Gitlab -- Vulnerability

Gitlab reports: Smuggling code changes via merge requests with refs/replace...

kernel: wifi: mac80211: fix use-after-free in chanctx code

In the Linux kernel, the following vulnerability has been resolved: wifi: mac80211: fix use-after-free in chanctx code In ieee80211vifusereservedcontext, when we have an old context and the new context's replacestate is set to IEEE80211CHANCTXREPLACENONE, we free the old context in...

WordPress CM On Demand Search And Replace Plugin <= 1.3.0 is vulnerable to Cross Site Request Forgery (CSRF)

Software CM On Demand Search And Replace Type Plugin Vulnerable versions = 1.3.0 Fixed in 1.3.1 OWASP Top 10 A5: Broken Access Control Classification Cross Site Request Forgery CSRF CVE CVE-2023-28749 Patch priority Low CVSS severity Low 4.3 Developer Claim ownership PSID 611848008c27 Credits Abd...

CVE-2023-30858

The Denosaurs emoji package provides emojis for dinosaurs. Starting in version 0.1.0 and prior to version 0.3.0, the reTrimSpace regex has 2nd degree polynomial inefficiency, leading to a delayed response given a big payload. The issue has been patched in 0.3.0. As a workaround, avoid using the...

WordPress CM On Demand Search And Replace Plugin <= 1.3.0 is vulnerable to Cross Site Scripting (XSS)

Software CM On Demand Search And Replace Type Plugin Vulnerable versions = 1.3.0 Fixed in 1.3.1 OWASP Top 10 A7: Cross-Site Scripting XSS Classification Cross Site Scripting XSS CVE CVE-2023-31228 Patch priority Low CVSS severity Low 5.9 Developer Claim ownership PSID b6d0be7508ff Credits Abdi...

Enable Media Replace Plugin for WordPress < 4.0.2 Arbitrary File Upload

The WordPress Enable Media Replace Plugin installed on the remote host is affected by a arbitrary file upload vulnerability. Note that the scanner has not tested for these issues but has instead relied only on the application's self-reported version number. No source data...

postgresql: Extension scripts replace objects not belonging to the extension.

A vulnerability was found in PostgreSQL. This attack requires permission to create non-temporary objects in at least one schema, the ability to lure or wait for an administrator to create or update an affected extension in that schema, and the ability to lure or wait for a victim to use the objec...

CVE-2023-0975

A vulnerability exists in Trellix Agent for Windows version 5.7.8 and earlier, that allows local users, during install/upgrade workflow, to replace one of the Agent’s executables before it can be executed. This allows the user to elevate their permissions...

Easy Media Replace < 0.2.0 - Author+ File Deletion

The plugin does not validate path of files to be deleted, which could allow users with a role of Author and above to delete files with an allowed extension...

WordPress Easy Media Replace Plugin <= 0.1.3 is vulnerable to Arbitrary File Deletion

Software Easy Media Replace Type Plugin Vulnerable versions = 0.1.3 Fixed in 0.2.0 OWASP Top 10 A5: Broken Access Control Classification Arbitrary File Deletion CVE CVE-2022-46850 Patch priority Medium CVSS severity Medium 8.7 Developer Claim ownership PSID 321ee0c96fa7 Credits Jeong Seong Ho...

CVE-2023-25146

A security agent link following vulnerability in the Trend Micro Apex One agent could allow a local attacker to quarantine a file, delete the original folder and replace with a junction to an arbitrary location, ultimately leading to an arbitrary file dropped to an arbitrary location. Please note...

SUSE CVE-2006-0038

Integer overflow in the doreplace function in netfilter for Linux before 2.6.16-rc3, when using "virtualization solutions" such as OpenVZ, allows local users with CAPNETADMIN rights to cause a buffer overflow in the copyfromuser function...

SUSE CVE-2007-0911

Off-by-one error in the strireplace function in PHP 5.2.1 might allow context-dependent attackers to cause a denial of service crash...

SUSE CVE-2008-1066

The modifier.regexreplace.php plugin in Smarty before 2.6.19, as used by Serendipity S9Y and other products, allows attackers to call arbitrary PHP functions via templates, related to a '\0' character in a search string...

SUSE CVE-2008-2726

Integer overflow in the 1 rbarysplice function in Ruby 1.8.4 and earlier, 1.8.5 before 1.8.5-p231, 1.8.6 before 1.8.6-p230, 1.8.7 before 1.8.7-p22, and 1.9.0 before 1.9.0-2; and 2 the rbaryreplace function in 1.6.x allows context-dependent attackers to trigger memory corruption, aka the "beg +...

SUSE CVE-2008-2725

Integer overflow in the 1 rbarysplice function in Ruby 1.8.4 and earlier, 1.8.5 before 1.8.5-p231, 1.8.6 before 1.8.6-p230, and 1.8.7 before 1.8.7-p22; and 2 the rbaryreplace function in 1.6.x allows context-dependent attackers to trigger memory corruption via unspecified vectors, aka the...

SUSE CVE-2009-0071

Mozilla Firefox 3.0.5 and earlier 3.0.x versions, when designMode is enabled, allows remote attackers to cause a denial of service NULL pointer dereference and application crash via a certain a replaceChild or b removeChild call, followed by a 1 queryCommandValue, 2 queryCommandState, or 3...

SUSE CVE-2011-0083

Use-after-free vulnerability in the nsSVGPathSegList::ReplaceItem function in the implementation of SVG element lists in Mozilla Firefox before 3.6.18, Thunderbird before 3.1.11, and SeaMonkey through 2.0.14 allows remote attackers to cause a denial of service application crash or possibly execut...

SUSE CVE-2011-1011

The seunsharemount function in sandbox/seunshare.c in seunshare in certain Red Hat packages of policycoreutils 2.0.83 and earlier in Red Hat Enterprise Linux RHEL 6 and earlier, and Fedora 14 and earlier, mounts a new directory on top of /tmp without assigning root ownership and the sticky bit to...

SUSE CVE-2011-1148

Use-after-free vulnerability in the substrreplace function in PHP 5.3.6 and earlier allows context-dependent attackers to cause a denial of service memory corruption or possibly have unspecified other impact by using the same variable for multiple arguments...