CVE-2021-4149

A vulnerability was found in btrfsalloctreeb in fs/btrfs/extent-tree.c in the Linux kernel due to an improper lock operation in btrfs. In this flaw, a user with a local privilege may cause a denial of service DOS due to a deadlock problem...

PT-2022-17319 · Tcpprep +2 · Tcpprep +2

Name of the Vulnerable Software and Affected Versions: tcpprep version 4.4.1 Description: The issue is related to a reachable assertion in the packet2tree function at tree.c in tcpprep. This assertion is assertl2len 0, indicating a potential problem when the l2len variable is not greater than 0...

CVE-2021-45868

In the Linux kernel before 5.15.3, fs/quota/quotatree.c does not validate the block number in the quota tree on disk. This can, for example, lead to a kernel/locking/rwsem.c use-after-free if there is a corrupted quota file...

DEBIAN-CVE-2021-45868

In the Linux kernel before 5.15.3, fs/quota/quotatree.c does not validate the block number in the quota tree on disk. This can, for example, lead to a kernel/locking/rwsem.c use-after-free if there is a corrupted quota file...

CVE-2021-45868

In the Linux kernel before 5.15.3, fs/quota/quotatree.c does not validate the block number in the quota tree on disk. This can, for example, lead to a kernel/locking/rwsem.c use-after-free if there is a corrupted quota file...

UBUNTU-CVE-2021-45868

In the Linux kernel before 5.15.3, fs/quota/quotatree.c does not validate the block number in the quota tree on disk. This can, for example, lead to a kernel/locking/rwsem.c use-after-free if there is a corrupted quota file...

CVE-2021-45868

In the Linux kernel before 5.15.3, fs/quota/quotatree.c does not validate the block number in the quota tree on disk. This can, for example, lead to a kernel/locking/rwsem.c use-after-free if there is a corrupted quota file...

CVE-2021-45888

An issue was discovered in PONTON X/P Messenger before 3.11.2. The navigation tree that is shown on the left side of every page of the web application is vulnerable to XSS: it allows injection of JavaScript into its nodes. Creating such nodes is only possible for users who have the role...

CVE-2021-45888

An issue was discovered in PONTON X/P Messenger before 3.11.2. The navigation tree that is shown on the left side of every page of the web application is vulnerable to XSS: it allows injection of JavaScript into its nodes. Creating such nodes is only possible for users who have the role...

Design/Logic Flaw

An issue was discovered in PONTON X/P Messenger before 3.11.2. The navigation tree that is shown on the left side of every page of the web application is vulnerable to XSS: it allows injection of JavaScript into its nodes. Creating such nodes is only possible for users who have the role...

Important: Red Hat Security Advisory: kernel-rt security and bug fix update

An update for kernel-rt is now available for Red Hat Enterprise Linux 8. Red Hat Product Security has rated this update as having a security impact of Important. A Common Vulnerability Scoring System CVSS base score, which gives a detailed severity rating, is available for each vulnerability from...

RLSA-2022:0819 Important: kernel-rt security and bug fix update

The kernel-rt packages provide the Real Time Linux Kernel, which enables fine-tuning for systems with extremely high determinism requirements. Security Fixes: kernel: improper initialization of the "flags" member of the new pipebuffer CVE-2022-0847 kernel: Use After Free in unixgc which could...

Google Android 缓冲区错误漏洞

A buffer overflow vulnerability exists in Google Android, a Linux-based open source operating system from Google, Inc. The vulnerability originates in TuningProviderBase::GetTuningTreeSet in tuningproviderbase.cc, and may result in out-of-bounds reads due to a lack of boundary checking. An attack...

CVE-2022-23051

PeteReport Version 0.5 allows an authenticated admin user to inject persistent JavaScript code while adding an 'Attack Tree' by modifying the 'svgfile' parameter...

CVE-2022-23051

PeteReport Version 0.5 allows an authenticated admin user to inject persistent JavaScript code while adding an 'Attack Tree' by modifying the 'svgfile' parameter...

Code injection

PeteReport Version 0.5 allows an authenticated admin user to inject persistent JavaScript code while adding an 'Attack Tree' by modifying the 'svgfile' parameter...

CVE-2022-23051

PeteReport Version 0.5 allows an authenticated admin user to inject persistent JavaScript code while adding an 'Attack Tree' by modifying the 'svgfile' parameter...

WordPress F4 Post Tree plugin <= 1.1.8 - Sensitive Information Disclosure vulnerability

Sensitive Information Disclosure vulnerability discovered in WordPress F4 Post Tree plugin versions = 1.1.8. Solution Update the WordPress F4 Post Tree plugin to the latest available version at least 1.1.9...

WordPress F4 Post Tree plugin <= 1.1.8 - Toggle The Debug Mode via Cross-Site Request Forgery (CSRF) vulnerability

Toggle The Debug Mode via Cross-Site Request Forgery CSRF vulnerability discovered in WordPress F4 Post Tree plugin versions = 1.1.8. Solution Update the WordPress F4 Post Tree plugin to the latest available version at least 1.1.9...

WordPress Genealogical Tree – WordPress Family Tree plugin <= 2.1.4 - Toggle The Debug Mode via Cross-Site Request Forgery (CSRF) vulnerability

Toggle The Debug Mode via Cross-Site Request Forgery CSRF vulnerability discovered in WordPress Genealogical Tree – WordPress Family Tree plugin versions = 2.1.4. Solution Update the WordPress Genealogical Tree – WordPress Family Tree plugin to the latest available version at least 2.1.5...