Elementor – Header, Footer & Blocks Template Security Vulnerabilities

CVE-2021-47602

In the Linux kernel, the following vulnerability has been resolved: mac80211: track only QoS data frames for admission control For admission control, obviously all of that only works for QoS data frames, otherwise we cannot even access the QoS field in the header. Syzbot reported (see below) an...

Security Bulletin: Vulnerabilities in Apache Tomcat affect IBM SAN Volume Controller, IBM Storwize, IBM Storage Virtualize and IBM FlashSystem products

Summary Vulnerabilities in Apache Tomcat affect the product's management GUI, potentially allowing denial of service. The Command Line Interface is unaffected. CVE-2024-23672, CVE-2024-24549. Vulnerability Details ** CVEID: CVE-2024-23672 DESCRIPTION: **Apache Tomcat is vulnerable to a denial of...

CVE-2021-47602

In the Linux kernel, the following vulnerability has been resolved: mac80211: track only QoS data frames for admission control For admission control, obviously all of that only works for QoS data frames, otherwise we cannot even access the QoS field in the header. Syzbot reported (see below) an...

CVE-2021-47602

In the Linux kernel, the following vulnerability has been resolved: mac80211: track only QoS data frames for admission control For admission control, obviously all of that only works for QoS data frames, otherwise we cannot even access the QoS field in the header. Syzbot reported (see below) an...

CVE-2021-47602

In the Linux kernel, the following vulnerability has been resolved: mac80211: track only QoS data frames for admission control For admission control, obviously all of that only works for QoS data frames, otherwise we cannot even access the QoS field in the header. Syzbot reported (see below) an...

CVE-2021-47587

In the Linux kernel, the following vulnerability has been resolved: net: systemport: Add global locking for descriptor lifecycle The descriptor list is a shared resource across all of the transmit queues, and the locking mechanism used today only protects concurrency across a given transmit queue.....

CVE-2021-47587

In the Linux kernel, the following vulnerability has been resolved: net: systemport: Add global locking for descriptor lifecycle The descriptor list is a shared resource across all of the transmit queues, and the locking mechanism used today only protects concurrency across a given transmit...

CVE-2021-47587

In the Linux kernel, the following vulnerability has been resolved: net: systemport: Add global locking for descriptor lifecycle The descriptor list is a shared resource across all of the transmit queues, and the locking mechanism used today only protects concurrency across a given transmit queue.....

CVE-2021-47602 mac80211: track only QoS data frames for admission control

In the Linux kernel, the following vulnerability has been resolved: mac80211: track only QoS data frames for admission control For admission control, obviously all of that only works for QoS data frames, otherwise we cannot even access the QoS field in the header. Syzbot reported (see below) an...

CVE-2021-47602 mac80211: track only QoS data frames for admission control

In the Linux kernel, the following vulnerability has been resolved: mac80211: track only QoS data frames for admission control For admission control, obviously all of that only works for QoS data frames, otherwise we cannot even access the QoS field in the header. Syzbot reported (see below) an...

CVE-2021-47587 net: systemport: Add global locking for descriptor lifecycle

In the Linux kernel, the following vulnerability has been resolved: net: systemport: Add global locking for descriptor lifecycle The descriptor list is a shared resource across all of the transmit queues, and the locking mechanism used today only protects concurrency across a given transmit queue.....

CVE-2024-38599

In the Linux kernel, the following vulnerability has been resolved: jffs2: prevent xattr node from overflowing the eraseblock Add a check to make sure that the requested xattr node size is no larger than the eraseblock minus the cleanmarker. Unlike the usual inode nodes, the xattr nodes aren't...

CVE-2024-38599

In the Linux kernel, the following vulnerability has been resolved: jffs2: prevent xattr node from overflowing the eraseblock Add a check to make sure that the requested xattr node size is no larger than the eraseblock minus the cleanmarker. Unlike the usual inode nodes, the xattr nodes aren't...

