WordPress option-tree plugin injection vulnerability (CNVD-2019-30767)

WordPress is the WordPress Foundation's set of blogging platform developed using the PHP language. The platform supports personal blog sites on PHP and MySQL servers. option-tree is used in one of the theme selection building plugin. WordPress option-tree plugin has an injection vulnerability. No...

CVE-2019-15542

An issue was discovered in the ammonia crate before 2.1.0 for Rust. There is uncontrolled recursion during HTML DOM tree serialization...

Hardcoded credentials

An issue was discovered in the ammonia crate before 2.1.0 for Rust. There is uncontrolled recursion during HTML DOM tree serialization...

CVE-2019-15542

An issue in the ammonia crate for Rust (before 2.1.0) causes uncontrolled recursion during HTML DOM tree serialization in the affected component. The documents provide the vulnerability description but do not specify exploit vectors, practical impact beyond potential recursion, or concrete remedi...

CVE-2019-15542

An issue was discovered in the ammonia crate before 2.1.0 for Rust. There is uncontrolled recursion during HTML DOM tree serialization...

OpenSSL 1.0.2 < 1.0.2t Multiple Vulnerabilities

The version of OpenSSL installed on the remote host is prior to 1.0.2t. It is, therefore, affected by multiple vulnerabilities as referenced in the 1.0.2t advisory. - In situations where an attacker receives automated notification of the success or failure of a decryption attempt an attacker, aft...

CVE-2019-15321

The option-tree plugin before 2.7.3 for WordPress has Object Injection because serialized classes are mishandled...

CVE-2019-15319

The option-tree plugin before 2.7.0 for WordPress has Object Injection by leveraging a valid nonce...

CVE-2019-15320

The option-tree plugin before 2.7.3 for WordPress has Object Injection because the + character is mishandled...

CVE-2019-15320

The option-tree plugin before 2.7.3 for WordPress has Object Injection because the + character is mishandled...

CVE-2019-15319

The option-tree plugin before 2.7.0 for WordPress has Object Injection by leveraging a valid nonce...

CVE-2019-15321

The option-tree plugin before 2.7.3 for WordPress has Object Injection because serialized classes are mishandled...

Design/Logic Flaw

The option-tree plugin before 2.7.3 for WordPress has Object Injection because the + character is mishandled...

Code injection

The option-tree plugin before 2.7.0 for WordPress has Object Injection by leveraging a valid nonce...

CVE-2019-15321

CVE-2019-15321 applies to the WordPress plugin “Option Tree” prior to version 2.7.3, where an Object Injection vulnerability arises from mishandled serialized classes. The entry is documented across multiple sources (NVD description: “option-tree plugin before 2.7.3 for WordPress has Object Injec...

CVE-2019-15321

The option-tree plugin before 2.7.3 for WordPress has Object Injection because serialized classes are mishandled...

CVE-2019-15320

The option-tree plugin before 2.7.3 for WordPress has Object Injection because the + character is mishandled...

CVE-2019-15320

CVE-2019-15320 concerns the WordPress plugin OptionTree prior to version 2.7.3. The vulnerability is an Object Injection flaw caused by mishandling the + character, as documented by multiple sources (NVD, Red Hat, WPVulndb, etc.). Impact is described as affecting confidentiality, integrity, and a...

CVE-2019-15319

The option-tree plugin before 2.7.0 for WordPress has Object Injection by leveraging a valid nonce...

QEMU: device_tree: heap buffer overflow while loading device tree blob

A heap buffer overflow issue was found in the loaddevicetree function of QEMU, which is invoked to load a device tree blob at boot time. It occurs due to device tree size manipulation before buffer allocation, which could overflow a signed int type. A user/process could use this flaw to potential...