3621 matches found
Security Bulletin: IBM Cloud Pak for Data is vulnerable to several issues due to the go compiler ( CVE-2021-33197 )
Summary Golang compiler is used by IBM Cloud Pak for Data to build various binaries. CVE-2021-33197. Vulnerability Details CVEID:CVE-2021-33197 DESCRIPTION: Golang Go could allow a remote attacker to bypass security restrictions, caused by a flaw in the ReverseProxy in net/http/httputil. By sendi...
Security Bulletin: IBM Cloud Pak for Data is vulnerable to several issues due to go compiler ( CVE-2022-29804, CVE-2022-30580, CVE-2022-30629, CVE-2022-30634 )
Summary Golang compiler is used by IBM Cloud Pak for Data to build various binaries. CVE-2022-29804, CVE-2022-30580, CVE-2022-30629, CVE-2022-30634 Vulnerability Details CVEID:CVE-2022-29804 DESCRIPTION: Golang Go could allow a local attacker to bypass security restrictions, caused by a flaw in t...
CVE-2024-40953
In the Linux kernel, the following vulnerability has been resolved: KVM: Fix a data race on lastboostedvcpu in kvmvcpuonspin Use READ,WRITEONCE to access kvm-lastboostedvcpu to ensure the loads and stores are atomic. In the extremely unlikely scenario the compiler tears the stores, it's...
CVE-2024-40905
In the Linux kernel, the following vulnerability has been resolved: ipv6: fix possible race in fib6droppcpufrom syzbot found a race in fib6droppcpufrom 1 If compiler reads more than once ppcpurt, second read could read NULL, if another cpu clears the value in rt6getpcpuroute. Add a READONCE to...
golang security update
An update is available for golang. This update affects Rocky Linux 9. A Common Vulnerability Scoring System CVSS base score, which gives a detailed severity rating, is available for each vulnerability from the CVE list The golang packages provide the Go programming language compiler. Security...
DEBIAN-CVE-2024-40974
In the Linux kernel, the following vulnerability has been resolved: powerpc/pseries: Enforce hcall result buffer validity and size plparhcall, plparhcall9, and related functions expect callers to provide valid result buffers of certain minimum size. Currently this is communicated only through...
CVE-2024-40905
In the Linux kernel, the following vulnerability has been resolved: ipv6: fix possible race in fib6droppcpufrom syzbot found a race in fib6droppcpufrom 1 If compiler reads more than once ppcpurt, second read could read NULL, if another cpu clears the value in rt6getpcpuroute. Add a READONCE to...
CVE-2024-40974
In the Linux kernel, the following vulnerability has been resolved: powerpc/pseries: Enforce hcall result buffer validity and size plparhcall, plparhcall9, and related functions expect callers to provide valid result buffers of certain minimum size. Currently this is communicated only through...
CVE-2024-40974
In the Linux kernel, the following vulnerability has been resolved: powerpc/pseries: Enforce hcall result buffer validity and size plparhcall, plparhcall9, and related functions expect callers to provide valid result buffers of certain minimum size. Currently this is communicated only through...
CVE-2024-40905 ipv6: fix possible race in __fib6_drop_pcpu_from()
In the Linux kernel, the following vulnerability has been resolved: ipv6: fix possible race in fib6droppcpufrom syzbot found a race in fib6droppcpufrom 1 If compiler reads more than once ppcpurt, second read could read NULL, if another cpu clears the value in rt6getpcpuroute. Add a READONCE to...
CVE-2024-40905 ipv6: fix possible race in __fib6_drop_pcpu_from()
In the Linux kernel, the following vulnerability has been resolved: ipv6: fix possible race in fib6droppcpufrom syzbot found a race in fib6droppcpufrom 1 If compiler reads more than once ppcpurt, second read could read NULL, if another cpu clears the value in rt6getpcpuroute. Add a READONCE to...
CVE-2024-40905
In the Linux kernel, the following vulnerability has been resolved: ipv6: fix possible race in fib6droppcpufrom syzbot found a race in fib6droppcpufrom 1 If compiler reads more than once ppcpurt, second read could read NULL, if another cpu clears the value in rt6getpcpuroute. Add a READONCE to...
WordPress Happy SCSS Compiler - Compile SCSS to CSS automatically plugin <= 1.3.10 - Missing Authorization to Authenticated (Subscriber+) Stored Cross-Site Scripting vulnerability
WordPress Happy SCSS Compiler - Compile SCSS to CSS automatically plugin = 1.3.10 - Missing Authorization to Authenticated Subscriber+ Stored Cross-Site Scripting vulnerability discovered by Lucio Sá in WordPress Plugin SCSS Happy Compiler versions = 1.3.10...
CVE-2024-5600
The SCSS Happy Compiler – Compile SCSS to CSS & Automatic Enqueue plugin for WordPress is vulnerable to Stored Cross-Site Scripting due to a missing capability check and insufficient sanitization on the importsettings function in all versions up to, and including, 1.3.10. This makes it possible f...
CVE-2024-5600 Happy SCSS Compiler - Compile SCSS to CSS automatically <= 1.3.10 - Missing Authorization to Authenticated (Subscriber+) Stored Cross-Site Scripting
The SCSS Happy Compiler – Compile SCSS to CSS & Automatic Enqueue plugin for WordPress is vulnerable to Stored Cross-Site Scripting due to a missing capability check and insufficient sanitization on the importsettings function in all versions up to, and including, 1.3.10. This makes it possible f...
CVE-2024-5600 Happy SCSS Compiler - Compile SCSS to CSS automatically <= 1.3.10 - Missing Authorization to Authenticated (Subscriber+) Stored Cross-Site Scripting
The SCSS Happy Compiler – Compile SCSS to CSS & Automatic Enqueue plugin for WordPress is vulnerable to Stored Cross-Site Scripting due to a missing capability check and insufficient sanitization on the importsettings function in all versions up to, and including, 1.3.10. This makes it possible f...
CVE-2024-5600
CVE-2024-5600 concerns the WordPress plugin “SCSS Happy Compiler – Compile SCSS to CSS & Automatic Enqueue.” The vulnerability is a Stored Cross-Site Scripting (XSS) due to a missing capability check and insufficient sanitization in the import_settings() function. It affects all versions up to an...
WordPress SCSS Happy Compiler Plugin <= 1.3.10 is vulnerable to Cross Site Scripting (XSS)
Software SCSS Happy Compiler Type Plugin Vulnerable versions = 1.3.10 Fixed in N/A OWASP Top 10 A7: Cross-Site Scripting XSS Classification Cross Site Scripting XSS CVE CVE-2024-5600 Patch priority Medium CVSS severity Medium 6.5 Developer Claim ownership PSID d155b6e3b303 Credits Lucio Sá Requir...
WordPress plugin SCSS Happy Compiler security vulnerability
WordPress and WordPress plugin are both products of the WordPress Foundation.WordPress is a blogging platform developed using the PHP language. The platform supports personal blog sites on servers with PHP and MySQL.WordPress plugin is an application plugin. A security vulnerability exists in...
Malicious code in compiler-wasm-lib (npm)
--- -= Per source details. Do not edit below this line.=- Source: ossf-package-analysis 2c3e3404f77486c9124e70890333cce19382125d07dac40b2ed4b87a466c855e The OpenSSF Package Analysis project identified 'compiler-wasm-lib' @ 4.0.0 npm as malicious. It is considered malicious because: - The package...