CVE-2024-38599

In the Linux kernel, the following vulnerability has been resolved: jffs2: prevent xattr node from overflowing the eraseblock Add a check to make sure that the requested xattr node size is no larger than the eraseblock minus the cleanmarker. Unlike the usual inode nodes, the xattr nodes aren't...

CVE-2024-38598

In the Linux kernel, the following vulnerability has been resolved: md: fix resync softlockup when bitmap size is less than array size Is is reported that for dm-raid10, lvextend + lvchange --syncaction will trigger following softlockup: kernel:watchdog: BUG: soft lockup - CPU#3 stuck for 26s!...

CVE-2024-38598

In the Linux kernel, the following vulnerability has been resolved: md: fix resync softlockup when bitmap size is less than array size Is is reported that for dm-raid10, lvextend + lvchange --syncaction will trigger following softlockup: kernel:watchdog: BUG: soft lockup - CPU#3 stuck for 26s!...

CVE-2024-38598

In the Linux kernel, the following vulnerability has been resolved: md: fix resync softlockup when bitmap size is less than array size Is is reported that for dm-raid10, lvextend + lvchange --syncaction will trigger following softlockup: kernel:watchdog: BUG: soft lockup - CPU#3 stuck for 26s!...

CVE-2024-38558

In the Linux kernel, the following vulnerability has been resolved: net: openvswitch: fix overwriting ct original tuple for ICMPv6 OVS_PACKET_CMD_EXECUTE has 3 main attributes: - OVS_PACKET_ATTR_KEY - Packet metadata in a netlink format. - OVS_PACKET_ATTR_PACKET - Binary packet content. -...

CVE-2024-38558

In the Linux kernel, the following vulnerability has been resolved: net: openvswitch: fix overwriting ct original tuple for ICMPv6 OVS_PACKET_CMD_EXECUTE has 3 main attributes: - OVS_PACKET_ATTR_KEY - Packet metadata in a netlink format. - OVS_PACKET_ATTR_PACKET - Binary packet content. -...

CVE-2024-38558

In the Linux kernel, the following vulnerability has been resolved: net: openvswitch: fix overwriting ct original tuple for ICMPv6 OVS_PACKET_CMD_EXECUTE has 3 main attributes: - OVS_PACKET_ATTR_KEY - Packet metadata in a netlink format. - OVS_PACKET_ATTR_PACKET - Binary packet content. -...

CVE-2024-38538

In the Linux kernel, the following vulnerability has been resolved: net: bridge: xmit: make sure we have at least eth header len bytes syzbot triggered an uninit value[1] error in bridge device's xmit path by sending a short (less than ETH_HLEN bytes) skb. To fix it check if we can actually pull...

CVE-2024-38538

In the Linux kernel, the following vulnerability has been resolved: net: bridge: xmit: make sure we have at least eth header len bytes syzbot triggered an uninit value[1] error in bridge device's xmit path by sending a short (less than ETH_HLEN bytes) skb. To fix it check if we can actually pull...

CVE-2024-38538

In the Linux kernel, the following vulnerability has been resolved: net: bridge: xmit: make sure we have at least eth header len bytes syzbot triggered an uninit value[1] error in bridge device's xmit path by sending a short (less than ETH_HLEN bytes) skb. To fix it check if we can actually pull...

CVE-2024-38598 md: fix resync softlockup when bitmap size is less than array size

In the Linux kernel, the following vulnerability has been resolved: md: fix resync softlockup when bitmap size is less than array size Is is reported that for dm-raid10, lvextend + lvchange --syncaction will trigger following softlockup: kernel:watchdog: BUG: soft lockup - CPU#3 stuck for 26s!...

CVE-2024-38599 jffs2: prevent xattr node from overflowing the eraseblock

In the Linux kernel, the following vulnerability has been resolved: jffs2: prevent xattr node from overflowing the eraseblock Add a check to make sure that the requested xattr node size is no larger than the eraseblock minus the cleanmarker. Unlike the usual inode nodes, the xattr nodes aren't...

