CVE-2024-40905

In the Linux kernel, the following vulnerability has been resolved: ipv6: fix possible race in fib6droppcpufrom syzbot found a race in fib6droppcpufrom 1 If compiler reads more than once ppcpurt, second read could read NULL, if another cpu clears the value in rt6getpcpuroute. Add a READONCE to...

WordPress Happy SCSS Compiler - Compile SCSS to CSS automatically plugin <= 1.3.10 - Missing Authorization to Authenticated (Subscriber+) Stored Cross-Site Scripting vulnerability

WordPress Happy SCSS Compiler - Compile SCSS to CSS automatically plugin = 1.3.10 - Missing Authorization to Authenticated Subscriber+ Stored Cross-Site Scripting vulnerability discovered by Lucio Sá in WordPress Plugin SCSS Happy Compiler versions = 1.3.10...

CVE-2024-5600

The SCSS Happy Compiler – Compile SCSS to CSS & Automatic Enqueue plugin for WordPress is vulnerable to Stored Cross-Site Scripting due to a missing capability check and insufficient sanitization on the importsettings function in all versions up to, and including, 1.3.10. This makes it possible f...

CVE-2024-5600 Happy SCSS Compiler - Compile SCSS to CSS automatically <= 1.3.10 - Missing Authorization to Authenticated (Subscriber+) Stored Cross-Site Scripting

The SCSS Happy Compiler – Compile SCSS to CSS & Automatic Enqueue plugin for WordPress is vulnerable to Stored Cross-Site Scripting due to a missing capability check and insufficient sanitization on the importsettings function in all versions up to, and including, 1.3.10. This makes it possible f...

CVE-2024-5600 Happy SCSS Compiler - Compile SCSS to CSS automatically <= 1.3.10 - Missing Authorization to Authenticated (Subscriber+) Stored Cross-Site Scripting

The SCSS Happy Compiler – Compile SCSS to CSS & Automatic Enqueue plugin for WordPress is vulnerable to Stored Cross-Site Scripting due to a missing capability check and insufficient sanitization on the importsettings function in all versions up to, and including, 1.3.10. This makes it possible f...

CVE-2024-5600

CVE-2024-5600 concerns the WordPress plugin “SCSS Happy Compiler – Compile SCSS to CSS & Automatic Enqueue.” The vulnerability is a Stored Cross-Site Scripting (XSS) due to a missing capability check and insufficient sanitization in the import_settings() function. It affects all versions up to an...

WordPress SCSS Happy Compiler Plugin <= 1.3.10 is vulnerable to Cross Site Scripting (XSS)

Software SCSS Happy Compiler Type Plugin Vulnerable versions = 1.3.10 Fixed in N/A OWASP Top 10 A7: Cross-Site Scripting XSS Classification Cross Site Scripting XSS CVE CVE-2024-5600 Patch priority Medium CVSS severity Medium 6.5 Developer Claim ownership PSID d155b6e3b303 Credits Lucio Sá Requir...

WordPress plugin SCSS Happy Compiler security vulnerability

WordPress and WordPress plugin are both products of the WordPress Foundation.WordPress is a blogging platform developed using the PHP language. The platform supports personal blog sites on servers with PHP and MySQL.WordPress plugin is an application plugin. A security vulnerability exists in...

Malicious code in compiler-wasm-lib (npm)

--- -= Per source details. Do not edit below this line.=- Source: ossf-package-analysis 2c3e3404f77486c9124e70890333cce19382125d07dac40b2ed4b87a466c855e The OpenSSF Package Analysis project identified 'compiler-wasm-lib' @ 4.0.0 npm as malicious. It is considered malicious because: - The package...

MAL-2024-7415 Malicious code in compiler-wasm-lib (npm)

--- -= Per source details. Do not edit below this line.=- Source: ossf-package-analysis 2c3e3404f77486c9124e70890333cce19382125d07dac40b2ed4b87a466c855e The OpenSSF Package Analysis project identified 'compiler-wasm-lib' @ 4.0.0 npm as malicious. It is considered malicious because: - The package...

Exploit for Race Condition in Openbsd Openssh

regreSSHion Exploit PoC Description This repository cont...

Moderate: Red Hat Security Advisory: golang security update

An update for golang is now available for Red Hat Enterprise Linux 9. Red Hat Product Security has rated this update as having a security impact of Moderate. A Common Vulnerability Scoring System CVSS base score, which gives a detailed severity rating, is available for each vulnerability from the...

RHEL 9 : golang (RHSA-2024:4212)

The remote Redhat Enterprise Linux 9 host has packages installed that are affected by multiple vulnerabilities as referenced in the RHSA-2024:4212 advisory. The golang packages provide the Go programming language compiler. Security Fixes: golang: archive/zip: Incorrect handling of certain ZIP fil...

ALSA-2024:4212 Moderate: golang security update

The golang packages provide the Go programming language compiler. Security Fixes: golang: archive/zip: Incorrect handling of certain ZIP files CVE-2024-24789 golang: net/netip: Unexpected behavior from Is methods for IPv4-mapped IPv6 addresses CVE-2024-24790 For more details about the security...

The vulnerability of the Compiler component in Oracle GraalVM Enterprise Edition and Oracle GraalVM for JDK allows a attacker to trigger a service failure.

The vulnerability of the Compiler component in Oracle GraalVM Enterprise Edition and Oracle GraalVM for JDK is related to deficiencies in the authentication process. Exploiting this vulnerability can allow an attacker to cause service failures...

RHEL 9 : golang (RHSA-2024:4146)

The remote Redhat Enterprise Linux 9 host has packages installed that are affected by multiple vulnerabilities as referenced in the RHSA-2024:4146 advisory. The golang packages provide the Go programming language compiler. Security Fixes: golang: net/http, x/net/http2: unlimited number of...

Malicious code in gcc-patch (npm)

--- -= Per source details. Do not edit below this line.=-...

CVE-2022-48744 net/mlx5e: Avoid field-overflowing memcpy()

In the Linux kernel, the following vulnerability has been resolved: net/mlx5e: Avoid field-overflowing memcpy In preparation for FORTIFYSOURCE performing compile-time and run-time field bounds checking for memcpy, memmove, and memset, avoid intentionally writing across neighboring fields. Use...

CLSA-2024-1718787131 gcc: Fix of CVE-2021-3826

CVE-2021-3826: fix buffer overflow in dlanglname function to prevent denial of service...

GHSA-X4GP-PQPJ-F43Q curve25519-dalek has timing variability in `curve25519-dalek`'s `Scalar29::sub`/`Scalar52::sub`

Timing variability of any kind is problematic when working with potentially secret values such as elliptic curve scalars, and such issues can potentially leak private keys and other secrets. Such a problem was recently discovered in curve25519-dalek. The Scalar29::sub 32-bit and Scalar52::sub...