4311 matches found
CVE-2024-35798
In the Linux kernel, the following vulnerability has been resolved: btrfs: fix race in readextentbufferpages There are reports from tree-checker that detects corrupted nodes, without any obvious pattern so possibly an overwrite in memory. After some debugging it turns out there's a race when...
CVE-2024-35798 btrfs: fix race in read_extent_buffer_pages()
In the Linux kernel, the following vulnerability has been resolved: btrfs: fix race in readextentbufferpages There are reports from tree-checker that detects corrupted nodes, without any obvious pattern so possibly an overwrite in memory. After some debugging it turns out there's a race when...
GHSA-CC2J-92JQ-WGJG eZ Publish Information disclosure in backend content tree menu
This security advisory fixes an information disclosure vulnerability in the legacy admin content tree menu. If a view has been disabled in site.ini SiteAccessRules Rules, and an attacker accesses the backend with the URL to this module, then the tree menu may be displayed. Since the tree menu may...
eZ Publish Information disclosure in backend content tree menu
This security advisory fixes an information disclosure vulnerability in the legacy admin content tree menu. If a view has been disabled in site.ini SiteAccessRules Rules, and an attacker accesses the backend with the URL to this module, then the tree menu may be displayed. Since the tree menu may...
SUSE CVE-2024-31444
Cacti provides an operational monitoring and fault management framework. Prior to version 1.2.27, some of the data stored in automationtreerulesformsave function in automationtreerules.php is not thoroughly checked and is used to concatenate the HTML statement in formconfirm function from...
PT-2024-40240 · Unknown · Ez Publish Legacy
Name of the Vulnerable Software and Affected Versions: ezpublish-legacy affected versions not specified Description: The issue is related to an information disclosure vulnerability in the legacy admin content tree menu. If a view has been disabled in site.ini SiteAccessRules Rules and an attacker...
CVE-2024-34349
Sylius is an open source eCommerce platform. Prior to 1.12.16 and 1.13.1, there is a possibility to execute javascript code in the Admin panel. In order to perform an XSS attack input a script into Name field in which of the resources: Taxons, Products, Product Options or Product Variants. The co...
DEBIAN-CVE-2024-31460
Cacti provides an operational monitoring and fault management framework. Prior to version 1.2.27, some of the data stored in automationtreerules.php is not thoroughly checked and is used to concatenate the SQL statement in createallheadernodes function from lib/apiautomation.php , finally resulti...
DEBIAN-CVE-2024-31444
Cacti provides an operational monitoring and fault management framework. Prior to version 1.2.27, some of the data stored in automationtreerulesformsave function in automationtreerules.php is not thoroughly checked and is used to concatenate the HTML statement in formconfirm function from...
UBUNTU-CVE-2024-31460
Cacti provides an operational monitoring and fault management framework. Prior to version 1.2.27, some of the data stored in automationtreerules.php is not thoroughly checked and is used to concatenate the SQL statement in createallheadernodes function from lib/apiautomation.php , finally resulti...
UBUNTU-CVE-2024-31443
Cacti provides an operational monitoring and fault management framework. Prior to 1.2.27, some of the data stored in formsave function in dataqueries.php is not thoroughly checked and is used to concatenate the HTML statement in growrightpanetree function from lib/html.php , finally resulting in...
CVE-2024-31460
Cacti provides an operational monitoring and fault management framework. Prior to version 1.2.27, some of the data stored in automationtreerules.php is not thoroughly checked and is used to concatenate the SQL statement in createallheadernodes function from lib/apiautomation.php , finally resulti...
Cross-Site Scripting (XSS)
sylius/sylius is vulnerable to Cross-Site Scripting XSS. The vulnerability is due to insufficient input sanitization within autocomplete fields and the category tree in the Admin panel, which allows an attacker to insert arbitrary JavaScript into Name fields such as the Taxons, Products, Product...
PT-2024-5188 · Cacti +3 · Cacti +3
Name of the Vulnerable Software and Affected Versions: Cacti versions prior to 1.2.27 Description: Cacti provides an operational monitoring and fault management framework. The issue arises from the automation tree rules form save function in automation tree rules.php, where some data is not...
RHEL 5 : sqlite (Unpatched Vulnerability)
The remote Redhat Enterprise Linux 5 host has one or more packages installed that are affected by multiple vulnerabilities that have been acknowledged by the vendor but will not be patched. - sqlite: incorrect sqlite3WindowRewrite error handling leads to mishandling certain parser-tree rewriting...
CVE-2024-34349 Sylius potentially vulnerable to Cross Site Scripting via "Name" field (Taxons, Products, Options, Variants) in Admin Panel
Sylius is an open source eCommerce platform. Prior to 1.12.16 and 1.13.1, there is a possibility to execute javascript code in the Admin panel. In order to perform an XSS attack input a script into Name field in which of the resources: Taxons, Products, Product Options or Product Variants. The co...
Cross-site Scripting (XSS)
tribalsystems/zenario is vulnerable to Cross-site Scripting XSS via the Tree Explorer tool. An attacker can inject malicious scripts that can be executed in the context of the user's browser by crafting malicious input...
GHSA-7QWJ-GCJF-828F Zenario's Tree Explorer tool from Organizer affected by Cross-site Scripting
The Tree Explorer tool from Organizer in Zenario before 9.5.60602 is affected by XSS. This component was removed in 9.5.60602...
Zenario's Tree Explorer tool from Organizer affected by Cross-site Scripting
The Tree Explorer tool from Organizer in Zenario before 9.5.60602 is affected by XSS. This component was removed in 9.5.60602...
CVE-2024-34460
The Tree Explorer tool from Organizer in Zenario before 9.5.60602 is affected by XSS. This component was removed in 9.5.60602...