Lucene search

K

Qubely – Advanced Gutenberg Blocks Security Vulnerabilities

debiancve
debiancve

CVE-2021-47444

In the Linux kernel, the following vulnerability has been resolved: drm/edid: In connector_bad_edid() cap num_of_ext by num_blocks read In commit e11f5bd8228f ("drm: Add support for DP 1.4 Compliance edid corruption test") the function connector_bad_edid() started assuming that the memory for...

6.7AI Score

0.0004EPSS

2024-05-22 07:15 AM
2
cve
cve

CVE-2021-47444

In the Linux kernel, the following vulnerability has been resolved: drm/edid: In connector_bad_edid() cap num_of_ext by num_blocks read In commit e11f5bd8228f ("drm: Add support for DP 1.4 Compliance edid corruption test") the function connector_bad_edid() started assuming that the memory for the.....

6.6AI Score

0.0004EPSS

2024-05-22 07:15 AM
31
cvelist
cvelist

CVE-2021-47460 ocfs2: fix data corruption after conversion from inline format

In the Linux kernel, the following vulnerability has been resolved: ocfs2: fix data corruption after conversion from inline format Commit 6dbf7bb55598 ("fs: Don't invalidate page buffers in block_write_full_page()") uncovered a latent bug in ocfs2 conversion from inline inode format to a normal...

6.8AI Score

0.0004EPSS

2024-05-22 06:23 AM
vulnrichment
vulnrichment

CVE-2021-47460 ocfs2: fix data corruption after conversion from inline format

In the Linux kernel, the following vulnerability has been resolved: ocfs2: fix data corruption after conversion from inline format Commit 6dbf7bb55598 ("fs: Don't invalidate page buffers in block_write_full_page()") uncovered a latent bug in ocfs2 conversion from inline inode format to a normal...

7AI Score

0.0004EPSS

2024-05-22 06:23 AM
cvelist
cvelist

CVE-2021-47444 drm/edid: In connector_bad_edid() cap num_of_ext by num_blocks read

In the Linux kernel, the following vulnerability has been resolved: drm/edid: In connector_bad_edid() cap num_of_ext by num_blocks read In commit e11f5bd8228f ("drm: Add support for DP 1.4 Compliance edid corruption test") the function connector_bad_edid() started assuming that the memory for the.....

6.4AI Score

0.0004EPSS

2024-05-22 06:19 AM
vulnrichment
vulnrichment

CVE-2021-47444 drm/edid: In connector_bad_edid() cap num_of_ext by num_blocks read

In the Linux kernel, the following vulnerability has been resolved: drm/edid: In connector_bad_edid() cap num_of_ext by num_blocks read In commit e11f5bd8228f ("drm: Add support for DP 1.4 Compliance edid corruption test") the function connector_bad_edid() started assuming that the memory for the.....

6.8AI Score

0.0004EPSS

2024-05-22 06:19 AM
cve
cve

CVE-2024-4980

The WPKoi Templates for Elementor plugin for WordPress is vulnerable to Stored Cross-Site Scripting via 'id', 'mixColor', 'backgroundColor', 'saveInCookies', and 'autoMatchOsTheme' parameters in all versions up to, and including, 2.5.9 due to insufficient input sanitization and output escaping....

6.4CVSS

5.7AI Score

0.001EPSS

2024-05-22 05:15 AM
30
nvd
nvd

CVE-2024-4980

The WPKoi Templates for Elementor plugin for WordPress is vulnerable to Stored Cross-Site Scripting via 'id', 'mixColor', 'backgroundColor', 'saveInCookies', and 'autoMatchOsTheme' parameters in all versions up to, and including, 2.5.9 due to insufficient input sanitization and output escaping....

6.4CVSS

5.9AI Score

0.001EPSS

2024-05-22 05:15 AM
thn
thn

Zoom Adopts NIST-Approved Post-Quantum End-to-End Encryption for Meetings

Popular enterprise services provider Zoom has announced the rollout of post-quantum end-to-end encryption (E2EE) for Zoom Meetings, with support for Zoom Phone and Zoom Rooms coming in the future. "As adversarial threats become more sophisticated, so does the need to safeguard user data," the...

