Scalance X302-7 Eec (2x 230v, Coated) Security Vulnerabilities

CVE-2021-47580

In the Linux kernel, the following vulnerability has been resolved: scsi: scsi_debug: Fix type in min_t to avoid stack OOB Change min_t() to use type "u32" instead of type "int" to avoid stack out of bounds. With min_t() type "int" the values get sign extended and the larger value gets used...

CVE-2021-47580

In the Linux kernel, the following vulnerability has been resolved: scsi: scsi_debug: Fix type in min_t to avoid stack OOB Change min_t() to use type "u32" instead of type "int" to avoid stack out of bounds. With min_t() type "int" the values get sign extended and the larger value gets used...

TinyMCE Cross-Site Scripting (XSS) vulnerability using noneditable_regexp option

Impact A cross-site scripting (XSS) vulnerability was discovered in TinyMCE’s content extraction code. When using the noneditable_regexp option, specially crafted HTML attributes containing malicious code were able to be executed when content was extracted from the editor. Patches This...

TinyMCE Cross-Site Scripting (XSS) vulnerability using noneditable_regexp option

Impact A cross-site scripting (XSS) vulnerability was discovered in TinyMCE’s content extraction code. When using the noneditable_regexp option, specially crafted HTML attributes containing malicious code were able to be executed when content was extracted from the editor. Patches This...

TinyMCE Cross-Site Scripting (XSS) vulnerability using noscript elements

Impact A cross-site scripting (XSS) vulnerability was discovered in TinyMCE’s content parsing code. This allowed specially crafted noscript elements containing malicious code to be executed when that content was loaded into the editor. Patches This vulnerability has been patched in TinyMCE 7.2.0,.....

TinyMCE Cross-Site Scripting (XSS) vulnerability using noscript elements

Impact A cross-site scripting (XSS) vulnerability was discovered in TinyMCE’s content parsing code. This allowed specially crafted noscript elements containing malicious code to be executed when that content was loaded into the editor. Patches This vulnerability has been patched in TinyMCE 7.2.0,.....

CVE-2024-34444 WordPress Slider Revolution plugin < 6.7.0 - Unauthenticated Broken Access Control vulnerability

Missing Authorization vulnerability in ThemePunch OHG Slider Revolution.This issue affects Slider Revolution: from n/a before...

CVE-2024-34444 WordPress Slider Revolution plugin < 6.7.0 - Unauthenticated Broken Access Control vulnerability

Missing Authorization vulnerability in ThemePunch OHG Slider Revolution.This issue affects Slider Revolution: from n/a before...

CVE-2021-47595 net/sched: sch_ets: don't remove idle classes from the round-robin list

In the Linux kernel, the following vulnerability has been resolved: net/sched: sch_ets: don't remove idle classes from the round-robin list Shuang reported that the following script: 1) tc qdisc add dev ddd0 handle 10: parent 1: ets bands 8 strict 4 priomap 7 7 7 7 7 7 7 7 7 7 7 7 7 7 7 7 2)...

CVE-2021-47595 net/sched: sch_ets: don't remove idle classes from the round-robin list

In the Linux kernel, the following vulnerability has been resolved: net/sched: sch_ets: don't remove idle classes from the round-robin list Shuang reported that the following script: 1) tc qdisc add dev ddd0 handle 10: parent 1: ets bands 8 strict 4 priomap 7 7 7 7 7 7 7 7 7 7 7 7 7 7 7 7 2)...

CVE-2021-47592 net: stmmac: fix tc flower deletion for VLAN priority Rx steering

In the Linux kernel, the following vulnerability has been resolved: net: stmmac: fix tc flower deletion for VLAN priority Rx steering To replicate the issue:- 1) Add 1 flower filter for VLAN Priority based frame steering:- $ IFDEVNAME=eth0 $ tc qdisc add dev $IFDEVNAME ingress $ tc qdisc add dev...

CVE-2021-47592 net: stmmac: fix tc flower deletion for VLAN priority Rx steering

In the Linux kernel, the following vulnerability has been resolved: net: stmmac: fix tc flower deletion for VLAN priority Rx steering To replicate the issue:- 1) Add 1 flower filter for VLAN Priority based frame steering:- $ IFDEVNAME=eth0 $ tc qdisc add dev $IFDEVNAME ingress $ tc qdisc add dev...

