WordPress option-tree plugin cross-site scripting vulnerability (CNVD-2019-31010)

WordPress is the WordPress Foundation's set of blogging platform developed using the PHP language. The platform supports personal blog sites on PHP and MySQL servers. option-tree is used in one of the theme selection building plugin. A cross-site scripting vulnerability exists in the WordPress...

WordPress option-tree plugin cross-site scripting vulnerability

WordPress is the WordPress Foundation's set of blogging platform developed using the PHP language. The platform supports personal blog sites on PHP and MySQL servers. option-tree is used in one of the theme selection building plugin. A cross-site scripting vulnerability exists in WordPress...

CVE-2016-10895

The option-tree plugin before 2.6.0 for WordPress has XSS via an addlistitem or addsociallinks AJAX request...

CVE-2015-9320

The option-tree plugin before 2.5.4 for WordPress has XSS related to addqueryarg...

CVE-2016-10895

The option-tree plugin before 2.6.0 for WordPress has XSS via an addlistitem or addsociallinks AJAX request...

Design/Logic Flaw

The option-tree plugin before 2.5.4 for WordPress has XSS related to addqueryarg...

CVE-2015-9320

The option-tree plugin before 2.5.4 for WordPress has XSS related to addqueryarg...

CVE-2016-10895

The option-tree plugin before 2.6.0 for WordPress has XSS via an addlistitem or addsociallinks AJAX request...

PT-2019-7279 · WordPress · Option-Tree

Name of the Vulnerable Software and Affected Versions: option-tree plugin versions prior to 2.5.4 Description: The issue is related to a Cross-Site Scripting XSS problem in the add query arg function. Recommendations: For versions prior to 2.5.4, update to version 2.5.4 or later to resolve the...

QEMU: device_tree: heap buffer overflow while loading device tree blob

A heap buffer overflow issue was found in the loaddevicetree function of QEMU, which is invoked to load a device tree blob at boot time. It occurs due to device tree size manipulation before buffer allocation, which could overflow a signed int type. A user/process could use this flaw to potential...

CVE-2019-9513

Some HTTP/2 implementations are vulnerable to resource loops, potentially leading to a denial of service. The attacker creates multiple request streams and continually shuffles the priority of the streams in a way that causes substantial churn to the priority tree. This can consume excess CPU...

CVE-2019-9513

Some HTTP/2 implementations are vulnerable to resource loops, potentially leading to a denial of service. The attacker creates multiple request streams and continually shuffles the priority of the streams in a way that causes substantial churn to the priority tree. This can consume excess CPU...

ALPINE-CVE-2019-9513

Some HTTP/2 implementations are vulnerable to resource loops, potentially leading to a denial of service. The attacker creates multiple request streams and continually shuffles the priority of the streams in a way that causes substantial churn to the priority tree. This can consume excess CPU...

Design/Logic Flaw

Some HTTP/2 implementations are vulnerable to resource loops, potentially leading to a denial of service. The attacker creates multiple request streams and continually shuffles the priority of the streams in a way that causes substantial churn to the priority tree. This can consume excess CPU...

CVE-2019-9513

Some HTTP/2 implementations are vulnerable to resource loops, potentially leading to a denial of service. The attacker creates multiple request streams and continually shuffles the priority of the streams in a way that causes substantial churn to the priority tree. This can consume excess CPU...

NewStart CGSL MAIN 4.05 : firefox Multiple Vulnerabilities (NS-SA-2019-0103)

The remote NewStart CGSL host, running version MAIN 4.05, has firefox packages installed that are affected by multiple vulnerabilities: - A buffer overflow in WebGL triggerable by web content, resulting in a potentially exploitable crash. This vulnerability affects Thunderbird 52.1, Firefox ESR...

kernel: fs/ext4/extents.c leads to information disclosure

A flaw was found in the Linux kernel's implementation of ext4 extent management. The kernel doesn't correctly initialize memory regions in the extent tree block which may be exported to a local user to obtain sensitive information by reading empty/uninitialized data from the filesystem...

CVE-2019-1552

OpenSSL has internal defaults for a directory tree where it can find a configuration file as well as certificates used for verification in TLS. This directory is most commonly referred to as OPENSSLDIR, and is configurable with the --prefix / --openssldir configuration options. For OpenSSL versio...

CVE-2019-1552

OpenSSL has internal defaults for a directory tree where it can find a configuration file as well as certificates used for verification in TLS. This directory is most commonly referred to as OPENSSLDIR, and is configurable with the --prefix / --openssldir configuration options. For OpenSSL versio...

CVE-2019-1552

CVE-2019-1552 centers on insecure default OPENSSLDIR handling in OpenSSL builds, where Windows targets may resolve to C:\usr\local or similar writable locations, enabling unprivileged users to modify configuration, CA data, or engine modules. Connected docs show concrete impacts: Veritas Backup E...