Linux kernel 安全漏洞

Linux kernel is the kernel used by Linux, the open source operating system of the Linux Foundation in the United States. A security vulnerability exists in the Linux kernel that stems from the fact that under certain circumstances, the nvme command may exhaust all of adminq's labels if it issues...

Backdrop CMS does not sufficiently sanitize field labels before they are displayed in certain places

Backdrop CMS before 1.27.3 and 1.28.x before 1.28.2 does not sufficiently sanitize field labels before they are displayed in certain places. This vulnerability is mitigated by the fact that an attacker must have a role with the "administer fields" permission...

GHSA-3WMX-48G3-X66G Backdrop CMS does not sufficiently sanitize field labels before they are displayed in certain places

Backdrop CMS before 1.27.3 and 1.28.x before 1.28.2 does not sufficiently sanitize field labels before they are displayed in certain places. This vulnerability is mitigated by the fact that an attacker must have a role with the "administer fields" permission...

CVE-2024-41709

Backdrop CMS before 1.27.3 and 1.28.x before 1.28.2 does not sufficiently sanitize field labels before they are displayed in certain places. This vulnerability is mitigated by the fact that an attacker must have a role with the "administer fields" permission...

CVE-2024-41709

Backdrop CMS before 1.27.3 and 1.28.x before 1.28.2 does not sufficiently sanitize field labels before they are displayed in certain places. This vulnerability is mitigated by the fact that an attacker must have a role with the "administer fields" permission...

CVE-2024-41709

Backdrop CMS before 1.27.3 and 1.28.x before 1.28.2 does not sufficiently sanitize field labels before they are displayed in certain places. This vulnerability is mitigated by the fact that an attacker must have a role with the "administer fields" permission...

CVE-2024-41709

Backdrop CMS contains an input sanitization flaw in field labels that is triggered when rendering in certain UI paths. Affected versions are 1.27.3 and 1.28.x prior to 1.28.2; exploitation requires a user with the administer fields permission. Remediation: upgrade to Backdrop CMS 1.27.3 or 1.28.2...

CVE-2024-6506

Information exposure vulnerability in the MRW plugin, in its 5.4.3 version, affecting the "mrwlog" functionality. This vulnerability could allow a remote attacker to obtain other customers' order information and access sensitive information such as name and phone number. This vulnerability also...

CVE-2024-6506 Information exposure vulnerability in the MRW plug-in

Information exposure vulnerability in the MRW plugin, in its 5.4.3 version, affecting the "mrwlog" functionality. This vulnerability could allow a remote attacker to obtain other customers' order information and access sensitive information such as name and phone number. This vulnerability also...

CVE-2024-6506

CVE-2024-6506 affects MRW plugin version 5.4.3, specifically the mrw_log functionality. The exposed data includes other customers’ order information and sensitive fields such as names and phone numbers, with an ability to create or overwrite shipping labels. The CVSSv3.1 base score is 8.2 (HIGH) ...

CVE-2024-6506 Information exposure vulnerability in the MRW plug-in

Information exposure vulnerability in the MRW plugin, in its 5.4.3 version, affecting the "mrwlog" functionality. This vulnerability could allow a remote attacker to obtain other customers' order information and access sensitive information such as name and phone number. This vulnerability also...

PT-2024-37676 · Unknown · Mrw Plugin

Name of the Vulnerable Software and Affected Versions: MRW plugin version 5.4.3 Description: The issue is an information exposure vulnerability affecting the "mrw log" functionality. This could allow a remote attacker to obtain other customers' order information and access sensitive information...

BIT-HUBBLE-UI-BACKEND-2023-39347

Cilium is a networking, observability, and security solution with an eBPF-based dataplane. An attacker with the ability to update pod labels can cause Cilium to apply incorrect network policies. This issue arises due to the fact that on pod update, Cilium incorrectly uses user-provided pod labels...

BIT-HUBBLE-UI-2023-39347

Cilium is a networking, observability, and security solution with an eBPF-based dataplane. An attacker with the ability to update pod labels can cause Cilium to apply incorrect network policies. This issue arises due to the fact that on pod update, Cilium incorrectly uses user-provided pod labels...

BIT-CILIUM-PROXY-2023-39347

Cilium is a networking, observability, and security solution with an eBPF-based dataplane. An attacker with the ability to update pod labels can cause Cilium to apply incorrect network policies. This issue arises due to the fact that on pod update, Cilium incorrectly uses user-provided pod labels...

Malicious code in remove-pr-labels (npm)

--- -= Per source details. Do not edit below this line.=-...

MAL-2024-2957 Malicious code in remove-pr-labels (npm)

--- -= Per source details. Do not edit below this line.=-...

CVE-2022-48724

In the Linux kernel, the following vulnerability has been resolved: iommu/vt-d: Fix potential memory leak in intelsetupirqremapping After commit e3beca48a45b "irqdomain/treewide: Keep firmware node unconditionally allocated". For tear down scenario, fn is only freed after fail to allocate irdomai...

CVE-2024-35675

Improper Neutralization of Input During Web Page Generation XSS or 'Cross-site Scripting' vulnerability in ILLID Advanced Woo Labels allows Cross-Site Scripting XSS.This issue affects Advanced Woo Labels: from n/a through 1.93...

CVE-2024-35675

Improper Neutralization of Input During Web Page Generation XSS or 'Cross-site Scripting' vulnerability in ILLID Advanced Woo Labels allows Cross-Site Scripting XSS.This issue affects Advanced Woo Labels: from n/a through 1.93...