7.2AI Score

2024-05-22 04:46 AM
3
cvelist
cvelist

CVE-2024-4980 WPKoi Templates for Elementor <= 2.5.9 - Authenticated (Contributor+) Stored Cross-Site Scripting via Multiple Parameters

The WPKoi Templates for Elementor plugin for WordPress is vulnerable to Stored Cross-Site Scripting via 'id', 'mixColor', 'backgroundColor', 'saveInCookies', and 'autoMatchOsTheme' parameters in all versions up to, and including, 2.5.9 due to insufficient input sanitization and output escaping....

6.4CVSS

5.9AI Score

0.001EPSS

2024-05-22 04:30 AM
vulnrichment
vulnrichment

CVE-2024-4980 WPKoi Templates for Elementor <= 2.5.9 - Authenticated (Contributor+) Stored Cross-Site Scripting via Multiple Parameters

The WPKoi Templates for Elementor plugin for WordPress is vulnerable to Stored Cross-Site Scripting via 'id', 'mixColor', 'backgroundColor', 'saveInCookies', and 'autoMatchOsTheme' parameters in all versions up to, and including, 2.5.9 due to insufficient input sanitization and output escaping....

6.4CVSS

5.8AI Score

0.001EPSS

2024-05-22 04:30 AM
ubuntucve
ubuntucve

CVE-2021-47460

In the Linux kernel, the following vulnerability has been resolved: ocfs2: fix data corruption after conversion from inline format Commit 6dbf7bb55598 ("fs: Don't invalidate page buffers in block_write_full_page()") uncovered a latent bug in ocfs2 conversion from inline inode format to a normal...

6.9AI Score

0.0004EPSS

2024-05-22 12:00 AM
4
ubuntucve
ubuntucve

CVE-2021-47444

In the Linux kernel, the following vulnerability has been resolved: drm/edid: In connector_bad_edid() cap num_of_ext by num_blocks read In commit e11f5bd8228f ("drm: Add support for DP 1.4 Compliance edid corruption test") the function connector_bad_edid() started assuming that the memory for the.....

6.5AI Score

0.0004EPSS

2024-05-22 12:00 AM
2
nessus
nessus

Fedora 40 : kernel (2024-92664ae6fe)

The remote Fedora 40 host has a package installed that is affected by multiple vulnerabilities as referenced in the FEDORA-2024-92664ae6fe advisory. Hardware logic with insecure de-synchronization in Intel(R) DSA and Intel(R) IAA for some Intel(R) 4th or 5th generation Xeon(R) processors may...

6.4CVSS

7AI Score

0.0004EPSS

2024-05-22 12:00 AM
7
krebs
krebs

Why Your Wi-Fi Router Doubles as an Apple AirTag

Image: Shutterstock. Apple and the satellite-based broadband service Starlink each recently took steps to address new research into the potential security and privacy implications of how their services geo-locate devices. Researchers from the University of Maryland say they relied on publicly...

6.2AI Score

2024-05-21 04:21 PM
6
cve
cve

CVE-2023-52806

In the Linux kernel, the following vulnerability has been resolved: ALSA: hda: Fix possible null-ptr-deref when assigning a stream While AudioDSP drivers assign streams exclusively of HOST or LINK type, nothing blocks a user to attempt to assign a COUPLED stream. As supplied substream instance may....

5.5CVSS

6.6AI Score

0.0004EPSS

2024-05-21 04:15 PM
83
debiancve
debiancve

CVE-2023-52806

In the Linux kernel, the following vulnerability has been resolved: ALSA: hda: Fix possible null-ptr-deref when assigning a stream While AudioDSP drivers assign streams exclusively of HOST or LINK type, nothing blocks a user to attempt to assign a COUPLED stream. As supplied substream instance...

5.5CVSS

6.6AI Score

0.0004EPSS

2024-05-21 04:15 PM
3
debiancve
debiancve

CVE-2023-52799

In the Linux kernel, the following vulnerability has been resolved: jfs: fix array-index-out-of-bounds in dbFindLeaf Currently while searching for dmtree_t for sufficient free blocks there is an array out of bounds while getting element in tp-&gt;dm_stree. To add the required check for out of bound...

6.7AI Score

0.0004EPSS

2024-05-21 04:15 PM
cve
cve

CVE-2023-52799

In the Linux kernel, the following vulnerability has been resolved: jfs: fix array-index-out-of-bounds in dbFindLeaf Currently while searching for dmtree_t for sufficient free blocks there is an array out of bounds while getting element in tp-&gt;dm_stree. To add the required check for out of bound...

