6492 matches found
Astra Linux – Vulnerability in Linux 6.1
In the Linux kernel, the following vulnerability has been resolved: Tracing: A overflow issue in getfreeelt has been fixed. The variable tracingmap-nextelt is at risk of overflowing. Once it overflows, new elements can still be inserted into the tracingmap, even though the maximum number of...
Astra Linux – Vulnerability in Linux 6.1
In the Linux kernel, the following vulnerability has been resolved: net: systemport: a potential memory leak has been fixed in bcmsysportxmit. The function bcmsysportxmit returns NETDEVTXOK without freeing the skb in case of a failure in dmamapsingle. Add devkfreeskb to address this issue...
Astra Linux – Vulnerability in Linux 6.1
In the Linux kernel, the following vulnerability has been resolved: sockmap: Added a condresched function in sockhashfree. Several reports of syzbot soft lockups involve sockhashfree. If a map with a large number of buckets is destroyed, we need to yield the CPU when necessary...
Astra Linux – Vulnerability in Linux 6.1
In the Linux kernel, the following vulnerabilities have been resolved: drivers/virt/acrn: Fixed the PFNMAP PTE checks in acrnvmrammap. The patch series “mm: Improvements to followpte and fixes for acrn followpte”. Patch 1 fixes a number of issues I identified in the acrn driver. It’s just compile...
GHSA-67MH-4WV8-2F99 esbuild enables any website to send any requests to the development server and read the response
Summary esbuild allows any websites to send any request to the development server and read the response due to default CORS settings. Details esbuild sets Access-Control-Allow-Origin: header to all requests, including the SSE connection, which allows any websites to send any request to the...
Azure Linux 3.0 Security Update: hyperv-daemons (CVE-2024-26947)
The version of hyperv-daemons installed on the remote Azure Linux 3.0 host is prior to tested version. It is, therefore, affected by a vulnerability as referenced in the CVE-2024-26947 advisory. - In the Linux kernel, the following vulnerability has been resolved: ARM: 9359/1: flush: check if the...
CVE-2025-23594
Improper Neutralization of Input During Web Page Generation 'Cross-site Scripting' vulnerability in Uzzal Mondal Google Map With Fancybox location-piker allows Reflected XSS.This issue affects Google Map With Fancybox: from n/a through = 2.1.0...
Astra Linux - уязвимость в linux-5.10
In the Linux kernel, the following vulnerability has been resolved: iouring/kbuf: hold iobufferlist reference over mmap If we look up the kbuf, ensure that it doesn't get unregistered until after we're done with it. Since we're inside mmap, we cannot safely use the iouring lock. Rely on the fact...
CVE-2025-23913
Improper Neutralization of Special Elements used in an SQL Command 'SQL Injection' vulnerability in pankajpragma WordPress Google Map Professional google-map-professional allows SQL Injection.This issue affects WordPress Google Map Professional: from n/a through = 1.0...
CVE-2022-47591
Reflected Cross-Site Scripting XSS vulnerability in Mickael Austoni Map Multi Marker plugin = 3.2.1 versions...
Security Bulletin: Vulnerability in source-map-support affects IBM watsonx Assistant for IBM Cloud Pak for Data
Summary Potential vulnerability in all versions of the package source-map-suppor has been identified that affects IBM watsonx Assistant for IBM Cloud Pak for Data. The vulnerability have been addressed. Refer to details for additional information. Vulnerability Details CVEID:CVE-2024-21540...
CVE-2024-52447
Path Traversal: '.../...//' vulnerability in corporatezen222 Contact Page With Google Map contact-page-with-google-map allows Path Traversal.This issue affects Contact Page With Google Map: from n/a through = 1.6.1...
DEBIAN-CVE-2023-52924
In the Linux kernel, the following vulnerability has been resolved: netfilter: nftables: don't skip expired elements during walk There is an asymmetry between commit/abort and preparation phase if the following conditions are met: 1. set is a verdict map "1.2.3.4 : jump foo" 2. timeouts are enabl...
CVE-2024-56267
Improper Neutralization of Input During Web Page Generation 'Cross-site Scripting' vulnerability in html5maps Interactive UK Map interactive-uk-map allows Stored XSS.This issue affects Interactive UK Map: from n/a through = 3.4.8...
CVE-2023-52924 netfilter: nf_tables: don't skip expired elements during walk
In the Linux kernel, the following vulnerability has been resolved: netfilter: nftables: don't skip expired elements during walk There is an asymmetry between commit/abort and preparation phase if the following conditions are met: 1. set is a verdict map "1.2.3.4 : jump foo" 2. timeouts are enabl...
CVE-2024-49606
Improper Neutralization of Input During Web Page Generation 'Cross-site Scripting' vulnerability in DotsquaresLtd Google Map Locations google-map-locations allows Reflected XSS.This issue affects Google Map Locations: from n/a through = 1.0...
CVE-2024-51882
Improper Neutralization of Special Elements used in an SQL Command 'SQL Injection' vulnerability in gopalkumar315 Gboy Custom Google Map gboy-custom-google-map allows Blind SQL Injection.This issue affects Gboy Custom Google Map: from n/a through = 1.2...
CVE-2024-31116
Improper Neutralization of Special Elements used in an SQL Command 'SQL Injection' vulnerability in 10Web 10Web Map Builder for Google Maps.This issue affects 10Web Map Builder for Google Maps: from n/a through 1.0.74...
Important: kernel
Issue Overview: In the Linux kernel, the following vulnerability has been resolved: net: sched: schmultiq: fix possible OOB write in multiqtune CVE-2024-36978 In the Linux kernel, the following vulnerability has been resolved: usb-storage: alauda: Check whether the media is initialized...
CVE-2024-13593
The BMLT Meeting Map plugin for WordPress is vulnerable to Local File Inclusion in all versions up to, and including, 2.6.0 via the 'bmltmeetingmap' shortcode. This makes it possible for authenticated attackers, with Contributor-level access and above, to include and execute arbitrary files on th...