CVE-2024-22146

CVE-2024-22146 affects the WordPress plugin Schema & Structured Data for WP & AMP (Magazine3) — versions up to and including 1.25. The root cause is improper input neutralization during web page generation, enabling Stored XSS. A fix exists in version 1.26. Public exploitation details are not pro...

CVE-2024-22146 WordPress Schema & Structured Data for WP & AMP Plugin <= 1.25 is vulnerable to Cross Site Scripting (XSS)

Improper Neutralization of Input During Web Page Generation 'Cross-site Scripting' vulnerability in Magazine3 Schema & Structured Data for WP & AMP allows Stored XSS.This issue affects Schema & Structured Data for WP & AMP: from n/a through 1.25...

WordPress plugin Schema & Structured Data for WP & AMP 跨站脚本漏洞

WordPress and WordPress plugin are both products of the WordPress Foundation.WordPress is a blogging platform developed using the PHP language. The platform supports personal blog sites on servers running PHP and MySQL.WordPress plugin is an application plugin. A cross-site scripting vulnerabilit...

WordPress Schema & Structured Data for WP & AMP Plugin <= 1.25 is vulnerable to Cross Site Scripting (XSS)

Software Schema & Structured Data for WP & AMP Type Plugin Vulnerable versions = 1.25 Fixed in 1.26 OWASP Top 10 A3: Injection Classification Cross Site Scripting XSS CVE CVE-2024-22146 Patch priority Low CVSS severity Low 6.5 Developer Claim ownership PSID 017c71c1dfc3 Credits LVT-tholv2k Requir...

WordPress Schema & Structured Data for WP & AMP Plugin <= 1.23 is vulnerable to Cross Site Scripting (XSS)

Software Schema & Structured Data for WP & AMP Type Plugin Vulnerable versions = 1.23 Fixed in 1.24 OWASP Top 10 A3: Injection Classification Cross Site Scripting XSS CVE CVE-2023-51677 Patch priority Low CVSS severity Low 6.5 Developer Claim ownership PSID c9c204c67d47 Credits LVT-tholv2k Requir...

Schema App Structured Data < 1.22.4 - Missing Authorization via page_init

Description The Schema App Structured Data plugin for WordPress is vulnerable to unauthorized loss of data due to a missing capability check on the pageinit function in versions up to, and including, 1.22.3. This makes it possible for unauthenticated attackers to delete the plugin's transients...

How to Protect Against Data Lake Hacking

Data lakes, or centralized repositories for large-scale data, are a popular solution for data storage, and there are good reasons for that. Data lakes are flexible and cost-effective, as they allow many object formats and multiple query engines, and there is no need to manage or pay for resources...

WordPress Schema App Structured Data Plugin <= 1.23.1 is vulnerable to Broken Access Control

Software Schema App Structured Data Type Plugin Vulnerable versions = 1.23.1 Fixed in 1.23.2 OWASP Top 10 A5: Broken Access Control Classification Broken Access Control CVE CVE-2023-44258 Patch priority Low CVSS severity Low 5.3 Developer Claim ownership PSID 9ad22840c42c Credits Rio Darmawan...

iperf3: memory allocation hazard and crash

An integer overflow flaw was found in the way iperf3 dynamically allocates memory buffers for JSON-formatted messages. A remote attacker could send a specially crafted sequence of bytes on the iperf3 control channel with a specified JSON message length of 0xffffffff to trigger an integer overflow...

The vulnerability of the SetClientInfoDemo.php script in D-Link DIR-868L router software allows a hacker to execute any command they desire.

The vulnerability of the SetClientInfoDemo.php script in the D-Link DIR-868L router microprogramming software exists due to the failure to take measures to neutralize the special elements used in the operating system command. Exploiting this vulnerability allows a malicious actor to execute...

[SECURITY] Fedora 36 Update: syslog-ng-3.35.1-4.fc36

syslog-ng is an enhanced log daemon, supporting a wide range of input and output methods: syslog, unstructured text, message queues, databases SQL and NoSQL alike and more. Key features: receive and send RFC3164 and RFC5424 style syslog messages work with any kind of unstructured data receive and...

[SECURITY] Fedora 37 Update: protobuf-3.19.6-1.fc37

Protocol Buffers are a way of encoding structured data in an efficient yet extensible format. Google uses Protocol Buffers for almost all of its internal RPC protocols and file formats. Protocol buffers are a flexible, efficient, automated mechanism for serializing structured data...

ALSA-2022:7464 Moderate: protobuf security update

The protobuf packages provide Protocol Buffers, Google's data interchange format. Protocol Buffers can encode structured data in an efficient yet extensible format, and provide a flexible, efficient, and automated mechanism for serializing structured data. Security Fixes: protobuf: Incorrect...

The vulnerability of the encode_structured_data method in the PyPI eth-account package allows a attacker to cause a service failure.

The vulnerability of the encodestructureddata method in the PyPI package eth-account is related to incorrect data input used as a condition for loop execution. Exploiting this vulnerability could allow an attacker to cause service failures...

CVE-2022-1930

An exponential ReDoS Regular Expression Denial of Service can be triggered in the eth-account PyPI package, when an attacker is able to supply arbitrary input to the encodestructureddata method...

Security feature bypass

An exponential ReDoS Regular Expression Denial of Service can be triggered in the eth-account PyPI package, when an attacker is able to supply arbitrary input to the encodestructureddata method...

eth_account 安全漏洞

ethaccount is an ethereum account generator. A security vulnerability exists in versions of ethaccount prior to 0.5.9, which can be exploited by an attacker to trigger an exponential ReDoS in the eth-account PyPI package when providing arbitrary input to the encodestructureddata method...

PT-2022-4437 · Pypi · Eth-Account

Name of the Vulnerable Software and Affected Versions: eth-account affected versions not specified Description: The issue is related to an exponential ReDoS Regular Expression Denial of Service that can be triggered in the eth-account PyPI package. This occurs when an attacker is able to supply...

Fedora: Security Advisory for golang-starlark (FEDORA-2022-3e1ade35db)

The remote host is missing an update for the Copyright C 2022 Greenbone Networks GmbH Some text descriptions might be excerpted from a referenced sources, and are Copyright C by the respective right holders. SPDX-License-Identifier: GPL-2.0-or-later This program is free software; you can...

[SECURITY] Fedora 35 Update: golang-starlark-0-0.7.20210113gite81fc95.fc35

Starlark is a dialect of Python intended for use as a configuration language. Like Python, it is an untyped dynamic language with high-level data types, first-class functions with lexical scope, and garbage collection. Unlike CPython, independent Starlark threads execute in parallel, so Starlark...