6.8AI Score

0.0004EPSS

2024-05-21 04:15 PM
27
nvd
nvd

CVE-2023-52799

In the Linux kernel, the following vulnerability has been resolved: jfs: fix array-index-out-of-bounds in dbFindLeaf Currently while searching for dmtree_t for sufficient free blocks there is an array out of bounds while getting element in tp-&gt;dm_stree. To add the required check for out of bound...

6.5AI Score

0.0004EPSS

2024-05-21 04:15 PM
nvd
nvd

CVE-2023-52806

In the Linux kernel, the following vulnerability has been resolved: ALSA: hda: Fix possible null-ptr-deref when assigning a stream While AudioDSP drivers assign streams exclusively of HOST or LINK type, nothing blocks a user to attempt to assign a COUPLED stream. As supplied substream instance may....

5.5CVSS

5.3AI Score

0.0004EPSS

2024-05-21 04:15 PM
cve
cve

CVE-2023-52759

In the Linux kernel, the following vulnerability has been resolved: gfs2: ignore negated quota changes When lots of quota changes are made, there may be cases in which an inode's quota information is increased and then decreased, such as when blocks are added to a file, then deleted from it. If...

6.7AI Score

0.0004EPSS

2024-05-21 04:15 PM
27
debiancve
debiancve

CVE-2023-52759

In the Linux kernel, the following vulnerability has been resolved: gfs2: ignore negated quota changes When lots of quota changes are made, there may be cases in which an inode's quota information is increased and then decreased, such as when blocks are added to a file, then deleted from it. If...

7.1AI Score

0.0004EPSS

2024-05-21 04:15 PM
3
nvd
nvd

CVE-2023-52759

In the Linux kernel, the following vulnerability has been resolved: gfs2: ignore negated quota changes When lots of quota changes are made, there may be cases in which an inode's quota information is increased and then decreased, such as when blocks are added to a file, then deleted from it. If...

6.5AI Score

0.0004EPSS

2024-05-21 04:15 PM
cvelist
cvelist

CVE-2023-52806 ALSA: hda: Fix possible null-ptr-deref when assigning a stream

In the Linux kernel, the following vulnerability has been resolved: ALSA: hda: Fix possible null-ptr-deref when assigning a stream While AudioDSP drivers assign streams exclusively of HOST or LINK type, nothing blocks a user to attempt to assign a COUPLED stream. As supplied substream instance may....

5.3AI Score

0.0004EPSS

2024-05-21 03:31 PM
1
cvelist
cvelist

CVE-2023-52799 jfs: fix array-index-out-of-bounds in dbFindLeaf

In the Linux kernel, the following vulnerability has been resolved: jfs: fix array-index-out-of-bounds in dbFindLeaf Currently while searching for dmtree_t for sufficient free blocks there is an array out of bounds while getting element in tp-&gt;dm_stree. To add the required check for out of bound...

6.5AI Score

0.0004EPSS

2024-05-21 03:31 PM
vulnrichment
vulnrichment

CVE-2023-52759 gfs2: ignore negated quota changes

In the Linux kernel, the following vulnerability has been resolved: gfs2: ignore negated quota changes When lots of quota changes are made, there may be cases in which an inode's quota information is increased and then decreased, such as when blocks are added to a file, then deleted from it. If...

6.9AI Score

0.0004EPSS

2024-05-21 03:30 PM
1
cvelist
cvelist

CVE-2023-52759 gfs2: ignore negated quota changes

In the Linux kernel, the following vulnerability has been resolved: gfs2: ignore negated quota changes When lots of quota changes are made, there may be cases in which an inode's quota information is increased and then decreased, such as when blocks are added to a file, then deleted from it. If...

6.5AI Score

0.0004EPSS

2024-05-21 03:30 PM
cve
cve

CVE-2021-47277

In the Linux kernel, the following vulnerability has been resolved: kvm: avoid speculation-based attacks from out-of-range memslot accesses KVM's mechanism for accessing guest memory translates a guest physical address (gpa) to a host virtual address using the right-shifted gpa (also known as gfn)....

6.3AI Score

0.0004EPSS

2024-05-21 03:15 PM
28
debiancve
debiancve

CVE-2021-47277

In the Linux kernel, the following vulnerability has been resolved: kvm: avoid speculation-based attacks from out-of-range memslot accesses KVM's mechanism for accessing guest memory translates a guest physical address (gpa) to a host virtual address using the right-shifted gpa (also known as...

