WordPress Guten Post Layout plugin <= 1.2.4 - Authenticated (Contributor+) Stored Cross-Site Scripting via align Attribute vulnerability

Authenticated Contributor+ Stored Cross-Site Scripting via align Attribute vulnerability discovered by Francesco Carlucci in WordPress Plugin Guten Post Layout versions = 1.2.4...

CVE-2024-8288

CVE-2024-8288 – Guten Post Layout (WordPress) : Stored Cross-Site Scripting via the align attribute in the Gutenberg block wp:guten-post-layout/post-grid, affecting all versions up to 1.2.4. The root cause is insufficient input sanitization and output escaping, enabling an authenticated attacker ...

CVE-2024-8288 Guten Post Layout – An Advanced Post Grid Collection for WordPress Gutenberg <= 1.2.4 - Authenticated (Contributor+) Stored Cross-Site Scripting via align Attribute

The Guten Post Layout – An Advanced Post Grid Collection for WordPress Gutenberg plugin for WordPress is vulnerable to Stored Cross-Site Scripting via the ‘align’ attribute within the 'wp:guten-post-layout/post-grid' Gutenberg block in all versions up to, and including, 1.2.4 due to insufficient...

Google Chrome < 129.0.6668.89 Multiple Vulnerabilities

The version of Google Chrome installed on the remote Windows host is prior to 129.0.6668.89. It is, therefore, affected by multiple vulnerabilities as referenced in the 202410stable-channel-update-for-desktop advisory. - This CVE was assigned by Chrome. Microsoft Edge Chromium-based ingests...

WordPress plugin Guten Post Layout 跨站脚本漏洞

WordPress and WordPress plugin are both products of the WordPress Foundation.WordPress is a blogging platform developed using the PHP language. The platform supports setting up personal blog sites on servers with PHP and MySQL.WordPress plugin is an application plug-in. A cross-site scripting...

WordPress Guten Post Layout Plugin <= 1.2.4 is vulnerable to Cross Site Scripting (XSS)

Software Guten Post Layout Type Plugin Vulnerable versions = 1.2.4 Fixed in N/A OWASP Top 10 A7: Cross-Site Scripting XSS Classification Cross Site Scripting XSS CVE CVE-2024-8288 Patch priority Low CVSS severity Low 6.5 Developer Claim ownership PSID 0bbd252985fb Credits Francesco Carlucci...

PT-2024-38916 · WordPress · The Guten Post Layout

Name of the Vulnerable Software and Affected Versions: The Guten Post Layout – An Advanced Post Grid Collection for WordPress versions up to, and including, 1.2.4 Description: The issue is related to Stored Cross-Site Scripting via the align attribute within the 'wp:guten-post-layout/post-grid'...

MAL-2024-9042 Malicious code in o-layout (npm)

--- -= Per source details. Do not edit below this line.=- Source: ghsa-malware b6d737f5ee09d703e74c23a6e240e943dacba7722152cb737b6e67feeda7bfeb Any computer that has this package installed or running should be considered fully compromised. All secrets and keys stored on that computer should be...

Malicious code in o-layout (npm)

--- -= Per source details. Do not edit below this line.=- Source: ghsa-malware b6d737f5ee09d703e74c23a6e240e943dacba7722152cb737b6e67feeda7bfeb Any computer that has this package installed or running should be considered fully compromised. All secrets and keys stored on that computer should be...

kernel: NFSv4/pnfs: Fix a use-after-free bug in open

In the Linux kernel, the following vulnerability has been resolved: NFSv4/pnfs: Fix a use-after-free bug in open If someone cancels the open RPC call, then we must not try to free either the open slot or the layoutget operation arguments, since they are likely still in use by the hung RPC call...

kernel: x86: stop playing stack games in profile_pc()

In the Linux kernel, the following vulnerability has been resolved: x86: stop playing stack games in profilepc The 'profilepc' function is used for timer-based profiling, which isn't really all that relevant any more to begin with, but it also ends up making assumptions based on the stack layout...

The vulnerability in the Adobe Media Encoder application relates to the execution of operations beyond the buffer boundaries in memory, allowing an attacker to circumvent the ASLR protection mechanism.

The vulnerability of the Adobe Media Encoder application relates to the execution of operations beyond the buffer boundaries in memory. Exploiting this vulnerability can allow an attacker to bypass the ASLR protection mechanism by using a specially created malicious file...

PT-2024-6710 · Google +3 · Google Chrome +3

Name of the Vulnerable Software and Affected Versions: Google Chrome versions prior to 129.0.6668.89 Description: The issue is related to an integer overflow in the Layout component of Google Chrome, which can lead to heap corruption. This can be exploited by a remote attacker using a crafted HTM...

PT-2024-30259 · Rws · Rws Multitrans

Name of the Vulnerable Software and Affected Versions: RWS MultiTrans versions 7.0.23324.2 and earlier Description: The issue allows attackers to alter the HTML-layout and possibly execute a phishing attack via a crafted payload injected into a sent e-mail. Recommendations: For RWS MultiTrans...

Vulnerability of the H5O__layout_decode() function in the H5Olayout.c file of the HDF5 library, which allows a hacker to cause a service failure.

The vulnerability of the H5Olayoutdecode function in the H5Olayout.c file, a HDF5 library, involves reading data beyond the memory bounds. Exploiting this vulnerability could allow an attacker to cause a service failure...

The vulnerability of the H5O__layout_encode() function in the H5Olayout.c file of the HDF5 library allows a attacker to compromise the confidentiality, integrity, and accessibility of the protected information.

The vulnerability of the H5Olayoutencode function in the H5Olayout.c file of the HDF5 library is related to buffer overflow in the queue. Exploiting this vulnerability could allow an attacker to compromise the confidentiality, integrity, and accessibility of the protected information...

CVE-2024-45111

Illustrator versions 28.6, 27.9.5 and earlier are affected by an out-of-bounds read vulnerability that could lead to disclosure of sensitive memory. An attacker could leverage this vulnerability to bypass mitigations such as ASLR. Exploitation of this issue requires user interaction in that a...

CVE-2024-39385

Premiere Pro versions 24.5, 23.6.8 and earlier are affected by a Use After Free vulnerability that could lead to disclosure of sensitive memory. An attacker could leverage this vulnerability to bypass mitigations such as ASLR. Exploitation of this issue requires user interaction in that a victim...

SUSE CVE-2024-45030

In the Linux kernel, the following vulnerability has been resolved: igb: cope with large MAXSKBFRAGS Sabrina reports that the igb driver does not cope well with large MAXSKBFRAG values: setting MAXSKBFRAG to 45 causes payload corruption on TX. An easy reproducer is to run ssh to connect to the...

The vulnerability of Adobe InDesign’s computer layout automation tool, related to the execution of operations beyond buffer boundaries in memory, allows attackers to bypass the ASLR protection mechanism and gain unauthorized access to protected information.

The vulnerability of Adobe InDesign’s computer layout automation tool is related to the execution of operations beyond the buffer boundaries in memory. Exploiting this vulnerability could allow an attacker to bypass the ASLR protection mechanism and gain unauthorized access to protected informati...