 3.7 has Stored XSS via the title parameter to advertisement/adver/edit.html. | LOW | Mar 13, 2018 | n/a |
CVE-2018-16247 | YzmCMS 5.1 has XSS via the admin/system_manage/user_config_add.html title parameter. | LOW | Jun 20, 2019 | n/a |
CVE-2018-20015 | YzmCMS v5.2 has admin/role/add.html CSRF. | MEDIUM | Dec 10, 2018 | n/a |
CVE-2020-20341 | YzmCMS v5.5 contains a server-side request forgery (SSRF) in the grab_image() function. | MEDIUM | Sep 2, 2021 | n/a |
CVE-2022-23383 | YzmCMS v6.3 is affected by broken access control. Without login, unauthorized access to the user\'s personal home page can be realized. It is necessary to judge the user\'s login status before accessing the personal home page, but the vulnerability can access other users\' home pages through the non login status because real authentication is not carried out. | MEDIUM | Mar 10, 2022 | n/a |
CVE-2022-23384 | YzmCMS v6.3 is affected by Cross Site Request Forgery (CSRF) in /admin.add | MEDIUM | Feb 19, 2022 | n/a |
CVE-2022-23887 | YzmCMS v6.3 was discovered to contain a Cross-Site Request Forgery (CSRF) which allows attackers to arbitrarily delete user accounts via /admin/admin_manage/delete. | MEDIUM | Feb 2, 2022 | n/a |
CVE-2022-23888 | YzmCMS v6.3 was discovered to contain a Cross-Site Request Forgey (CSRF) via the component /yzmcms/comment/index/init.html. | MEDIUM | Feb 2, 2022 | n/a |
CVE-2017-16221 | yzt is a simple file server. yzt is vulnerable to a directory traversal issue, giving an attacker access to the filesystem by placing ../ in the url. | MEDIUM | Jun 6, 2018 | n/a |
CVE-2018-6846 | Z-BlogPHP 1.5.1 allows remote attackers to discover the full path via a direct request to zb_system/function/lib/upload.php. | MEDIUM | Feb 8, 2018 | n/a |
CVE-2018-6656 | Z-BlogPHP 1.5.1 has CSRF via zb_users/plugin/AppCentre/app_del.php, as demonstrated by deleting files and directories. | MEDIUM | Feb 6, 2018 | n/a |
CVE-2018-9169 | Z-BlogPHP 1.5.1 has XSS via the zb_users/plugin/AppCentre/plugin_edit.php app_id parameter. The component must be accessed directly by an administrator, or through CSRF. | LOW | Apr 16, 2018 | n/a |
CVE-2018-8893 | Z-BlogPHP 1.5.1 Zero has CSRF in plugin_edit.php, resulting in the ability to execute arbitrary PHP code. | MEDIUM | Mar 31, 2018 | n/a |
CVE-2018-18381 | Z-BlogPHP 1.5.2.1935 (Zero) has a stored XSS Vulnerability in zb_system/function/c_system_admin.php via the Content-Type header during the uploading of image attachments. | LOW | Sep 23, 2019 | n/a |
CVE-2020-23352 | Z-BlogPHP 1.6.0 Valyria is affected by incorrect access control. PHP loose comparison and a magic hash can be used to bypass authentication. zb_user/plugin/passwordvisit/include.php:passwordvisit_input_password() uses loose comparison to authenticate, which can be bypassed via magic hash values. | MEDIUM | Jan 27, 2021 | n/a |
CVE-2020-29177 | Z-BlogPHP v1.6.1.2100 was discovered to contain an arbitrary file deletion vulnerability via \\app_del.php. | MEDIUM | Dec 4, 2021 | n/a |
CVE-2020-11799 | Z-Cron 5.6 Build 04 allows an unprivileged attacker to elevate privileges by modifying a privileged user\'s task. This can also affect all users who are signed in on the system if a shell is placed in a location that other unprivileged users have access to. | HIGH | Apr 15, 2020 | n/a |
CVE-2018-10831 | Z-NOMP before 2018-04-05 has an incorrect Equihash solution verifier that allows attackers to spoof mining shares, as demonstrated by providing a solution with {x1=1,x2=1,x3=1,...,x512=1} to bypass this verifier for any blockheader. This originally affected (for example) the Bitcoin Gold and Zcash cryptocurrencies, and continued to be exploited in the wild in May 2018 against smaller cryptocurrencies. | MEDIUM | May 9, 2018 | n/a |
CVE-2019-17433 | z-song laravel-admin 1.7.3 has XSS via the Slug or Name on the Roles screen, because of mishandling on the \"Operation log\" screen. | -- | Oct 10, 2019 | n/a |
CVE-2020-9057 | Z-Wave devices based on Silicon Labs 100, 200, and 300 series chipsets do not support encryption, allowing an attacker within radio range to take control of or cause a denial of service to a vulnerable device. An attacker can also capture and replay Z-Wave traffic. Firmware upgrades cannot directly address this vulnerability as it is an issue with the Z-Wave specification for these legacy chipsets. One way to protect against this vulnerability is to use 500 or 700 series chipsets that support Security 2 (S2) encryption. As examples, the Linear WADWAZ-1 version 3.43 and WAPIRZ-1 version 3.43 (with 300 series chipsets) are vulnerable. | HIGH | Jan 10, 2022 | n/a |
CVE-2020-9058 | Z-Wave devices based on Silicon Labs 500 series chipsets using CRC-16 encapsulation, including but likely not limited to the Linear LB60Z-1 version 3.5, Dome DM501 version 4.26, and Jasco ZW4201 version 4.05, do not implement encryption or replay protection. | MEDIUM | Jan 10, 2022 | n/a |