3796 matches found
CVE-2024-41603
The CVE-2024-41603 entry applies to Spina CMS v2.18.0, where a Cross-Site Request Forgery (CSRF) vulnerability exists through the /admin/layout endpoint. The issue is described as a CSRF in the admin layout API, with CVSS v3.1 metrics: Network attack, low complexity, no privileges, user interacti...
PT-2024-29460 · Spina Cms · Spina Cms
Name of the Vulnerable Software and Affected Versions: Spina CMS version 2.18.0 Description: A Cross-Site Request Forgery CSRF issue was found in Spina CMS. The issue is related to the API endpoint "/admin/layout". Recommendations: For Spina CMS version 2.18.0, as a temporary workaround, consider...
CVE-2024-6164
The Filter & Grids WordPress plugin before 2.8.33 is vulnerable to Local File Inclusion via the postlayout parameter. This makes it possible for an unauthenticated attacker to include and execute PHP files on the server, allowing the execution of any PHP code in those files...
PT-2024-37424 · WordPress · Filter & Grids
Name of the Vulnerable Software and Affected Versions: The Filter & Grids WordPress plugin versions prior to 2.8.33 Description: The issue allows an unauthenticated attacker to include and execute PHP files on the server via the post layout parameter, enabling the execution of any PHP code in tho...
CVE-2024-41009
In the Linux kernel, the following vulnerability has been resolved: bpf: Fix overrunning reservations in ringbuf The BPF ring buffer internally is implemented as a power-of-2 sized circular buffer, with two logical and ever-increasing counters: consumerpos is the consumer counter to show which...
CVE-2024-41009 bpf: Fix overrunning reservations in ringbuf
In the Linux kernel, the following vulnerability has been resolved: bpf: Fix overrunning reservations in ringbuf The BPF ring buffer internally is implemented as a power-of-2 sized circular buffer, with two logical and ever-increasing counters: consumerpos is the consumer counter to show which...
CVE-2024-41009
CVE-2024-41009 concerns the Linux kernel BPF ring buffer (MAP_TYPE_RINGBUF). The issue arose from the ringbuf memory layout allowing a second chunk to overlap the first when producer/consumer counters were manipulated, enabling edits to a header by a BPF program and potentially triggering a crash...
CVE-2024-41009 bpf: Fix overrunning reservations in ringbuf
In the Linux kernel, the following vulnerability has been resolved: bpf: Fix overrunning reservations in ringbuf The BPF ring buffer internally is implemented as a power-of-2 sized circular buffer, with two logical and ever-increasing counters: consumerpos is the consumer counter to show which...
The vulnerability of the 3D model texturing program Adobe Substance 3D Designer, related to reading data beyond the buffer in memory, allows attackers to bypass the ASLR protection and gain unauthorized access to protected information.
The vulnerability of the 3D model texturing program Adobe Substance 3D Designer relates to reading data outside the buffer boundaries in memory. Exploiting this vulnerability can allow an attacker to bypass the ASLR protection and gain unauthorized access to protected information using a speciall...
CVE-2024-34140
Bridge versions 14.0.4, 13.0.7, 14.1 and earlier are affected by an out-of-bounds read vulnerability that could lead to disclosure of sensitive memory. An attacker could leverage this vulnerability to bypass mitigations such as ASLR. Exploitation of this issue requires user interaction in that a...
CVE-2024-21730 [20240702] - Core - Self-XSS in fancyselect list field layout
The fancyselect list field layout does not correctly escape inputs, leading to a self-XSS vector...
CVE-2024-21730
CVE-2024-21730 describes a self-XSS in Joomla! core tied to the fancyselect list field layout, where inputs are not properly escaped. The vulnerability enables a self-XSS vector and requires user interaction for exploitation (per CVSS: UI:R, I:L, C:L). Reports consistently identify this as part o...
SUSE CVE-2024-26482
An HTML injection vulnerability exists in the Edit Content Layout module of Kirby CMS v4.1.0. NOTE: the vendor disputes the significance of this report because some HTML formatting such as with an H1 element is allowed, but there is backend sanitization such that the reporter's mentioned "injecti...
Joomla! Security Vulnerabilities
Joomla! is a set of forum components used in the Joomla! content management system. A security vulnerability exists in Joomla! that stems from a list field layout that does not properly escape input, which can lead to a cross-site scripting XSS vulnerability...
Malicious code in sap.ui.layout (npm)
--- -= Per source details. Do not edit below this line.=-...
MAL-2024-2597 Malicious code in @panel-layout/layout (npm)
--- -= Per source details. Do not edit below this line.=-...
The vulnerability of Adobe Audition relates to the operation of operations beyond buffer boundaries in memory. This allows attackers to exploit the protected information and bypass the ASLR protection mechanism.
The vulnerability of Adobe Audition is related to the execution of operations beyond the buffer in memory. Exploiting this vulnerability can allow an attacker to disclose protected information and bypass the ASLR protection mechanism...
CVE-2024-4626
The JetWidgets For Elementor plugin for WordPress is vulnerable to Stored Cross-Site Scripting via the ‘layouttype’ and 'id' parameters in all versions up to, and including, 1.0.17 due to insufficient input sanitization and output escaping. This makes it possible for authenticated attackers, with...
PT-2024-4223 · Adobe · Media Encoder
Name of the Vulnerable Software and Affected Versions: Adobe Media Encoder versions 23.6.5, 24.3 and earlier Description: The issue is related to an out-of-bounds read vulnerability in the Adobe Media Encoder application, which could allow an attacker to disclose sensitive memory information. Thi...
Joomla core 4.0.0-4.4.5,5.0.0-5.1.1 - Authenticated Self-XSS in fancyselect list field layout vulnerability
Authenticated Self-XSS in fancyselect list field layout vulnerability discovered by ? in WordPress Core Joomla versions 4.0.0-4.4.5,5.0.0-5.1.1...