CVE-2024-34443 WordPress Slider Revolution plugin < 6.7.11 - Cross Site Scripting (XSS) vulnerability

Improper Neutralization of Input During Web Page Generation (XSS or 'Cross-site Scripting') vulnerability in ThemePunch OHG Slider Revolution allows Stored XSS.This issue affects Slider Revolution: from n/a before...

CVE-2024-34443 WordPress Slider Revolution plugin < 6.7.11 - Cross Site Scripting (XSS) vulnerability

Improper Neutralization of Input During Web Page Generation (XSS or 'Cross-site Scripting') vulnerability in ThemePunch OHG Slider Revolution allows Stored XSS.This issue affects Slider Revolution: from n/a before...

CVE-2021-47580 scsi: scsi_debug: Fix type in min_t to avoid stack OOB

In the Linux kernel, the following vulnerability has been resolved: scsi: scsi_debug: Fix type in min_t to avoid stack OOB Change min_t() to use type "u32" instead of type "int" to avoid stack out of bounds. With min_t() type "int" the values get sign extended and the larger value gets used...

CVE-2021-47580 scsi: scsi_debug: Fix type in min_t to avoid stack OOB

In the Linux kernel, the following vulnerability has been resolved: scsi: scsi_debug: Fix type in min_t to avoid stack OOB Change min_t() to use type "u32" instead of type "int" to avoid stack out of bounds. With min_t() type "int" the values get sign extended and the larger value gets used...

CVE-2023-39312 WordPress Avada theme <= 7.11.1 - Auth. Unrestricted Zip Extraction vulnerability

Missing Authorization vulnerability in ThemeFusion Avada.This issue affects Avada: from n/a through...

CVE-2023-39312 WordPress Avada theme <= 7.11.1 - Auth. Unrestricted Zip Extraction vulnerability

Missing Authorization vulnerability in ThemeFusion Avada.This issue affects Avada: from n/a through...

CVE-2024-38598

In the Linux kernel, the following vulnerability has been resolved: md: fix resync softlockup when bitmap size is less than array size Is is reported that for dm-raid10, lvextend + lvchange --syncaction will trigger following softlockup: kernel:watchdog: BUG: soft lockup - CPU#3 stuck for 26s!...

CVE-2024-38598

In the Linux kernel, the following vulnerability has been resolved: md: fix resync softlockup when bitmap size is less than array size Is is reported that for dm-raid10, lvextend + lvchange --syncaction will trigger following softlockup: kernel:watchdog: BUG: soft lockup - CPU#3 stuck for 26s!...

CVE-2024-38598

In the Linux kernel, the following vulnerability has been resolved: md: fix resync softlockup when bitmap size is less than array size Is is reported that for dm-raid10, lvextend + lvchange --syncaction will trigger following softlockup: kernel:watchdog: BUG: soft lockup - CPU#3 stuck for 26s!...

CVE-2024-38539

In the Linux kernel, the following vulnerability has been resolved: RDMA/cma: Fix kmemleak in rdma_core observed during blktests nvme/rdma use siw When running blktests nvme/rdma, the following kmemleak issue will appear. kmemleak: Kernel memory leak detector initialized (mempool available:36041).....

CVE-2024-38539

In the Linux kernel, the following vulnerability has been resolved: RDMA/cma: Fix kmemleak in rdma_core observed during blktests nvme/rdma use siw When running blktests nvme/rdma, the following kmemleak issue will appear. kmemleak: Kernel memory leak detector initialized (mempool available:36041).....

CVE-2024-38539

In the Linux kernel, the following vulnerability has been resolved: RDMA/cma: Fix kmemleak in rdma_core observed during blktests nvme/rdma use siw When running blktests nvme/rdma, the following kmemleak issue will appear. kmemleak: Kernel memory leak detector initialized (mempool...

CVE-2024-23443

A high-privileged user, allowed to create custom osquery packs 17 could affect the availability of Kibana by uploading a maliciously crafted osquery...

CVE-2024-23443

A high-privileged user, allowed to create custom osquery packs 17 could affect the availability of Kibana by uploading a maliciously crafted osquery...

CVE-2023-36684

Missing Authorization vulnerability in Brainstorm Force Convert Pro.This issue affects Convert Pro: from n/a through...

CVE-2023-36683

Missing Authorization vulnerability in WP SCHEMA PRO Schema Pro.This issue affects Schema Pro: from n/a through...

CVE-2023-36684

Missing Authorization vulnerability in Brainstorm Force Convert Pro.This issue affects Convert Pro: from n/a through...

