NewStart CGSL MAIN 6.06 : e2fsprogs Multiple Vulnerabilities (NS-SA-2025-0221)

The remote NewStart CGSL host, running version MAIN 6.06, has e2fsprogs packages installed that are affected by multiple vulnerabilities: - Heap-based buffer overflow in closefs.c in the libext2fs library in e2fsprogs before 1.42.12 allows local users to execute arbitrary code by causing a crafte...

CVE-2024-27934

Deno is a JavaScript, TypeScript, and WebAssembly runtime. Starting in version 1.36.2 and prior to version 1.40.3, use of inherently unsafe const cvoid and ExternalPointer leads to use-after-free access of the underlying structure, resulting in arbitrary code execution. Use of inherently unsafe...

CVE-2024-34507

An issue was discovered in includes/CommentFormatter/CommentParser.php in MediaWiki before 1.39.7, 1.40.x before 1.40.3, and 1.41.x before 1.41.1. XSS can occur because of mishandling of the 0x1b character, as demonstrated by Special:RecentChanges%1b0000000...

DEBIAN-CVE-2024-34506

An issue was discovered in includes/specials/SpecialMovePage.php in MediaWiki before 1.39.7, 1.40.x before 1.40.3, and 1.41.x before 1.41.1. If a user with the necessary rights to move the page opens Special:MovePage for a page with tens of thousands of subpages, then the page will exceed the...

CVE-2024-34507

An issue was discovered in includes/CommentFormatter/CommentParser.php in MediaWiki before 1.39.7, 1.40.x before 1.40.3, and 1.41.x before 1.41.1. XSS can occur because of mishandling of the 0x1b character, as demonstrated by Special:RecentChanges%1b0000000...

CVE-2024-34507

An issue was discovered in includes/CommentFormatter/CommentParser.php in MediaWiki before 1.39.7, 1.40.x before 1.40.3, and 1.41.x before 1.41.1. XSS can occur because of mishandling of the 0x1b character, as demonstrated by Special:RecentChanges%1b0000000...

CVE-2024-34507

An issue was discovered in includes/CommentFormatter/CommentParser.php in MediaWiki before 1.39.7, 1.40.x before 1.40.3, and 1.41.x before 1.41.1. XSS can occur because of mishandling of the 0x1b character, as demonstrated by Special:RecentChanges%1b0000000...

CVE-2024-34507

MediaWiki suffers an XSS vulnerability in CommentFormatter/CommentParser.php. Affected are MediaWiki core versions before 1.39.7, 1.40.x before 1.40.3, and 1.41.x before 1.41.1, due to mishandling of the 0x1b character (examples: Special:RecentChanges#%1b0000000). Impact is client-side script exe...

PT-2024-24877 · Woocommerce · Superfaktura Woocommerce

Name of the Vulnerable Software and Affected Versions: SuperFaktura WooCommerce versions 1.40.3 and earlier Description: A Server-Side Request Forgery SSRF issue has been identified. This allows an attacker to trick the server into making requests to arbitrary domains, potentially leading to...

CVE-2024-27934

Deno is a JavaScript, TypeScript, and WebAssembly runtime. Starting in version 1.36.2 and prior to version 1.40.3, use of inherently unsafe const cvoid and ExternalPointer leads to use-after-free access of the underlying structure, resulting in arbitrary code execution. Use of inherently unsafe...

CVE-2024-27932

Deno is a JavaScript, TypeScript, and WebAssembly runtime. Starting in version 1.8.0 and prior to version 1.40.4, Deno improperly checks that an import specifier's hostname is equal to or a child of a token's hostname, which can cause tokens to be sent to servers they shouldn't be sent to. An aut...

PT-2024-22148 · Deno · Deno

Name of the Vulnerable Software and Affected Versions: Deno versions 1.36.2 through 1.40.3 Description: The issue arises from the use of inherently unsafe const c void and ExternalPointer which leads to use-after-free access of the underlying structure, resulting in arbitrary code execution. An...

PT-2024-22146 · Deno · Deno

Name of the Vulnerable Software and Affected Versions: Deno versions 1.8.0 through 1.40.3 Description: Deno improperly checks that an import specifier's hostname is equal to or a child of a token's hostname, which can cause tokens to be sent to servers they shouldn't be sent to. An auth token...

PT-2024-18280 · WordPress · Superfaktura Woocommerce Plugin

Name of the Vulnerable Software and Affected Versions: SuperFaktura WooCommerce plugin for WordPress versions up to, and including, 1.40.3 Description: The issue allows authenticated attackers with subscriber-level access and above to make web requests to arbitrary locations originating from the...

WordPress plguin EditorsKit Security Vulnerability

WordPress and WordPress plugin are both products of the WordPress Foundation.WordPress is a blogging platform developed using the PHP language. The platform supports personal blog sites on PHP and MySQL servers.WordPress plugin is an application plugin. A security vulnerability exists in WordPres...