Medium: kernel

Issue Overview: In the Linux kernel, the following vulnerability has been resolved: tls: fix race between async notify and socket close The submitting thread one which called recvmsg/sendmsg may exit as soon as the async crypto handler calls complete so any code past that point risks touching...

CVE-2024-34567 WordPress Easy Notify Lite plugin <= 1.1.29 - Cross Site Scripting (XSS) vulnerability

Improper Neutralization of Input During Web Page Generation XSS or 'Cross-site Scripting' vulnerability in GhozyLab, Inc. Popup Builder allows Stored XSS.This issue affects Popup Builder: from n/a through 1.1.29...

CVE-2024-34567 WordPress Easy Notify Lite plugin <= 1.1.29 - Cross Site Scripting (XSS) vulnerability

Improper Neutralization of Input During Web Page Generation XSS or 'Cross-site Scripting' vulnerability in GhozyLab, Inc. Popup Builder allows Stored XSS.This issue affects Popup Builder: from n/a through 1.1.29...

WordPress Easy Notify Lite plugin <= 1.1.29 - Cross Site Scripting (XSS) vulnerability

Cross Site Scripting XSS vulnerability discovered by Rayhan Ramdhany Hanaputra Patchstack Alliance in WordPress Plugin Popup Builder versions = 1.1.29...

SUSE CVE-2024-27400

In the Linux kernel, the following vulnerability has been resolved: drm/amdgpu: once more fix the call oder in amdgputtmmove v2 This reverts drm/amdgpu: fix ftrace event amdgpubomove always move on same heap. The basic problem here is that after the move the old location is simply not available a...

SUSE CVE-2024-32650

Rustls is a modern TLS library written in Rust. rustls::ConnectionCommon::completeio could fall into an infinite loop based on network input. When using a blocking rustls server, if a client send a closenotify message immediately after clienthello, the server's completeio will get in an infinite...

DEBIAN-CVE-2024-32650

Rustls is a modern TLS library written in Rust. rustls::ConnectionCommon::completeio could fall into an infinite loop based on network input. When using a blocking rustls server, if a client send a closenotify message immediately after clienthello, the server's completeio will get in an infinite...

`rustls::ConnectionCommon::complete_io` could fall into an infinite loop based on network input

If a closenotify alert is received during a handshake, completeio does not terminate. Callers which do not call completeio are not affected. rustls-tokio and rustls-ffi do not call completeio and are not affected. rustls::Stream and rustls::StreamOwned types use completeio and are affected...

SUSE CVE-2024-26852

In the Linux kernel, the following vulnerability has been resolved: net/ipv6: avoid possible UAF in ip6routempathnotify syzbot found another use-after-free in ip6routempathnotify 1 Commit f7225172f25a "net/ipv6: prevent use after free in ip6routempathnotify" was not able to fix the root cause. We...

Rustls 安全漏洞

Rustls is a modern TLS library in Rust open-sourced by Rustls. A security vulnerability exists in Rustls versions prior to 0.23.5, 0.22.4, and 0.21.11, which stems from an infinite loop in the server's completeio if a client sends a closenotify message immediately after clienthello when using a...

PT-2024-24744

Name of the Vulnerable Software and Affected Versions rustls versions prior to 0.21.11 rustls versions prior to 0.22.4 rustls versions prior to 0.23.5 Description The rustls::ConnectionCommon::complete io function could fall into an infinite loop based on network input. When using a blocking rust...

DEBIAN-CVE-2024-26852

In the Linux kernel, the following vulnerability has been resolved: net/ipv6: avoid possible UAF in ip6routempathnotify syzbot found another use-after-free in ip6routempathnotify 1 Commit f7225172f25a "net/ipv6: prevent use after free in ip6routempathnotify" was not able to fix the root cause. We...

CVE-2024-32455 WordPress Fatal Error Notify plugin <= 1.5.2 - Broken Access Control vulnerability

Missing Authorization vulnerability in Very Good Plugins Fatal Error Notify.This issue affects Fatal Error Notify: from n/a through 1.5.2...

CVE-2024-32455 WordPress Fatal Error Notify plugin <= 1.5.2 - Broken Access Control vulnerability

Missing Authorization vulnerability in Very Good Plugins Fatal Error Notify.This issue affects Fatal Error Notify: from n/a through 1.5.2...

CVE-2024-32455

The CVE-2024-32455 entry refers to WordPress plugin Fatal Error Notify, vulnerable in versions

WordPress Plugin Fatal Error Notify 安全漏洞

WordPress and WordPress plugin are both products of the WordPress Foundation.WordPress is a blogging platform developed using the PHP language. The platform supports personal blog sites on servers running PHP and MySQL. WordPress plugin is an application plugin. A security vulnerability exists in...

PT-2024-24586 · Very Good Plugins · Fatal Error Notify

Name of the Vulnerable Software and Affected Versions: Very Good Plugins Fatal Error Notify versions 1.5.2 and earlier Description: The issue is related to a Missing Authorization vulnerability. This means that there is a lack of proper authorization checks, potentially allowing unauthorized acce...

WordPress Fatal Error Notify plugin <= 1.5.2 - Broken Access Control vulnerability

Broken Access Control vulnerability discovered by Abdi Pranata Patchstack Alliance in WordPress Plugin Fatal Error Notify versions = 1.5.2...

WordPress Fatal Error Notify Plugin <= 1.5.2 is vulnerable to Broken Access Control

Software Fatal Error Notify Type Plugin Vulnerable versions = 1.5.2 Fixed in 1.5.3 OWASP Top 10 A1: Broken Access Control Classification Broken Access Control CVE CVE-2024-32455 Patch priority Low CVSS severity Low 4.3 Developer Claim ownership PSID 6f9eea9e690c Credits Abdi Pranata Required...

CVE-2024-23735

Cross Site Scripting XSS vulnerability in in the S/MIME certificate upload functionality of the User Profile pages in savignano S/Notify before 4.0.0 for Confluence allows attackers to manipulate user data via specially crafted certificate...