CVE-2024-38558 net: openvswitch: fix overwriting ct original tuple for ICMPv6

In the Linux kernel, the following vulnerability has been resolved: net: openvswitch: fix overwriting ct original tuple for ICMPv6 OVS_PACKET_CMD_EXECUTE has 3 main attributes: - OVS_PACKET_ATTR_KEY - Packet metadata in a netlink format. - OVS_PACKET_ATTR_PACKET - Binary packet content. -...

CVE-2024-38558 net: openvswitch: fix overwriting ct original tuple for ICMPv6

In the Linux kernel, the following vulnerability has been resolved: net: openvswitch: fix overwriting ct original tuple for ICMPv6 OVS_PACKET_CMD_EXECUTE has 3 main attributes: - OVS_PACKET_ATTR_KEY - Packet metadata in a netlink format. - OVS_PACKET_ATTR_PACKET - Binary packet content. -...

CVE-2024-38538 net: bridge: xmit: make sure we have at least eth header len bytes

In the Linux kernel, the following vulnerability has been resolved: net: bridge: xmit: make sure we have at least eth header len bytes syzbot triggered an uninit value[1] error in bridge device's xmit path by sending a short (less than ETH_HLEN bytes) skb. To fix it check if we can actually pull...

CVE-2024-35765

Improper Neutralization of Input During Web Page Generation (XSS or 'Cross-site Scripting') vulnerability in Wpsoul Greenshift – animation and page builder blocks allows Stored XSS.This issue affects Greenshift – animation and page builder blocks: from n/a through...

CVE-2024-35765

Improper Neutralization of Input During Web Page Generation (XSS or 'Cross-site Scripting') vulnerability in Wpsoul Greenshift – animation and page builder blocks allows Stored XSS.This issue affects Greenshift – animation and page builder blocks: from n/a through...

CVE-2024-35765 WordPress Greenshift – animation and page builder blocks plugin <= 8.8.9.1 - Cross Site Scripting (XSS) vulnerability

Improper Neutralization of Input During Web Page Generation (XSS or 'Cross-site Scripting') vulnerability in Wpsoul Greenshift – animation and page builder blocks allows Stored XSS.This issue affects Greenshift – animation and page builder blocks: from n/a through...

URL Redirection To Untrusted Site ('Open Redirect')

zendframework/zendframework is vulnerable to improper handling of IP addresses. The vulnerability is due to the class not verifying if the IP address in $_SERVER['REMOTE_ADDR'] is in the trusted proxy server list before using the X-Forwarded-For...

Denial Of Service (DoS)

ws is vulnerable to Denial Of Service (DoS). The vulnerability is due to improper handling of the Upgrade header when the number of received headers exceeds the server.maxHeadersCount or request.maxHeadersCount threshold, causing incomingMessage.headers.upgrade to not be set. Attackers can use...

Arbitrary Code Execution

dolibarr/dolibarr is vulnerable to Arbitrary Code Execution. The vulnerability is due to improper validation of file types in the Upload Template function, allowing attackers to execute arbitrary code via uploading a crafted .SQL...

Zyxel NAS326 Firmware < V5.21(AAZF.17)C0 - Command Injection

The command injection vulnerability in the “setCookie” parameter in Zyxel NAS326 firmware versions before V5.21(AAZF.17)C0 and NAS542 firmware versions before V5.21(ABAG.14)C0 could allow an unauthenticated attacker to execute some operating system (OS) commands by sending a crafted HTTP POST...

CVE-2024-5208

An uncontrolled resource consumption vulnerability exists in the upload-link endpoint of mintplex-labs/anything-llm. This vulnerability allows attackers to cause a denial of service (DOS) by shutting down the server through sending invalid upload requests. Specifically, the server can be made to...

CVE-2024-5208

An uncontrolled resource consumption vulnerability exists in the upload-link endpoint of mintplex-labs/anything-llm. This vulnerability allows attackers to cause a denial of service (DOS) by shutting down the server through sending invalid upload requests. Specifically, the server can be made to...

