UBUNTU-CVE-2024-50182

In the Linux kernel, the following vulnerability has been resolved: secretmem: disable memfdsecret if arch cannot set direct map Return -ENOSYS from memfdsecret syscall if !cansetdirectmap. This is the case for example on some arm64 configurations, where marking 4k PTEs in the direct map not...

CVE-2024-50211 udf: refactor inode_bmap() to handle error

In the Linux kernel, the following vulnerability has been resolved: udf: refactor inodebmap to handle error Refactor inodebmap to handle error since udfnextaext can return error now. On situations like ftruncate, udfextendfile can now detect errors and bail out early without resorting to checking...

CVE-2024-50182

In the Linux kernel, the following vulnerability has been resolved: secretmem: disable memfdsecret if arch cannot set direct map Return -ENOSYS from memfdsecret syscall if !cansetdirectmap. This is the case for example on some arm64 configurations, where marking 4k PTEs in the direct map not...

CVE-2024-50182 secretmem: disable memfd_secret() if arch cannot set direct map

In the Linux kernel, the following vulnerability has been resolved: secretmem: disable memfdsecret if arch cannot set direct map Return -ENOSYS from memfdsecret syscall if !cansetdirectmap. This is the case for example on some arm64 configurations, where marking 4k PTEs in the direct map not...

SUSE CVE-2024-50162

In the Linux kernel, the following vulnerability has been resolved: bpf: devmap: provide rxq after redirect rxq contains a pointer to the device from where the redirect happened. Currently, the BPF program that was executed after a redirect via BPFMAPTYPEDEVMAP does not have it set. This is...

SUSE CVE-2024-50172

In the Linux kernel, the following vulnerability has been resolved: RDMA/bnxtre: Fix a possible memory leak In bnxtresetupchipctx when bnxtqplibmapdbbar fails driver is not freeing the memory allocated for "rdev-chipctx"...

WordPress Location Click Map Plugin <= 1.0 is vulnerable to Cross Site Scripting (XSS)

Software Location Click Map Type Plugin Vulnerable versions = 1.0 Fixed in N/A OWASP Top 10 A3: Injection Classification Cross Site Scripting XSS CVE CVE-2024-51844 Patch priority Low CVSS severity Low 6.5 Developer Claim ownership PSID 2c5aeb1a3280 Credits LVT-tholv2k Required privilege...

WordPress Gboy Custom Google Map Plugin <= 1.2 is vulnerable to SQL Injection

Software Gboy Custom Google Map Type Plugin Vulnerable versions = 1.2 Fixed in N/A OWASP Top 10 A3: Injection Classification SQL Injection CVE CVE-2024-51882 Patch priority Low CVSS severity Low 8.5 Developer Claim ownership PSID f6723f3242c3 Credits LVT-tholv2k Required privilege Contributor...

WordPress IA Map Analytics Basic Plugin <= 20170413 is vulnerable to Cross Site Scripting (XSS)

Software IA Map Analytics Basic Type Plugin Vulnerable versions = 20170413 Fixed in N/A OWASP Top 10 A3: Injection Classification Cross Site Scripting XSS CVE CVE-2024-51937 Patch priority Low CVSS severity Low 6.5 Developer Claim ownership PSID 4ee8dd041e2f Credits SOPROBRO Required privilege...

WordPress Map Store Locator Plugin <= 1.2.1 is vulnerable to Cross Site Scripting (XSS)

Software Map Store Locator Type Plugin Vulnerable versions = 1.2.1 Fixed in N/A OWASP Top 10 A3: Injection Classification Cross Site Scripting XSS CVE CVE-2024-51920 Patch priority Low CVSS severity Low 6.5 Developer Claim ownership PSID 3bad7bf99174 Credits SOPROBRO Required privilege Contributo...

The vulnerability of the DRM component in the Linux operating system allows a hacker to gain increased privileges within the system.

The vulnerability of the Linux operating system’s kernel DRM component is related to errors in the use of the drmgemprimemmap function after it is freed. Exploiting this vulnerability can allow a hacker to increase their privileges within the system...

CVE-2024-50164

In the Linux kernel, the following vulnerability has been resolved: bpf: Fix overloading of MEMUNINIT's meaning Lonial reported an issue in the BPF verifier where checkmemsizereg has the following code: if !tnumisconstreg-varoff / For unprivileged variable accesses, disable raw mode so that the...

AZL-53144 CVE-2024-50171 affecting package kernel for versions less than 6.6.64.2-1

In the Linux kernel, the following vulnerability has been resolved: net: systemport: fix potential memory leak in bcmsysportxmit The bcmsysportxmit returns NETDEVTXOK without freeing skb in case of dmamapsingle fails, add devkfreeskb to fix it...

AZL-52989 CVE-2024-50172 affecting package kernel for versions less than 6.6.64.2-1

In the Linux kernel, the following vulnerability has been resolved: RDMA/bnxtre: Fix a possible memory leak In bnxtresetupchipctx when bnxtqplibmapdbbar fails driver is not freeing the memory allocated for "rdev-chipctx"...

CVE-2024-50171 net: systemport: fix potential memory leak in bcm_sysport_xmit()

In the Linux kernel, the following vulnerability has been resolved: net: systemport: fix potential memory leak in bcmsysportxmit The bcmsysportxmit returns NETDEVTXOK without freeing skb in case of dmamapsingle fails, add devkfreeskb to fix it...

CVE-2024-10715

The MapPress Maps for WordPress plugin for WordPress is vulnerable to Stored Cross-Site Scripting via the plugin's Map block in all versions up to, and including, 2.94.1 due to insufficient input sanitization and output escaping on user supplied attributes. This makes it possible for authenticate...

PT-2024-16485 · WordPress · Mappress Maps

Name of the Vulnerable Software and Affected Versions: MapPress Maps for WordPress versions up to, and including, 2.94.1 Description: The issue is related to Stored Cross-Site Scripting via the plugin's Map block due to insufficient input sanitization and output escaping on user-supplied...

WordPress plugin MapPress Maps for WordPress 跨站脚本漏洞

WordPress and WordPress plugin are both products of the WordPress Foundation.WordPress is a set of blogging platforms developed using the PHP language. The platform supports setting up personal blog sites on servers with PHP and MySQL.WordPress plugin is an application plugin. A cross-site...

CVE-2024-9867

The Element Pack Elementor Addons Header Footer, Template Library, Dynamic Grid & Carousel, Remote Arrows plugin for WordPress is vulnerable to Stored Cross-Site Scripting via the 'Open Map Widget' markercontent parameter in all versions up to, and including, 5.10.2 due to insufficient input...

CVE-2024-9867 Element Pack Elementor Addons (Header Footer, Template Library, Dynamic Grid & Carousel, Remote Arrows) <= 5.10.2 - Authenticated (Contributor+) Stored Cross-Site Scripting via Open Map Widget

The Element Pack Elementor Addons Header Footer, Template Library, Dynamic Grid & Carousel, Remote Arrows plugin for WordPress is vulnerable to Stored Cross-Site Scripting via the 'Open Map Widget' markercontent parameter in all versions up to, and including, 5.10.2 due to insufficient input...