WordPress 插件跨站请求伪造漏洞

WordPress is the Wordpress Foundation's set of blogging platform developed using the PHP language . The platform supports setting up personal blog sites on servers with PHP and MySQL.WordPress plugin is an open source application plugin for WordPress. Countdown and CountUp WooCommerce Sales Timer...

CVE-2021-20317

A flaw was found in the Linux kernel. A corrupted timer tree caused the task wakeup to be missing in the timerqueueadd function in lib/timerqueue.c. This flaw allows a local attacker with special user privileges to cause a denial of service, slowing and eventually stopping the system while runnin...

CVE-2021-20317

A flaw was found in the Linux kernel. A corrupted timer tree caused the task wakeup to be missing in the timerqueueadd function in lib/timerqueue.c. This flaw allows a local attacker with special user privileges to cause a denial of service, slowing and eventually stopping the system while runnin...

UBUNTU-CVE-2021-20317

A flaw was found in the Linux kernel. A corrupted timer tree caused the task wakeup to be missing in the timerqueueadd function in lib/timerqueue.c. This flaw allows a local attacker with special user privileges to cause a denial of service, slowing and eventually stopping the system while runnin...

Design/Logic Flaw

A flaw was found in the Linux kernel. A corrupted timer tree caused the task wakeup to be missing in the timerqueueadd function in lib/timerqueue.c. This flaw allows a local attacker with special user privileges to cause a denial of service, slowing and eventually stopping the system while runnin...

CVE-2021-20317

A flaw was found in the Linux kernel. A corrupted timer tree caused the task wakeup to be missing in the timerqueueadd function in lib/timerqueue.c. This flaw allows a local attacker with special user privileges to cause a denial of service, slowing and eventually stopping the system while runnin...

Linux kernel has unspecified vulnerabilities (CNVD-2022-06509)

Linux kernel is the kernel used by the Linux Foundation's open source operating system, Linux. Linux kernel is vulnerable due to a corrupted timer tree resulting in a missing task wakeup in the timerqueueadd function in lib/timerqueue.c. The vulnerability can be exploited to cause a denial of...

CVE-2021-20317

A flaw was found in the Linux kernel. A corrupted timer tree caused the task wakeup to be missing in the timerqueueadd function in lib/timerqueue.c. This flaw allows a local attacker with special user privileges to cause a denial of service, slowing and eventually stopping the system while runnin...

Linux kernel 安全漏洞

Linux kernel is the kernel used by the Linux Foundation's open source operating system, Linux. Linux kernel is vulnerable due to a corrupted timer tree resulting in a missing task wakeup in the timerqueueadd function in lib/timerqueue.c. The vulnerability can be exploited to cause a denial of...

ruspiro-boot (>=0.3.0 <=0.3.2), ruspiro-console (>=0.0.2 <=0.3.2) +6 more potentially affected by CVE-2020-36435 via ruspiro-singleton (>=0.0.2 <=0.3.1)

ruspiro-singleton CARGO version =0.0.2, =0.3.0, =0.0.2, =0.0.2, =0.3.0, =0.1.0, =0.0.2, =0.4.0, =0.0.2, =0.3.1 Source cves: CVE-2020-36435 Source advisory: OSV:GHSA-FQQ2-XP7M-XVM8...

Monopolization of the bidding platform

Handle animixar Vulnerability details Impact This is potentially a low-to-medium risk vulnerability as this will lead to the platform being monopolized by a handful of people; preventing any adoption and growth. Proof of Concept A very few super-users with a lot of funds at their disposal can mak...

SUSE-SU-2021:2788-1 Security update for go1.16

This update for go1.16 fixes the following issues: Update to go1.16.7: - go47473 net/http: panic due to racy read of persistConn after handler panic CVE-2021-36221 bsc1189162 - go47348 cmd/go: 'go list -f '.Stale'' stack overflow with cyclic imports - go47332 time: Timer reset broken under heavy...

GSD-2021-1001478 watchdog: Fix possible use-after-free by calling del_timer_sync()

watchdog: Fix possible use-after-free by calling deltimersync This is an automated ID intended to aid in discovery of potential security vulnerabilities. The actual impact and attack plausibility have not yet been proven. This ID is fixed in Linux Kernel version v4.4.276 by commit...

UVI-2021-1001165 netrom: Decrease sock refcount when sock timers expire

netrom: Decrease sock refcount when sock timers expire This is an automated ID intended to aid in discovery of potential security vulnerabilities. The actual impact and attack plausibility have not yet been proven. This ID is fixed in Linux Kernel version v5.13.6 by commit...

Cross site scripting

The User Registration & User Profile – Profile Builder WordPress plugin before 3.4.8 does not sanitise or escape its 'Modify default Redirect Delay timer' setting, allowing high privilege users to use JavaScript code in it, even when the unfilteredhtml capability is disallowed, leading to an...

Cross-Site Request Forgery (CSRF) in babybuddy/babybuddy

✍️ Description You don't check CSRF token in following endpoint /timers/1/restart/ with PoC.html attacker able to reset timer with id equal to 1. 🕵️‍♂️ Proof of Concept // PoC.html history.pushState'', '', '/' 💥 Impact This vulnerability is capable of reset any timer...

ACRN post-release reuse vulnerability (CNVD-2021-49149)

ACRN is an open source project released by the Linux Foundation, which is a hypervisor designed for IoT and embedded devices. A post-release reuse vulnerability exists in the polling timer handler in ACRN related to devicemodel/hw/pci/virtio/.c. The vulnerability is not known. No detailed...

CVE-2021-36144

The polling timer handler in ACRN before 2.5 has a use-after-free for a freed virtio device, related to devicemodel/hw/pci/virtio/.c...

CVE-2021-36144

The polling timer handler in ACRN before 2.5 has a use-after-free for a freed virtio device, related to devicemodel/hw/pci/virtio/.c...

Design/Logic Flaw

The polling timer handler in ACRN before 2.5 has a use-after-free for a freed virtio device, related to devicemodel/hw/pci/virtio/.c...