kernel: Bluetooth Forward and Future Secrecy Attacks and Defenses

A flaw was found in Bluetooth BR/EDR devices with Secure Simple Pairing and Secure Connections pairing in Bluetooth Core Specification 4.2 through 5.4. This issue may allow certain man-in-the-middle attacks that force a short key length and might lead to discovery of the encryption key and live...

PT-2024-22890 · Xmedcon · Xmedcon

Name of the Vulnerable Software and Affected Versions: xmedcon versions 0.23.0 Description: The issue allows an attacker to execute arbitrary code via a Buffer Overflow in libs/dicom/basic.c. Recommendations: For xmedcon version 0.23.0, update to version 0.24.0 to resolve the issue. As a temporar...

CVE-2024-24874

Improper Neutralization of Script-Related HTML Tags in a Web Page Basic XSS vulnerability in CodePeople CP Polls allows Code Injection.This issue affects CP Polls: from n/a through 1.0.71...

PT-2024-19924 · Unknown · Formidable Forms

Name of the Vulnerable Software and Affected Versions: Formidable Forms versions through 6.7 Description: The issue is related to an Improper Neutralization of Script-Related HTML Tags in a Web Page, also known as Basic XSS, allowing Code Injection in Formidable Forms. Recommendations: For versio...

The vulnerability of UEFI (BIOS) in Huawei personal computers allows a hacker to gain unauthorized access to arbitrary functions.

The vulnerability of UEFI BIOS in Huawei personal computers is related to improper control of access to the SMI handler interface. Exploiting this vulnerability can allow an attacker to gain unauthorized access to arbitrary functions...

Intel BIOS PPAM 安全漏洞

Intel Bios is a basic input-output system used by Intel Corporation USA to perform hardware initialization during the power-on startup phase, as well as firmware that provides runtime services to the operating system. A security vulnerability exists in the Intel BIOS PPAM firmware that stems from...

Intel BIOS Guard firmware 安全漏洞

Intel Bios is a basic input-output system used by Intel Corporation USA to perform hardware initialization during the power-on boot phase, as well as firmware that provides runtime services to the operating system. A security vulnerability exists in the Intel BIOS Guard firmware that stems from t...

PT-2024-29426 · WordPress · Simple Basic Contact Form

Name of the Vulnerable Software and Affected Versions: Simple Basic Contact Form plugin for WordPress versions up to and including 20221201 Description: The issue arises from insufficient input sanitization and output escaping, allowing unauthenticated attackers to inject arbitrary web scripts vi...

Cross-site Scripting (XSS)

MS Basic vulnerable to a cross-site scripting XSS vulnerability. The vulnerability is due to insufficient input sanitization in the search function, allowing attackers to inject malicious scripts into the search input, potentially leading to the execution of arbitrary code in the context of other...

net.mingsoft:ms-ad (=1.0.0), net.mingsoft:ms-clean (>=1.0.0 <=1.0.1) +23 more potentially affected by CVE-2024-33748 via net.mingsoft:ms-basic (>=1.0.10 <=2.1.13.1)

net.mingsoft:ms-basic MAVEN version =1.0.10, =1.0.0, =1.0.4, =1.0.0, =4.6.3-SNAPSHOTS, =1.0.0, =1.0.4, =1.0.0, =1.0.1, =1.0.1, =1.0.2 and more Source cves: CVE-2024-33748 Source advisory: OSV:GHSA-64CM-3CJ3-67HF...

MS Basic Cross-site Scripting vulnerability

Cross-site scripting XSS vulnerability in the search function in Maven net.mingsoft MS Basic 2.1.13.4 and earlier...

GHSA-64CM-3CJ3-67HF MS Basic Cross-site Scripting vulnerability

Cross-site scripting XSS vulnerability in the search function in Maven net.mingsoft MS Basic 2.1.13.4 and earlier...

CVE-2024-33748

Cross-site scripting XSS vulnerability in the search function in Maven net.mingsoft MS Basic 2.1.13.4 and earlier...

CVE-2024-33748

CVE-2024-33748 affects Maven net.mingsoft MS Basic 2.1.13.4 and earlier. The issue is a Cross-site Scripting (XSS) vulnerability in the search function caused by insufficient input sanitization in the affected product, enabling injection of script code in users’ browsers. The CVE entry reports a ...

MvnRepository MS Basic 安全漏洞

MvnRepository MS Basic is an application from MvnRepository, Inc. A security vulnerability exists in MvnRepository MS Basic version 2.1.18.3 and prior versions, which stems from a cross-site scripting XSS vulnerability in the search function...

CVE-2024-33748

Cross-site scripting XSS vulnerability in the search function in Maven net.mingsoft MS Basic 2.1.13.4 and earlier...

PT-2024-25461 · Unknown · Mvnrepository Ms Basic +1

Name of the Vulnerable Software and Affected Versions: MvnRepository MS Basic versions 2.1.18.3 and earlier Maven net.mingsoft MS Basic versions 2.1.13.4 and earlier Description: The issue is related to a cross-site scripting XSS vulnerability in the search function. This type of vulnerability...

WordPress Simple Basic Contact Form Plugin <= 20221201 is vulnerable to Cross Site Scripting (XSS)

Software Simple Basic Contact Form Type Plugin Vulnerable versions = 20221201 Fixed in 20240502 OWASP Top 10 A7: Cross-Site Scripting XSS Classification Cross Site Scripting XSS CVE CVE-2024-4150 Patch priority Medium CVSS severity Medium 7.1 Developer Claim ownership PSID 56d60208321f Credits...

kernel: wifi: cfg80211: ocb: don't leave if not joined

A flaw was found in the Linux kernel's cfg80211 wireless subsystem. When handling OCB Outside the Context of a BSS mode, the kernel may attempt to leave an OCB network even when not joined, which could cause driver confusion or unexpected behavior. This is a logic error in state management...

RHEL 6 / 7 : rh-ruby23-ruby (RHSA-2018:0585)

The remote Redhat Enterprise Linux 6 / 7 host has packages installed that are affected by multiple vulnerabilities as referenced in the RHSA-2018:0585 advisory. Ruby is an extensible, interpreted, object-oriented, scripting language. It has features to process text files and to perform system...