15 matches found
Linux kernel 安全漏洞
Linux kernel is the kernel used by Linux, the open source operating system of the Linux Foundation in the United States. A security vulnerability exists in the Linux kernel that stems from corrupted zero-page contents that could cause a userspace program to crash...
EUVD-2021-0240
Malware in sbrugna...
Medium: kernel
Issue Overview: In the Linux kernel, the following vulnerability has been resolved: cgroup/cpuset: Prevent UAF in proccpusetshow CVE-2024-43853 In the Linux kernel, the following vulnerability has been resolved: block: initialize integrity buffer to zero before writing it to media CVE-2024-43854 ...
CBL Mariner 2.0 Security Update: kernel (CVE-2024-44947)
The version of kernel installed on the remote CBL Mariner 2.0 host is prior to tested version. It is, therefore, affected by a vulnerability as referenced in the CVE-2024-44947 advisory. - In the Linux kernel, the following vulnerability has been resolved: fuse: Initialize beyond-EOF page content...
fuse: Initialize beyond-EOF page contents before setting uptodate
...
SUSE CVE-2024-44947
In the Linux kernel, the following vulnerability has been resolved: fuse: Initialize beyond-EOF page contents before setting uptodate fusenotifystore, unlike fusedoreadpage, does not enable page zeroing because it can be used to change partial page contents. So fusenotifystore must be more carefu...
CVE-2024-31857
Forminator prior to 1.15.4 contains a cross-site scripting vulnerability. If this vulnerability is exploited, a remote attacker may obtain user information etc. and alter the page contents on the user's web browser...
PT-2024-15903 · WordPress · S2Member
Name of the Vulnerable Software and Affected Versions: s2Member plugin for WordPress versions prior to 230816 Description: The issue allows unauthenticated attackers to expose information via the API, making it possible to see the contents of posts and pages. Recommendations: For versions prior t...
CVE-2024-0906
CVE-2024-0906 concerns the WordPress plugin “f(x) Private Site.” The vulnerability allows unauthenticated attackers to access page and post contents protected by the plugin via the plugin’s API. Affected are all versions up to and including 1.2.1. The included Red Hat advisory corroborates the sa...
PT-2023-18930 · Pimcore · Pimcore
Name of the Vulnerable Software and Affected Versions: pimcore/pimcore versions prior to 10.5.21 Description: The issue allows malicious JavaScript to access all the same objects as the rest of the web page, including access to cookies and local storage, which are often used to store session...
CVE-2020-12412
By navigating a tab using the history API, an attacker could cause the address bar to display the incorrect domain with the https:// scheme, a blocked port number such as '1', and without a lock icon while controlling the page contents. This vulnerability affects Firefox 70...
UBUNTU-CVE-2016-5288
Web content could access information in the HTTP cache if e10s is disabled. This can reveal some visited URLs and the contents of those pages. This issue affects Firefox 48 and 49. This vulnerability affects Firefox 49.0.2...
Android Open Source Platform (AOSP) Browser UXSS
This module exploits a Universal Cross-Site Scripting UXSS vulnerability present in all versions of Android's open source stock browser before 4.4, and Android apps running on 'Android Open Source Platform AOSP Browser UXSS', 'Description' = %q This module exploits a Universal Cross-Site Scriptin...
NetCommons cross-site scripting vulnerability
Overview NetCommons is an open source content management system, combining e-learning and groupware functionality. NetCommons is developed and distributed by the NetCommons Project. NetCommons contains a cross-site scripting vulnerability. Impact An arbitrary script may be executed on the user's...
CVE-2007-0854
Remote file inclusion vulnerability in scripts2/objcache in cPanel WebHost Manager WHM allows remote attackers to execute arbitrary code via a URL in the obj parameter. NOTE: a third party claims that this issue is not file inclusion because the contents are not parsed, but the attack can be used...