AZL-35293 CVE-2022-4415 affecting package systemd-bootstrap for versions less than 250.3-15

A vulnerability was found in systemd. This security flaw can cause a local information leak due to systemd-coredump not respecting the fs.suiddumpable kernel setting...

WordPress CPT Bootstrap Carousel Plugin <= 1.12 is vulnerable to Cross Site Scripting (XSS)

Software CPT Bootstrap Carousel Type Plugin Vulnerable versions = 1.12 Fixed in N/A OWASP Top 10 A7: Cross-Site Scripting XSS Classification Cross Site Scripting XSS CVE CVE-2022-4834 Patch priority Medium CVSS severity Medium 6.5 Developer Claim ownership PSID 49016ec732ce Credits István Márton...

CPT Bootstrap Carousel <= 1.12 - Contributor+ Stored XSS via Shortcode

The plugin does not validate and escape some of its shortcode attributes before outputting them back in the page, which could allow users with a role as low as contributor to perform Stored Cross-Site Scripting attacks which could be used against high privilege users such as admins. Note: First y...

SUSE SAP HANA platform bootstrap Salt formula 安全漏洞

The SUSE SAP HANA platform bootstrap Salt formula is a Salt formula from SUSE Germany. It is used to bootstrap and manage multiple SAP HANA platform environments. A security vulnerability exists in the SUSE SAP HANA platform bootstrap Salt formula, which can be exploited by an attacker to bypass...

Easy Bootstrap Shortcode <= 4.5.4 - Contributor+ Stored XSS

The plugin does not validate and escape some of its shortcode attributes before outputting them back in the page, which could allow users with a role as low as contributor to perform Stored Cross-Site Scripting attacks which could be used against high privilege users such as admins. 1. Insert thi...

Easy Bootstrap Shortcode <= 4.5.4 - Contributor+ Stored XSS

The plugin does not validate and escape some of its shortcode attributes before outputting them back in the page, which could allow users with a role as low as contributor to perform Stored Cross-Site Scripting attacks which could be used against high privilege users such as admins. PoC 1. Insert...

GHSA-R9HX-VWMV-Q579 vulnerabilities

Vulnerabilities for packages: pytorch-cuda12, pytorch-cuda-11.8...

CVE-2022-40897 vulnerabilities

Vulnerabilities for packages: pytorch-cuda12, pytorch-cuda-11.8...

CVE-2022-3073

Quanos "SCHEMA ST4" example web templates in version Bootstrap 2019 v2/2021 v1/2022 v1/2022 SP1 v1 or below are prone to JavaScript injection allowing a remote attacker to hijack existing sessions to e.g. other web services in the same environment or execute scripts in the users browser...

Input validation

Quanos "SCHEMA ST4" example web templates in version Bootstrap 2019 v2/2021 v1/2022 v1/2022 SP1 v1 or below are prone to JavaScript injection allowing a remote attacker to hijack existing sessions to e.g. other web services in the same environment or execute scripts in the users browser...

Bootstrap 跨站脚本漏洞

Bootstrap is an open source web front-end framework developed using HTML, CSS and JavaScript. A cross-site scripting vulnerability exists in Bootstrap 2019 v2, 2021 v1, 2022 v1, 2022 SP1 v1, and prior versions, which stems from the Quanos "SCHEMA ST4" sample web template being vulnerable to...

Moderate: Red Hat Security Advisory: Red Hat OpenStack 16.1.9 (python-XStatic-Bootstrap-SCSS) security update

An update for python-XStatic-Bootstrap-SCSS is now available for Red Hat OpenStack Platform 16.1.9 Train for Red Hat Enterprise Linux RHEL 8.2. Red Hat Product Security has rated this update as having a security impact of Moderate. A Common Vulnerability Scoring System CVSS base score, which give...

bootstrap: XSS in the tooltip or popover data-template attribute

A cross-site scripting vulnerability was discovered in bootstrap. If an attacker could control the data given to tooltip or popover, they could inject HTML or Javascript into the rendered page when tooltip or popover events fired...

bootstrap: XSS in the tooltip or popover data-template attribute

A cross-site scripting vulnerability was discovered in bootstrap. If an attacker could control the data given to tooltip or popover, they could inject HTML or Javascript into the rendered page when tooltip or popover events fired...

AZL-41470 CVE-2022-45873 affecting package systemd-bootstrap for versions less than 250.3-17

systemd 250 and 251 allows local users to achieve a systemd-coredump deadlock by triggering a crash that has a long backtrace. This occurs in parseelfobject in shared/elf-util.c. The exploitation methodology is to crash a binary calling the same function recursively, and put it in a deeply nested...

AZL-41659 CVE-2022-3821 affecting package systemd-bootstrap for versions less than 250.3-17

An off-by-one Error issue was discovered in Systemd in formattimespan function of time-util.c. An attacker could supply specific values for time and accuracy that leads to buffer overrun in formattimespan, leading to a Denial of Service...

Ecommerce CodeIgniter Bootstrap 1.0 Cross Site Scripting

Title: Ecommerce-CodeIgniter-Bootstrap-1.0 Cross-site scripting reflected RCE Author: nu11secur1ty Date: 10.29.2022 Vendor: https://github.com/kirilkirkov/Ecommerce-CodeIgniter-Bootstrap Software: https://github.com/kirilkirkov/Ecommerce-CodeIgniter-Bootstrap/archive/refs/heads/master.zip...

WordPress WP Bootstrap Gallery plugin <= 1.1 - Broken Access Control vulnerability

Broken Access Control vulnerability discovered by ptsfence Patchstack Alliance in WordPress WP Bootstrap Gallery plugin versions = 1.1. Solution No patched version is available. No reply from the vendor...

nodejs:14 security and bug fix update

nodejs 1:14.20.0-2 - Replace with macros with RPM confitionals - Unify configure calls into single command - Refactor bootstrap-related parts - Decouple dependency bundling from bootstrapping - Resolves: RHBZ2111417 1:14.20.0-1 - Rebase to latest version - Resolves: RHBZ2106367 - CVE fixes for...

Moderate: nodejs:14 security and bug fix update

Node.js is a software development platform for building fast and scalable network applications in the JavaScript programming language. Security Fixes: nodejs: DNS rebinding in --inspect via invalid IP addresses CVE-2022-32212 nodejs: HTTP request smuggling due to flawed parsing of Transfer-Encodi...