CVE-2024-5208

An uncontrolled resource consumption vulnerability exists in the upload-link endpoint of mintplex-labs/anything-llm. This vulnerability allows attackers to cause a denial of service (DOS) by shutting down the server through sending invalid upload requests. Specifically, the server can be made to...

CVE-2023-6692

The Ultimate Blocks – WordPress Blocks Plugin plugin for WordPress is vulnerable to Stored Cross-Site Scripting via the plugin's tab anchor metabox in all versions up to, and including, 3.0.8 due to insufficient input sanitization and output escaping on user supplied attributes. This makes it...

CVE-2023-6692

The Ultimate Blocks – WordPress Blocks Plugin plugin for WordPress is vulnerable to Stored Cross-Site Scripting via the plugin's tab anchor metabox in all versions up to, and including, 3.0.8 due to insufficient input sanitization and output escaping on user supplied attributes. This makes it...

CVE-2024-5208 Uncontrolled Resource Consumption in mintplex-labs/anything-llm

An uncontrolled resource consumption vulnerability exists in the upload-link endpoint of mintplex-labs/anything-llm. This vulnerability allows attackers to cause a denial of service (DOS) by shutting down the server through sending invalid upload requests. Specifically, the server can be made to...

CVE-2024-5208 Uncontrolled Resource Consumption in mintplex-labs/anything-llm

An uncontrolled resource consumption vulnerability exists in the upload-link endpoint of mintplex-labs/anything-llm. This vulnerability allows attackers to cause a denial of service (DOS) by shutting down the server through sending invalid upload requests. Specifically, the server can be made to...

CVE-2023-6692 Ultimate Blocks – WordPress Blocks Plugin <= 3.0.8 - Authenticated(Contributor+) Stored Cross-Site Scripting via metabox

The Ultimate Blocks – WordPress Blocks Plugin plugin for WordPress is vulnerable to Stored Cross-Site Scripting via the plugin's tab anchor metabox in all versions up to, and including, 3.0.8 due to insufficient input sanitization and output escaping on user supplied attributes. This makes it...

thunderbird vulnerabilities

Multiple security issues were discovered in Thunderbird. If a user were tricked into opening a specially crafted website in a browsing context, an attacker could potentially exploit these to cause a denial of service, obtain sensitive information, bypass security restrictions, cross-site tracing,.....

CVE-2024-6145

Actiontec WCB6200Q Cookie Format String Remote Code Execution Vulnerability. This vulnerability allows network-adjacent attackers to execute arbitrary code on affected installations of Actiontec WCB6200Q routers. Authentication is not required to exploit this vulnerability. The specific flaw...

CVE-2024-6145

Actiontec WCB6200Q Cookie Format String Remote Code Execution Vulnerability. This vulnerability allows network-adjacent attackers to execute arbitrary code on affected installations of Actiontec WCB6200Q routers. Authentication is not required to exploit this vulnerability. The specific flaw...

Bagisto 2.1.2 Client-Side Template Injection

...

Ubuntu 20.04 LTS / 22.04 LTS / 23.10 : Thunderbird vulnerabilities (USN-6840-1)

The remote Ubuntu 20.04 LTS / 22.04 LTS / 23.10 host has packages installed that are affected by multiple vulnerabilities as referenced in the USN-6840-1 advisory. Multiple security issues were discovered in Thunderbird. If a user were tricked into opening a specially crafted website in a...

Thunderbird vulnerabilities

Releases Ubuntu 23.10 Ubuntu 22.04 LTS Ubuntu 20.04 LTS Packages thunderbird - Mozilla Open Source mail and newsgroup client Details Multiple security issues were discovered in Thunderbird. If a user were tricked into opening a specially crafted website in a browsing context, an attacker...

CentOS 7 : firefox (RHSA-2024:3951)

The remote CentOS Linux 7 host has a package installed that is affected by multiple vulnerabilities as referenced in the RHSA-2024:3951 advisory. If a garbage collection was triggered at the right time, a use-after-free could have occurred during object transplant. This vulnerability affects...