PT-2024-34972 · Unknown · Kiran Patil Location Click Map

Name of the Vulnerable Software and Affected Versions: Kiran Patil Location Click Map versions n/a through 1.0 Description: The issue is related to Improper Neutralization of Input During Web Page Generation, also known as Cross-site Scripting. This allows for Stored XSS in Kiran Patil Location...

WordPress Contact Page With Google Map plugin <= 1.6.1 - Arbitrary File Deletion vulnerability

Arbitrary File Deletion vulnerability discovered by Mika Patchstack Alliance in WordPress Plugin Contact Page With Google Map versions = 1.6.1...

xorg-x11-server: tigervnc: heap-based buffer overflow privilege escalation vulnerability

A flaw was found in the X.org server. Due to improperly tracked allocation size in XkbSetCompatMap, a local attacker may be able to trigger a buffer overflow condition via a specially crafted payload, leading to denial of service or local privilege escalation in distributions where the X.org serv...

xorg-x11-server: tigervnc: heap-based buffer overflow privilege escalation vulnerability

A flaw was found in the X.org server. Due to improperly tracked allocation size in XkbSetCompatMap, a local attacker may be able to trigger a buffer overflow condition via a specially crafted payload, leading to denial of service or local privilege escalation in distributions where the X.org serv...

WordPress Contact Page With Google Map Plugin <= 1.6.1 is vulnerable to Arbitrary File Deletion

Software Contact Page With Google Map Type Plugin Vulnerable versions = 1.6.1 Fixed in N/A OWASP Top 10 A1: Broken Access Control Classification Arbitrary File Deletion CVE CVE-2024-52447 Patch priority High CVSS severity High 8.6 Developer Claim ownership PSID 5441375409ba Credits Mika Required...

LibreNMS has a Persistent XSS from Insecure Input Sanitization Affects Multiple Endpoints

Summary The application fail to sanitising inputs properly and rendering the code from user input to browser which allow an attacker to execute malicious javascript code. Details User with Admin role can edit the Display Name of a device, the application did not properly sanitize the user input i...

The vulnerability of the xhci kernel component in Linux operating systems allows a hacker to trigger a service failure.

The vulnerability of the xhci component in Linux operating systems is related to the assignment of the NULL pointer in the xhcimaptempbuffer function. Exploiting this vulnerability can allow an attacker to cause a service failure...

xorg-x11-server: tigervnc: heap-based buffer overflow privilege escalation vulnerability

A flaw was found in the X.org server. Due to improperly tracked allocation size in XkbSetCompatMap, a local attacker may be able to trigger a buffer overflow condition via a specially crafted payload, leading to denial of service or local privilege escalation in distributions where the X.org serv...

CVE-2024-50971

A SQL injection vulnerability in print.php of Itsourcecode Construction Management System 1.0 allows remote attackers to execute arbitrary SQL commands via the mapid parameter...

CVE-2024-21540

Rejected reason: This issue is not a vulnerability because no real attack scenario can happen...

CVE-2024-21540

...

CVE-2024-21540

...

CVE-2024-21540

CVE-2024-21540: Directory Traversal in the retrieveSourceMap function of the source-map-support package. Affected IBM products (as per IBM security bulletins) include Instana/Process Mining and IBM Event Processing components, with multiple builds affected. Root cause: improper handling of pathna...

itsourcecode Construction Management System SQL注入漏洞

itsourcecode Construction Management System is a construction management system from itsourcecode, Inc. A security vulnerability exists in itsourcecode Construction Management System version 1.0, which stems from a SQL injection vulnerability that allows remote attackers to execute arbitrary SQL...

PT-2024-34481 · Unknown · Itsourcecode Construction Management System

Name of the Vulnerable Software and Affected Versions: Itsourcecode Construction Management System version 1.0 Description: A SQL injection issue in the print.php file allows remote attackers to execute arbitrary SQL commands via the map id parameter. This enables attackers to potentially extract...

编号撤回

npm Source Map Support is a library from npm USA. This CVE number has been withdrawn...

kernel: hwmon: (coretemp) Fix out-of-bounds memory access

In the Linux kernel, the following vulnerability has been resolved: hwmon: coretemp Fix out-of-bounds memory access Fix a bug that pdata-cpumap is set before out-of-bounds check. The problem might be triggered on systems with more than 128 cores per package...

kernel: bpf: Check rcu_read_lock_trace_held() before calling bpf map helpers

In the Linux kernel, the following vulnerability has been resolved: bpf: Check rcureadlocktraceheld before calling bpf map helpers These three bpfmaplookup,update,deleteelem helpers are also available for sleepable bpf program, so add the corresponding lock assertion for sleepable bpf program,...

kernel: usb: xhci: Add error handling in xhci_map_urb_for_dma

In the Linux kernel, the following vulnerability has been resolved: usb: xhci: Add error handling in xhcimapurbfordma The Linux kernel CVE team has assigned CVE-2024-26964 to this issue. Upstream advisory: https://lore.kernel.org/linux-cve-announce/2024050130-CVE-2024-26964-54c8@gregkh/T...

kernel: tracing: Ensure visibility when inserting an element into tracing_map

In the Linux kernel, the following vulnerability has been resolved: tracing: Ensure visibility when inserting an element into tracingmap The Linux kernel CVE team has assigned CVE-2024-26645 to this issue. Upstream advisory:...