CVE-2024-45306

Vim is an open source, command line text editor. Patch v9.1.0038 optimized how the cursor position is calculated and removed a loop, that verified that the cursor position always points inside a line and does not become invalid by pointing beyond the end of a line. Back then we assumed this loop ...

UBUNTU-CVE-2024-45306

Vim is an open source, command line text editor. Patch v9.1.0038 optimized how the cursor position is calculated and removed a loop, that verified that the cursor position always points inside a line and does not become invalid by pointing beyond the end of a line. Back then we assumed this loop ...

CVE-2024-45306 heap-buffer-overflow in Vim

Vim is an open source, command line text editor. Patch v9.1.0038 optimized how the cursor position is calculated and removed a loop, that verified that the cursor position always points inside a line and does not become invalid by pointing beyond the end of a line. Back then we assumed this loop ...

CVE-2024-45306

Vim is an open source, command line text editor. Patch v9.1.0038 optimized how the cursor position is calculated and removed a loop, that verified that the cursor position always points inside a line and does not become invalid by pointing beyond the end of a line. Back then we assumed this loop ...

CVE-2024-45306 heap-buffer-overflow in Vim

Vim is an open source, command line text editor. Patch v9.1.0038 optimized how the cursor position is calculated and removed a loop, that verified that the cursor position always points inside a line and does not become invalid by pointing beyond the end of a line. Back then we assumed this loop ...

PT-2024-31559 · Vim +5 · Vim +5

Name of the Vulnerable Software and Affected Versions: Vim versions prior to 9.1.0707 Description: Vim is an open source, command line text editor. A change in how the cursor position is calculated, made in patch v9.1.0038, removed a loop that verified the cursor position always points inside a...

UBUNTU-CVE-2024-43914

In the Linux kernel, the following vulnerability has been resolved: md/raid5: avoid BUGON while continue reshape after reassembling Currently, mdadm support --revert-reshape to abort the reshape while reassembling, as the test 07revert-grow. However, following BUGON can be triggerred by the test:...

CVE-2024-43914 md/raid5: avoid BUG_ON() while continue reshape after reassembling

In the Linux kernel, the following vulnerability has been resolved: md/raid5: avoid BUGON while continue reshape after reassembling Currently, mdadm support --revert-reshape to abort the reshape while reassembling, as the test 07revert-grow. However, following BUGON can be triggerred by the test:...

SourceCodester Online Graduate Tracer System 跨站脚本漏洞

SourceCodester Online Graduate Tracer System is a web-based application project developed by SourceCodester using PHP and MySQL database. Its main purpose is to provide a platform for a school to track their alumni and generate graphical reports on alumni status. A cross-site scripting...

CVE-2024-7570

CVE-2024-7570 affects Ivanti ITSM on-prem and Neurons for ITSM (versions 2023.4 and earlier). The root cause is improper certificate validation, enabling a remote attacker in a network-positioned MITM to craft a token that grants access to ITSM as any user. The vulnerability is rated HIGH on both...

CVE-2024-7570

Improper certificate validation in Ivanti ITSM on-prem and Neurons for ITSM Versions 2023.4 and earlier allows a remote attacker in a MITM position to craft a token that would allow access to ITSM as any user...

CVE-2024-41681

A vulnerability has been identified in Location Intelligence family All versions V4.4. The web server of affected products is configured to support weak ciphers by default. This could allow an unauthenticated attacker in an on-path position to to read and modify any data passed over the connectio...

CVE-2024-6954

A vulnerability was found in SourceCodester Record Management System 1.0. It has been declared as problematic. Affected by this vulnerability is an unknown functionality of the file sort1.php. The manipulation of the argument position leads to cross site scripting. The attack can be launched...

PT-2024-37993 · Sourcecodester · Sourcecodester Record Management System

Name of the Vulnerable Software and Affected Versions: SourceCodester Record Management System version 1.0 Description: A vulnerability was found in the SourceCodester Record Management System, affecting an unknown functionality of the file sort1.php. The manipulation of the position argument lea...

OSV-2024-662 Security exception in com.github.javaparser.CommentsInserter.insertComments

OSS-Fuzz report: https://bugs.chromium.org/p/oss-fuzz/issues/detail?id=70313 Crash type: Security exception Crash state: com.github.javaparser.CommentsInserter.insertComments java.base/java.util.Objects.equals com.github.javaparser.Position.equals...

CVE-2024-20395

A vulnerability in the media retrieval functionality of Cisco Webex App could allow an unauthenticated, adjacent attacker to gain access to sensitive session information. This vulnerability is due to insecure transmission of requests to backend services when the app accesses embedded media, such ...

CVE-2024-20395

Cisco Webex App contains a vulnerability in the media retrieval functionality that could allow an unauthenticated, adjacent attacker to access sensitive session information by intercepting insecurely transmitted requests for embedded media. The root cause is insecure transmission of requests to b...

CVE-2024-20395

A vulnerability in the media retrieval functionality of Cisco Webex App could allow an unauthenticated, adjacent attacker to gain access to sensitive session information. This vulnerability is due to insecure transmission of requests to backend services when the app accesses embedded media, such ...

WordPress plugin Cliengo - Chatbot security vulnerability

WordPress and WordPress plugin are both products of the WordPress Foundation.WordPress is a blogging platform developed using the PHP language. The platform supports setting up personal blog sites on servers with PHP and MySQL.WordPress plugin is an application plugin... WordPress plugin Cliengo ...

PT-2024-37297 · WordPress · Cliengo – Chatbot

Name of the Vulnerable Software and Affected Versions: The Cliengo – Chatbot plugin for WordPress versions up to, and including, 3.0.1 Description: The issue arises from a missing capability check on the update chatbot token and update chatbot position functions, allowing unauthorized modificatio...