CVE-2023-36683

Missing Authorization vulnerability in WP SCHEMA PRO Schema Pro.This issue affects Schema Pro: from n/a through...

CVE-2023-36683 WordPress Schema Pro plugin <= 2.7.8 - Broken Access Control vulnerability

Missing Authorization vulnerability in WP SCHEMA PRO Schema Pro.This issue affects Schema Pro: from n/a through...

CVE-2023-36683 WordPress Schema Pro plugin <= 2.7.8 - Broken Access Control vulnerability

Missing Authorization vulnerability in WP SCHEMA PRO Schema Pro.This issue affects Schema Pro: from n/a through...

CVE-2023-36684 WordPress Convert Pro plugin <= 1.7.5 - Broken Access Control vulnerability

Missing Authorization vulnerability in Brainstorm Force Convert Pro.This issue affects Convert Pro: from n/a through...

CVE-2023-36684 WordPress Convert Pro plugin <= 1.7.5 - Broken Access Control vulnerability

Missing Authorization vulnerability in Brainstorm Force Convert Pro.This issue affects Convert Pro: from n/a through...

CVE-2024-23443

A high-privileged user, allowed to create custom osquery packs 17 could affect the availability of Kibana by uploading a maliciously crafted osquery...

CVE-2024-23443

A high-privileged user, allowed to create custom osquery packs 17 could affect the availability of Kibana by uploading a maliciously crafted osquery...

CVE-2024-38598 md: fix resync softlockup when bitmap size is less than array size

In the Linux kernel, the following vulnerability has been resolved: md: fix resync softlockup when bitmap size is less than array size Is is reported that for dm-raid10, lvextend + lvchange --syncaction will trigger following softlockup: kernel:watchdog: BUG: soft lockup - CPU#3 stuck for 26s!...

CVE-2024-38539 RDMA/cma: Fix kmemleak in rdma_core observed during blktests nvme/rdma use siw

In the Linux kernel, the following vulnerability has been resolved: RDMA/cma: Fix kmemleak in rdma_core observed during blktests nvme/rdma use siw When running blktests nvme/rdma, the following kmemleak issue will appear. kmemleak: Kernel memory leak detector initialized (mempool available:36041).....

CVE-2023-39922

Missing Authorization vulnerability in ThemeFusion Avada.This issue affects Avada: from n/a through...

CVE-2023-39922

Missing Authorization vulnerability in ThemeFusion Avada.This issue affects Avada: from n/a through...

CVE-2023-35049

Missing Authorization vulnerability in WooCommerce WooCommerce Stripe Payment Gateway.This issue affects WooCommerce Stripe Payment Gateway: from n/a through...

CVE-2023-35049

Missing Authorization vulnerability in WooCommerce WooCommerce Stripe Payment Gateway.This issue affects WooCommerce Stripe Payment Gateway: from n/a through...

CVE-2023-36512

Missing Authorization vulnerability in Woo AutomateWoo.This issue affects AutomateWoo: from n/a through...

CVE-2023-36512

Missing Authorization vulnerability in Woo AutomateWoo.This issue affects AutomateWoo: from n/a through...

CVE-2023-36512 WordPress AutomateWoo plugin <= 5.7.5 - Broken Access Control vulnerability

Missing Authorization vulnerability in Woo AutomateWoo.This issue affects AutomateWoo: from n/a through...

CVE-2023-36512 WordPress AutomateWoo plugin <= 5.7.5 - Broken Access Control vulnerability

Missing Authorization vulnerability in Woo AutomateWoo.This issue affects AutomateWoo: from n/a through...

CVE-2023-35049 WordPress WooCommerce Stripe Payment Gateway plugin <= 7.4.0 - Unauthenticated Broken Access Control vulnerability

Missing Authorization vulnerability in WooCommerce WooCommerce Stripe Payment Gateway.This issue affects WooCommerce Stripe Payment Gateway: from n/a through...

CVE-2023-39922 WordPress Avada theme <= 7.11.1 - Authenticated Broken Access Control vulnerability

Missing Authorization vulnerability in ThemeFusion Avada.This issue affects Avada: from n/a through...

CVE-2023-46148

Missing Authorization vulnerability in Themify Themify Ultra.This issue affects Themify Ultra: from n/a through...

CVE-2023-47681

Missing Authorization vulnerability in QuadLayers WooCommerce Checkout Manager.This issue affects WooCommerce Checkout Manager: from n/a through...