6.7AI Score

0.0004EPSS

2024-05-21 03:15 PM
1
nvd
nvd

CVE-2021-47277

In the Linux kernel, the following vulnerability has been resolved: kvm: avoid speculation-based attacks from out-of-range memslot accesses KVM's mechanism for accessing guest memory translates a guest physical address (gpa) to a host virtual address using the right-shifted gpa (also known as gfn)....

6.2AI Score

0.0004EPSS

2024-05-21 03:15 PM
cvelist
cvelist

CVE-2021-47277 kvm: avoid speculation-based attacks from out-of-range memslot accesses

In the Linux kernel, the following vulnerability has been resolved: kvm: avoid speculation-based attacks from out-of-range memslot accesses KVM's mechanism for accessing guest memory translates a guest physical address (gpa) to a host virtual address using the right-shifted gpa (also known as gfn)....

6.1AI Score

0.0004EPSS

2024-05-21 02:20 PM
vulnrichment
vulnrichment

CVE-2021-47277 kvm: avoid speculation-based attacks from out-of-range memslot accesses

In the Linux kernel, the following vulnerability has been resolved: kvm: avoid speculation-based attacks from out-of-range memslot accesses KVM's mechanism for accessing guest memory translates a guest physical address (gpa) to a host virtual address using the right-shifted gpa (also known as gfn)....

6.5AI Score

0.0004EPSS

2024-05-21 02:20 PM
cve
cve

CVE-2024-4566

The ShopLentor plugin for WordPress is vulnerable to unauthorized modification of data due to a missing capability check on the ajax_dismiss function in all versions up to, and including, 2.8.8. This makes it possible for authenticated attackers, with contributor-level access and above, to set...

7.1CVSS

6.4AI Score

0.001EPSS

2024-05-21 09:15 AM
27
cve
cve

CVE-2024-3345

The ShopLentor plugin for WordPress is vulnerable to Stored Cross-Site Scripting via the plugin's woolentorsearch shortcode in all versions up to, and including, 2.8.8 due to insufficient input sanitization and output escaping on user supplied attributes. This makes it possible for authenticated...

6.4CVSS

5.7AI Score

0.001EPSS

2024-05-21 09:15 AM
28
cve
cve

CVE-2024-3155

The Post Grid, Form Maker, Popup Maker, WooCommerce Blocks, Post Blocks, Post Carousel – Combo Blocks plugin for WordPress is vulnerable to Stored Cross-Site Scripting via several parameters in all versions up to, and including, 2.2.80 due to insufficient input sanitization and output escaping....

6.4CVSS

5.7AI Score

0.0004EPSS

2024-05-21 03:15 AM
30
nvd
nvd

CVE-2024-3155

The Post Grid, Form Maker, Popup Maker, WooCommerce Blocks, Post Blocks, Post Carousel – Combo Blocks plugin for WordPress is vulnerable to Stored Cross-Site Scripting via several parameters in all versions up to, and including, 2.2.80 due to insufficient input sanitization and output escaping....

6.4CVSS

5.9AI Score

0.0004EPSS

2024-05-21 03:15 AM
vulnrichment
vulnrichment

CVE-2024-3155 Post Grid, Form Maker, Popup Maker, WooCommerce Blocks, Post Blocks, Post Carousel – Combo Blocks <= 2.2.80 - Authenticated (Contributor+) Stored Cross-Site Scripting

The Post Grid, Form Maker, Popup Maker, WooCommerce Blocks, Post Blocks, Post Carousel – Combo Blocks plugin for WordPress is vulnerable to Stored Cross-Site Scripting via several parameters in all versions up to, and including, 2.2.80 due to insufficient input sanitization and output escaping....

6.4CVSS

5.8AI Score

0.0004EPSS

2024-05-21 02:32 AM
cvelist
cvelist

CVE-2024-3155 Post Grid, Form Maker, Popup Maker, WooCommerce Blocks, Post Blocks, Post Carousel – Combo Blocks <= 2.2.80 - Authenticated (Contributor+) Stored Cross-Site Scripting

The Post Grid, Form Maker, Popup Maker, WooCommerce Blocks, Post Blocks, Post Carousel – Combo Blocks plugin for WordPress is vulnerable to Stored Cross-Site Scripting via several parameters in all versions up to, and including, 2.2.80 due to insufficient input sanitization and output escaping....

6.4CVSS

5.9AI Score

0.0004EPSS

2024-05-21 02:32 AM
nessus
nessus

RHEL 8 : varnish:6 (RHSA-2024:2938)

The remote Redhat Enterprise Linux 8 host has packages installed that are affected by a vulnerability as referenced in the RHSA-2024:2938 advisory. Varnish Cache is a high-performance HTTP accelerator. It stores web pages in memory so web servers don't have to create the same web page over and...

