The vulnerability of the `yajl_tree_parse` function in the YAJL-ruby JSON library allows a attacker to cause a service failure.

The vulnerability of the yajltreeparse function in the YAJL-ruby JSON library is related to improper memory release before deleting the last reference. Exploiting this vulnerability could allow a malicious actor to cause service failures...

kernel: drm/i915: Fix a memory leak with reused mmap_offset

In the Linux kernel, the following vulnerability has been resolved: drm/i915: Fix a memory leak with reused mmapoffset drmvmanodeallow and drmvmanoderevoke should be called in balanced pairs. We call drmvmanodeallow once per-file everytime a user calls mmapoffset, but only call drmvmanoderevoke...

kernel: netfilter: nft_set_rbtree: fix null deref on element insertion

A flaw was found in the Netfilter subsystem in the Linux kernel. A NULL pointer dereference and a use-after-free issue can be triggered due to an improper check and an improper way of iterating a red-black tree during garbage collector operations, potentially resulting in a denial of service and...

kernel: irqchip/gic-v3: Fix error handling in gic_populate_ppi_partitions

In the Linux kernel, the following vulnerability has been resolved: irqchip/gic-v3: Fix error handling in gicpopulateppipartitions ofgetchildbyname returns a node pointer with refcount incremented, we should use ofnodeput on it when not need anymore. When kcalloc fails, it missing ofnodeput and...

kernel: regulator: core: Use different devices for resource allocation and DT lookup

In the Linux kernel, the following vulnerability has been resolved: regulator: core: Use different devices for resource allocation and DT lookup Following by the below discussion, there's the potential UAF issue between regulator and mfd...

kernel: irqchip/wpcm450: Fix memory leak in wpcm450_aic_of_init()

In the Linux kernel, the following vulnerability has been resolved: irqchip/wpcm450: Fix memory leak in wpcm450aicofinit If ofiomap failed, 'aic' should be freed before return. Otherwise there is a memory leak...

kernel: memory: of: Fix refcount leak bug in of_get_ddr_timings()

In the Linux kernel, the following vulnerability has been resolved: memory: of: Fix refcount leak bug in ofgetddrtimings We should add the ofnodeput when breaking out of foreachchildofnode as it will automatically increase and decrease the refcount...

OESA-2023-1782 kernel security update

The Linux Kernel, the operating system core itself. Security Fixes: An issue was discovered in the Linux kernel through 6.0.6. drivers/char/pcmcia/cm4040cs.c has a race condition and resultant use-after-free if a physically proximate attacker removes a PCMCIA device while calling open, aka a race...

CVE-2023-46911

There is a Cross Site Scripting XSS vulnerability in the choosestyletree.do interface of Jspxcms v10.2.0 backend...

CVE-2023-46911

There is a Cross Site Scripting XSS vulnerability in the choosestyletree.do interface of Jspxcms v10.2.0 backend...

CVE-2023-46151

Cross-Site Request Forgery CSRF vulnerability in AWESOME TOGI Product Category Tree plugin = 2.5 versions...

CVE-2023-46151

Cross-Site Request Forgery CSRF vulnerability in AWESOME TOGI Product Category Tree plugin = 2.5 versions...

Cross site request forgery (csrf)

Cross-Site Request Forgery CSRF vulnerability in AWESOME TOGI Product Category Tree plugin = 2.5 versions...

BIT-2023-44310

Stored cross-site scripting XSS vulnerability in Page Tree menu Liferay Portal 7.3.6 through 7.4.3.78, and Liferay DXP 7.3 fix pack 1 through update 23, and 7.4 before update 79 allows remote attackers to inject arbitrary web script or HTML via a crafted payload injected into page's "Name" text...

WordPress Plugin product-category-tree Cross-Site Request Forgery Vulnerability

WordPress and WordPress plugin are both products of the WordPress Foundation.WordPress is a blogging platform developed using the PHP language. WordPress plugin is an application plugin that supports personal blogs on PHP and MySQL servers. A cross-site request forgery vulnerability exists in...

CVE-2023-46151 WordPress Product Category Tree Plugin <= 2.5 is vulnerable to Cross Site Request Forgery (CSRF)

Cross-Site Request Forgery CSRF vulnerability in AWESOME TOGI Product Category Tree plugin = 2.5 versions...

CVE-2023-46151 WordPress Product Category Tree Plugin <= 2.5 is vulnerable to Cross Site Request Forgery (CSRF)

Cross-Site Request Forgery CSRF vulnerability in AWESOME TOGI Product Category Tree plugin = 2.5 versions...

CVE-2023-46151

CVE-2023-46151 affects the WordPress plugin Product Category Tree (versions

CVE-2023-45054

Unauth. Reflected Cross-Site Scripting XSS vulnerability in AWESOME TOGI Product Category Tree plugin = 2.5 versions...

CVE-2023-45054

Unauth. Reflected Cross-Site Scripting XSS vulnerability in AWESOME TOGI Product Category Tree plugin = 2.5 versions...