36104 matches found
BELL-CVE-2024-46806
Bulletin has no description...
Mozilla: Information disclosure on password cancel endpoint
The password reset cancellation process disclosed the user's IP address in the email sent to the user upon cancellation. This information disclosure vulnerability was exploited to obtain the IP address of a user by tricking them into submitting the password reset cancellation request...
CVE-2024-7491 HUSKY – Products Filter Professional for WooCommerce <= 1.3.6.1 - Insecure Direct Object Reference to Unsubscribe
The HUSKY – Products Filter Professional for WooCommerce plugin for WordPress is vulnerable to Insecure Direct Object Reference in all versions up to, and including, 1.3.6.1 via the woofmessengerremovesubscr AJAX action due to missing validation on the 'key' user controlled key. This makes it...
CVE-2024-7491
The CVE-2024-7491 entry concerns HUSKY – Products Filter Professional for WooCommerce for WordPress. It is an Insecure Direct Object Reference via the woof_messenger_remove_subscr AJAX action, caused by missing validation on the user-controlled key. Affected versions are up to and including 1.3.6...
WordPress plugin HUSKY 安全漏洞
WordPress and WordPress plugin are both products of the WordPress Foundation.WordPress is a set of blogging platforms developed using the PHP language. The platform supports setting up personal blog sites on servers with PHP and MySQL.WordPress plugin is an application plugin. A security...
kernel: wifi: iwlwifi: mvm: don't read past the mfuart notifcation
In the Linux kernel, the following vulnerability has been resolved: wifi: iwlwifi: mvm: don't read past the mfuart notifcation In case the firmware sends a notification that claims it has more data than it has, we will read past that was allocated for the notification. Remove the print of the...
kernel: wifi: iwlwifi: mvm: don't read past the mfuart notifcation
In the Linux kernel, the following vulnerability has been resolved: wifi: iwlwifi: mvm: don't read past the mfuart notifcation In case the firmware sends a notification that claims it has more data than it has, we will read past that was allocated for the notification. Remove the print of the...
CVE-2024-42861
An issue in IEEE 802.1AS linuxptp v.4.2 and before allowing a remote attacker to cause a denial of service via a crafted PdelayReq message to the time synchronization function...
SUSE CVE-2024-8388
Multiple prompts and panels from both Firefox and the Android OS could be used to obscure the notification announcing the transition to fullscreen mode after the fix for CVE-2023-6870 in Firefox 121. This could lead to spoofing the browser UI if the sudden appearance of the prompt distracted the...
CVE-2024-47059
When logging in with the correct username and incorrect weak password, the user receives the notification, that their password is too weak. However when an incorrect username is provided alongside with a weak password, the application responds with ’Invalid credentials’ notification. This...
CVE-2024-46979
XWiki Platform is a generic wiki platform offering runtime services for applications built on top of it. It's possible to get access to notification filters of any user by using a URL such as...
CVE-2024-46978
XWiki Platform is a generic wiki platform offering runtime services for applications built on top of it. It's possible for any user knowing the ID of a notification filter preference of another user, to enable/disable it or even delete it. The impact is that the target user might start loosing...
CVE-2024-46978
CVE-2024-46978 concerns XWiki Platform. Public documentation confirms a vulnerability where an attacker who knows another user’s notification filter ID can enable/disable or delete that filter, potentially causing the target to miss page notifications. Root cause: insufficient privilege checks wh...
CVE-2024-46978 Missing checks for notification filter preferences editions in XWiki Platform
XWiki Platform is a generic wiki platform offering runtime services for applications built on top of it. It's possible for any user knowing the ID of a notification filter preference of another user, to enable/disable it or even delete it. The impact is that the target user might start loosing...
CVE-2024-46978 Missing checks for notification filter preferences editions in XWiki Platform
XWiki Platform is a generic wiki platform offering runtime services for applications built on top of it. It's possible for any user knowing the ID of a notification filter preference of another user, to enable/disable it or even delete it. The impact is that the target user might start loosing...
CVE-2024-46978 Missing checks for notification filter preferences editions in XWiki Platform
XWiki Platform is a generic wiki platform offering runtime services for applications built on top of it. It's possible for any user knowing the ID of a notification filter preference of another user, to enable/disable it or even delete it. The impact is that the target user might start loosing...
CVE-2024-46979 Data leak of notification filters of users in XWiki Platform
XWiki Platform is a generic wiki platform offering runtime services for applications built on top of it. It's possible to get access to notification filters of any user by using a URL such as...
CVE-2024-46979 Data leak of notification filters of users in XWiki Platform
XWiki Platform is a generic wiki platform offering runtime services for applications built on top of it. It's possible to get access to notification filters of any user by using a URL such as...
CVE-2024-46979 Data leak of notification filters of users in XWiki Platform
XWiki Platform is a generic wiki platform offering runtime services for applications built on top of it. It's possible to get access to notification filters of any user by using a URL such as...
CVE-2024-46979
CVE-2024-46979 affects XWiki Platform (all versions since 13.2-rc-1). The issue allows access to any user’s notification filters via a URL like /bin/get/XWiki/Notifications/Code/NotificationFilterPreferenceLivetableResults, revealing data that is largely references/public but could be combined wi...