6.3AI Score

0.0004EPSS

2024-05-21 12:00 AM
4
ubuntucve
ubuntucve

CVE-2021-47277

In the Linux kernel, the following vulnerability has been resolved: kvm: avoid speculation-based attacks from out-of-range memslot accesses KVM's mechanism for accessing guest memory translates a guest physical address (gpa) to a host virtual address using the right-shifted gpa (also known as gfn)....

6.2AI Score

0.0004EPSS

2024-05-21 12:00 AM
2
ubuntucve
ubuntucve

CVE-2023-52799

In the Linux kernel, the following vulnerability has been resolved: jfs: fix array-index-out-of-bounds in dbFindLeaf Currently while searching for dmtree_t for sufficient free blocks there is an array out of bounds while getting element in tp-&gt;dm_stree. To add the required check for out of bound...

6.7AI Score

0.0004EPSS

2024-05-21 12:00 AM
1
ubuntucve
ubuntucve

CVE-2023-52759

In the Linux kernel, the following vulnerability has been resolved: gfs2: ignore negated quota changes When lots of quota changes are made, there may be cases in which an inode's quota information is increased and then decreased, such as when blocks are added to a file, then deleted from it. If...

6.7AI Score

0.0004EPSS

2024-05-21 12:00 AM
2
ubuntucve
ubuntucve

CVE-2023-52806

In the Linux kernel, the following vulnerability has been resolved: ALSA: hda: Fix possible null-ptr-deref when assigning a stream While AudioDSP drivers assign streams exclusively of HOST or LINK type, nothing blocks a user to attempt to assign a COUPLED stream. As supplied substream instance may....

5.5CVSS

5.4AI Score

0.0004EPSS

2024-05-21 12:00 AM
4
wpvulndb
wpvulndb

Essential Blocks < 4.5.13 - Contributor+ Stored XSS

Description The plugin is vulnerable to Stored Cross-Site Scripting via the ‘tagName’ parameter due to insufficient input sanitization and output escaping. This makes it possible for authenticated attackers, with contributor-level permissions and above, to inject arbitrary web scripts in pages...

6.4CVSS

5.8AI Score

0.001EPSS

2024-05-21 12:00 AM
2
f5
f5

K000139685: Python vulnerability CVE-2023-40217

Security Advisory Description An issue was discovered in Python before 3.8.18, 3.9.x before 3.9.18, 3.10.x before 3.10.13, and 3.11.x before 3.11.5. It primarily affects servers (such as HTTP servers) that use TLS client authentication. If a TLS server-side socket is created, receives data into...

7AI Score

0.0005EPSS

2024-05-21 12:00 AM
6
mssecure
mssecure

New Windows 11 features strengthen security to address evolving cyberthreat landscape

Ahead of the Microsoft Build 2024 conference, we announced a new class of Windows computers, Copilot+ PC. Alongside this exciting new class of PCs, we are introducing important security features and updates that make Windows 11 more secure for users and organizations and give developers the tools.....

7AI Score

2024-05-20 06:00 PM
5
redhatcve
redhatcve

CVE-2024-35949

In the Linux kernel, the following vulnerability has been resolved: btrfs: make sure that WRITTEN is set on all metadata blocks We previously would call btrfs_check_leaf() if we had the check integrity code enabled, which meant that we could only run the extended leaf checks if we had WRITTEN set.....

6.6AI Score

0.0004EPSS

2024-05-20 05:42 PM
5
malwarebytes
malwarebytes

What is real-time protection and why do you need it?

The constant barrage of cyber threats can be overwhelming for all of us. And, as those threats evolve and attackers find new ways to compromise us, we need a way to keep on top of everything nasty that’s thrown our way. Malwarebytes’ free version tackles and reactively resolves threats already on.....

7.2AI Score

2024-05-20 12:39 PM
7
kitploit
kitploit

Drs-Malware-Scan - Perform File-Based Malware Scan On Your On-Prem Servers With AWS

Perform malware scan analysis of on-prem servers using AWS services Challenges with on-premises malware detection It can be difficult for security teams to continuously monitor all on-premises servers due to budget and resource constraints. Signature-based antivirus alone is insufficient as modern....

7.4AI Score

2024-05-20 12:30 PM
15
Total number of security vulnerabilities39003