Server-side Request Forgery (SSRF)

Overview astro is an Astro is a modern site builder with web best practices, performance, and DX front-of-mind. Affected versions of this package are vulnerable to Server-side Request Forgery SSRF via the inferSize option that fetches remote images at render time to determine their dimensions. An...

EUVD-2020-1503

Malware in sbrugna...

GSD-2022-1001074 ath11k: mhi: use mhi_sync_power_up()

ath11k: mhi: use mhisyncpowerup This is an automated ID intended to aid in discovery of potential security vulnerabilities. The actual impact and attack plausibility have not yet been proven. This ID is fixed in Linux Kernel version v5.17.3 by commit 646d533af2911be1184eaee8c900b7eb8ecc4396. For...

GSD-2022-1001053 mt76: mt7915: fix injected MPDU transmission to not use HW A-MSDU

mt76: mt7915: fix injected MPDU transmission to not use HW A-MSDU This is an automated ID intended to aid in discovery of potential security vulnerabilities. The actual impact and attack plausibility have not yet been proven. This ID is fixed in Linux Kernel version v5.17.3 by commit...

GSD-2022-1001051 iavf: stop leaking iavf_status as "errno" values

iavf: stop leaking iavfstatus as "errno" values This is an automated ID intended to aid in discovery of potential security vulnerabilities. The actual impact and attack plausibility have not yet been proven. This ID is fixed in Linux Kernel version v5.17.3 by commit...

GSD-2022-1001041 netfilter: conntrack: revisit gc autotuning

netfilter: conntrack: revisit gc autotuning This is an automated ID intended to aid in discovery of potential security vulnerabilities. The actual impact and attack plausibility have not yet been proven. This ID is fixed in Linux Kernel version v5.17.3 by commit...

GSD-2022-1001030 x86/Kconfig: Do not allow CONFIG_X86_X32_ABI=y with llvm-objcopy

x86/Kconfig: Do not allow CONFIGX86X32ABI=y with llvm-objcopy This is an automated ID intended to aid in discovery of potential security vulnerabilities. The actual impact and attack plausibility have not yet been proven. This ID is fixed in Linux Kernel version v5.17.3 by commit...

GSD-2022-1001016 IB/rdmavt: add lock to call to rvt_error_qp to prevent a race condition

IB/rdmavt: add lock to call to rvterrorqp to prevent a race condition This is an automated ID intended to aid in discovery of potential security vulnerabilities. The actual impact and attack plausibility have not yet been proven. This ID is fixed in Linux Kernel version v5.17.3 by commit...

GSD-2022-1001004 mmmremap.c: avoid pointless invalidate_range_start/end on mremap(old_size=0)

mmmremap.c: avoid pointless invalidaterangestart/end on mremapoldsize=0 This is an automated ID intended to aid in discovery of potential security vulnerabilities. The actual impact and attack plausibility have not yet been proven. This ID is fixed in Linux Kernel version v5.17.3 by commit...

CVE-2021-24973

The Site Reviews WordPress plugin before 5.17.3 does not sanitise and escape the site-reviews parameter of the glsraction AJAX action available to unauthenticated and any authenticated users, allowing them to perform Cross-Site Scripting attacks against logged in admins viewing the Tool dashboard...

GHSA-9652-78HP-W58C Stored cross-site scripting in PressBooks

PressBooks 5.17.3 contains a cross-site scripting XSS. Stored XSS can be submitted via the Book Info's Long Description Body, and all actions to open or preview the books page will result in the triggering the stored XSS...

Oscar Arzola PressBooks Cross-Site Scripting Vulnerability

Oscar Arzola PressBooks is an application by the individual developer Oscar Arzolat in China. Provides a book content management system. PressBooks has a cross-site scripting vulnerability in version 5.17.3. The vulnerability can be triggered by submitting a long book description to the platform ...

Cross site scripting

PressBooks 5.17.3 contains a cross-site scripting XSS. Stored XSS can be submitted via the Book Info's Long Description Body, and all actions to open or preview the books page will result in the triggering the stored XSS...

CVE-2020-26296

Vega is a visualization grammar, a declarative format for creating, saving, and sharing interactive visualization designs. Vega in an npm package. In Vega before version 5.17.3 there is an XSS vulnerability in Vega expressions. Through a specially crafted Vega expression, an attacker could execut...

Format string

Vega is a visualization grammar, a declarative format for creating, saving, and sharing interactive visualization designs. Vega in an npm package. In Vega before version 5.17.3 there is an XSS vulnerability in Vega expressions. Through a specially crafted Vega expression, an attacker could execut...

CVE-2020-26296 XSS in Vega

Vega is a visualization grammar, a declarative format for creating, saving, and sharing interactive visualization designs. Vega in an npm package. In Vega before version 5.17.3 there is an XSS vulnerability in Vega expressions. Through a specially crafted Vega expression, an attacker could execut...

GHSA-R2QC-W64X-6J54 XSS in Vega

Vega is a visualization grammar, a declarative format for creating, saving, and sharing interactive visualization designs. Vega in an npm package. In Vega before version 5.17.3 there is an XSS vulnerability in Vega expressions. Through a specially crafted Vega expression, an attacker could execut...

Vega 跨站脚本漏洞

Vega is a Javscript-based software from the Vega team that can be used to create interactive visual displays. The software can use JSON format to describe the data visualization and use HTML5 Canvas or SVG to generate interactive views. A cross-site scripting vulnerability exists in Vega versions...