Multiple Themes - Reflected Cross-Site Scripting via Customizer Notify

The qualitycustomizernotifydismissaction and ticustomizernotifydismissrecommendedplugins AJAX actions names can differ depending on the theme, available to authenticated users in multiple themes do not validate or escape the id parameter before outputting it back in the response, leading to...

CLSA-2022-1643727522 Fix of CVE: CVE-2021-35942, CVE-2021-27645, CVE-2021-33574

CVE-2021-27645: nscd: Fix double free in netgroupcache 1927877 - CVE-2021-33574: Deep copy pthread attribute in mqnotify 1966472 - CVE-2021-35942: wordexp: handle overflow in positional parameter number 1979127 - librt: fix NULL pointer dereference 1966472...

CVE-2021-46118

jpress 4.2.0 is vulnerable to remote code execution via io.jpress.module.article.kit.ArticleNotifyKitdoSendEmail. The admin panel provides a function through which attackers can edit the email templates and inject some malicious code...

CVE-2021-46117

jpress 4.2.0 is vulnerable to remote code execution via io.jpress.module.page.PageNotifyKitdoSendEmail. The admin panel provides a function through which attackers can edit the email templates and inject some malicious code...

Jpress 代码注入漏洞

Jpress is a set of blogging platform developed in Java language by Jpress team. A security vulnerability exists in jpress that originates from remote code execution via io.jpress.module.article.kit.ArticleNotifyKit...

FreeSWITCH 安全漏洞

FreeSWITCH is a free, open-source communications software program developed by Anthony Minessale, an individual developer in the United States. The software can be used to create audio, video, and SMS products and applications. A security vulnerability exists in SignalWire freeswitch, which stems...

CVE-2020-19954

An XML External Entity XXE vulnerability was discovered in /api/notify.php in S-CMS 3.0 which allows attackers to read arbitrary files...

Xxe

An XML External Entity XXE vulnerability was discovered in /api/notify.php in S-CMS 3.0 which allows attackers to read arbitrary files...

PT-2021-14727 · Jenkins · Jenkins +1

Name of the Vulnerable Software and Affected Versions: Jenkins Git Plugin versions 4.8.2 and earlier Description: The issue arises from the failure to escape Git SHA-1 checksum parameters provided to commit notifications when displayed in a build cause, resulting in a stored cross-site scripting...

samba: Missing handle permissions check in SMB1/2/3 ChangeNotify

A flaw was found in the way Samba handled file and directory permissions. This flaw allows an authenticated user to gain access to certain file and directory information, which otherwise would be unavailable. The highest threat from this vulnerability is to confidentiality...

ISC BIND Information Disclosure Vulnerability (CVE-2017-3142) - Windows

ISC BIND is prone to an information disclosure vulnerability. Copyright C 2021 Greenbone Networks GmbH Some text descriptions might be excerpted from a referenced sources, and are Copyright C by the respective right holders. SPDX-License-Identifier: GPL-2.0-or-later This program is free software;...

The vulnerability of the `notifyProfileAdded` and `notifyProfileRemoved` functions in the Android operating system allows a hacker to disclose protected information.

The vulnerability of the notifyProfileAdded and notifyProfileRemoved functions in the SipService.java file of the Android operating system is related to authentication errors. Exploiting this vulnerability can allow attackers to disclose sensitive information that is protected by these functions...

In librt in the GNU C Library (aka glibc) through 2.34 sysdeps/unix/sysv/linux/mq_notify.c mishandles certain NOTIFY_REMOVED data leading to a NULL pointer dereference. NOTE: this vulnerability was introduced as a side effect of the CVE-2021-33574 fix.

...

The vulnerability of the `sysdeps/unix/sysv/linux/mq_notify.c` component in the glibc library allows a attacker to cause a service failure.

The vulnerability of the sysdeps/unix/sysv/linux/mqnotify.c component of the glibc library is related to the handling of zero pointers. Exploiting this vulnerability could allow a remote attacker to cause service interruptions...

CVE-2021-35392

Realtek Jungle SDK version v2.x up to v3.4.14B provides a 'WiFi Simple Config' server that implements both UPnP and SSDP protocols. The binary is usually named wscd or miniupnpd and is the successor to miniigd. The server is vulnerable to a heap buffer overflow that is present due to unsafe...

Realtek Jungle SDK 缓冲区错误漏洞

The Realtek Jungle SDK provides an HTTP web server that exposes a management interface that can be used to configure access points. A security vulnerability exists in the Realtek Jungle SDK, which stems from the fact that Realtek Jungle SDK versions v2.x through v3.4.14B provide a "WiFi Simple...

AZL-6442 CVE-2021-38604 affecting package glibc for versions less than 2.35-1

In librt in the GNU C Library aka glibc through 2.34, sysdeps/unix/sysv/linux/mqnotify.c mishandles certain NOTIFYREMOVED data, leading to a NULL pointer dereference. NOTE: this vulnerability was introduced as a side effect of the CVE-2021-33574 fix...

UBUNTU-CVE-2021-38604

In librt in the GNU C Library aka glibc through 2.34, sysdeps/unix/sysv/linux/mqnotify.c mishandles certain NOTIFYREMOVED data, leading to a NULL pointer dereference. NOTE: this vulnerability was introduced as a side effect of the CVE-2021-33574 fix...

GNU C Library 代码问题漏洞

The GNU C Library glibc, libc6 is an open-source, free C language compiler released under the LGPL license. A security vulnerability exists in the GNU C Library aka glibc version 2.34 and earlier versions of librt, which stems from sysdeps/unix/sysv/linux/mqnotify.c incorrectly handling certain...

WordPress Ad Blocker Notify Lite plugin <= 2.4.0 - Reflected Cross-Site Scripting (XSS) vulnerability

Reflected Cross-Site Scripting XSS vulnerability discovered by iohex and WPScanTeam in WordPress Ad Blocker Notify Lite plugin versions = 2.4.0. Solution 2021-08-25 - no patched version is available. Deactivate and delete...