CVE-2024-13550

The ABC Notation plugin for WordPress is vulnerable to Path Traversal in all versions up to, and including, 6.1.3 via the 'file' attribute of the 'abcjs' shortcode. This makes it possible for authenticated attackers, with Contributor-level access and above, to read the contents of arbitrary files...

PT-2025-2216 · WordPress · Abc Notation

Name of the Vulnerable Software and Affected Versions: ABC Notation plugin for WordPress versions up to, and including, 6.1.3 Description: The issue allows authenticated attackers, with Contributor-level access and above, to read the contents of arbitrary files on the server, which can contain...

CVE-2024-44148

This issue was addressed with improved validation of file attributes. This issue is fixed in macOS Sequoia 15. An app may be able to break out of its sandbox...

PT-2024-30984 · Apple · Apple Macos

Name of the Vulnerable Software and Affected Versions: macOS versions prior to 15 Description: The issue allows an app to potentially break out of its sandbox due to inadequate validation of file attributes. This has been addressed with improved validation. Recommendations: For versions prior to...

kernel: NFSv4: Fix memory leak in nfs4_set_security_label

A vulnerability was found in the nfs4setsecuritylabel in the Linux kernel, where the function fails to free the nfsfattr attribute before exiting, leaving said memory allocation present. As the nfs4setsecuritylabel is called repeatedly over time, this may lead to memory exhaustion...

CVE-2023-40261

Diebold Nixdorf Vynamic Security Suite VSS before 3.3.0 SR17, 4.0.0 SR07, 4.1.0 SR04, 4.2.0 SR04, and 4.3.0 SR02 fails to validate file attributes during the Pre-Boot Authorization PBA process. This can be exploited by a physical attacker who is able to manipulate the contents of the system's har...

Apache OFBiz Server-Side Request Forgery Vulnerability

Apache OFBiz is the United States Apache Apache Foundation of a set of enterprise resource planning ERP system. The system provides a set of Java-based Web application components and tools. Apache OFBiz suffers from a server-side request forgery vulnerability that can be exploited by an attacker ...

AlmaLinux 8 : opensc (ALSA-2020:4483)

The remote AlmaLinux 8 host has a package installed that is affected by multiple vulnerabilities as referenced in the ALSA-2020:4483 advisory. - OpenSC before 0.20.0-rc1 has an out-of-bounds access of an ASN.1 Bitstring in decodebitstring in libopensc/asn1.c. CVE-2019-15945 - OpenSC before...

Security update for opensc (moderate)

openSUSE Security Update: Security update for opensc Announcement ID: openSUSE-SU-2021:0565-1 Rating: moderate References: 1149746 1149747 1158256 1158307 1170809 1177364 1177378 1177380 Cross-References: CVE-2019-15945 CVE-2019-15946 CVE-2019-19479 CVE-2019-19480 CVE-2019-20792 CVE-2020-26570...

NewStart CGSL MAIN 6.02 : opensc Multiple Vulnerabilities (NS-SA-2021-0080)

The remote NewStart CGSL host, running version MAIN 6.02, has opensc packages installed that are affected by multiple vulnerabilities: - OpenSC before 0.20.0-rc1 has an out-of-bounds access of an ASN.1 Octet string in asn1decodeentry in libopensc/asn1.c. CVE-2019-15946 - OpenSC before 0.20.0-rc1...

opensc: Incorrect read operation during parsing of a SETCOS file attribute

An issue was discovered in OpenSC through 0.19.0 and 0.20.x through 0.20.0-rc3. libopensc/card-setcos.c has an incorrect read operation during parsing of a SETCOS file attribute...

Debian DLA-2046-1 : opensc security update

An issue was discovered in libopensc/card-setcos.c in OpenSC, which has an incorrect read operation during parsing of a SETCOS file attribute. For Debian 8 'Jessie', this problem has been fixed in version 0.16.0-3+deb8u2. We recommend that you upgrade your opensc packages. NOTE: Tenable Network...

[SECURITY] [DLA 2046-1] opensc security update

Package : opensc Version : 0.16.0-3+deb8u2 CVE ID : CVE-2019-19479 An issue was discovered in libopensc/card-setcos.c in OpenSC, which has an incorrect read operation during parsing of a SETCOS file attribute. For Debian 8 "Jessie", this problem has been fixed in version 0.16.0-3+deb8u2. We...

CVE-2019-19479

An issue was discovered in OpenSC through 0.19.0 and 0.20.x through 0.20.0-rc3. libopensc/card-setcos.c has an incorrect read operation during parsing of a SETCOS file attribute...

CVE-2019-19479

An issue was discovered in OpenSC through 0.19.0 and 0.20.x through 0.20.0-rc3. libopensc/card-setcos.c has an incorrect read operation during parsing of a SETCOS file attribute...

CVE-2019-19479

An issue was discovered in OpenSC through 0.19.0 and 0.20.x through 0.20.0-rc3. libopensc/card-setcos.c has an incorrect read operation during parsing of a SETCOS file attribute...

CVE-2019-19479

An issue was discovered in OpenSC through 0.19.0 and 0.20.x through 0.20.0-rc3. libopensc/card-setcos.c has an incorrect read operation during parsing of a SETCOS file attribute...

SiteServer CMS 3.5 background upload WEBSHELL-vulnerability warning-the black bar safety net

Version number: SiteServer CMS 3.5 Background,Upload a single GIF format Trojan. Then,through the site, file management,modify the file name,you can modify the picture Trojan horse in the format . aspx Version number: SiteServer CMS 3.5 http://demo2.siteserver.cn/siteserver/login.aspx Account:...

kernel security and bug fix update

2.6.9-89.31.1.0.1.EL - XEN fix cpu hotplug crash Joe Jin orabug 7521308 - XEN Bring up vcpus before khelper init Joe Jin orabug 7521308 - XEN flush the tlb cache immediately Dave McCracken, Scott Shi orabug 9138767 - fix skb alignment that was causing sendto to fail with EFAULT Olaf Kirch orabug...

kernel security and bug fix update

2.6.9-89.0.26.0.1.EL - XEN fix cpu hotplug crash Joe Jin orabug 7521308 - XEN Bring up vcpus before khelper init Joe Jin orabug 7521308 - XEN flush the tlb cache immediately Dave McCracken, Scott Shi orabug 9138767 - fix skb alignment that was causing sendto to fail with EFAULT Olaf Kirch orabug...