The vulnerability of the Linux operating system’s kernel component, which allows a hacker to trigger a service failure

The vulnerability of the Linux operating system’s kernel component is related to errors in resource management within the implement function. Exploiting this vulnerability can allow an attacker to cause a service failure...

Adobe Experience Manager 跨站脚本漏洞

Adobe Experience Manager is a set of content management solutions that can be used to build websites, mobile applications and forms from the American company Audobee Adobe. The program supports mobile content management, marketing and sales campaign management and multi-site management. A...

openSUSE: Security Advisory for the Linux Kernel (Live Patch 29 for SLE 15 SP4) (SUSE-SU-2024:4268-1)

The remote host is missing an update for the SPDX-FileCopyrightText: 2024 Greenbone AG Some text descriptions might be excerpted from a referenced sources, and are Copyright C by the respective right holders. SPDX-License-Identifier: GPL-2.0-only ifdescription...

GHSA-H63V-HW6G-X8HP Bit flip attack vulnerability in cookie-encrypter

due to a weakness in the encryption method used in cookie-encrypter an attack can use the world visible IV to edit encrypted cookies without decrypting the cookie itself. This is known as an AES CBC bit flipping attack...

Bit flip attack vulnerability in cookie-encrypter

due to a weakness in the encryption method used in cookie-encrypter an attack can use the world visible IV to edit encrypted cookies without decrypting the cookie itself. This is known as an AES CBC bit flipping attack...

openSUSE: Security Advisory for the Linux Kernel (Live Patch 8 for SLE 15 SP5) (SUSE-SU-2024:4227-1)

The remote host is missing an update for the SPDX-FileCopyrightText: 2024 Greenbone AG Some text descriptions might be excerpted from a referenced sources, and are Copyright C by the respective right holders. SPDX-License-Identifier: GPL-2.0-only ifdescription...

openSUSE: Security Advisory for the Linux Kernel (Live Patch 23 for SLE 15 SP4) (SUSE-SU-2024:4234-1)

The remote host is missing an update for the SPDX-FileCopyrightText: 2024 Greenbone AG Some text descriptions might be excerpted from a referenced sources, and are Copyright C by the respective right holders. SPDX-License-Identifier: GPL-2.0-only ifdescription...

CVE-2024-54138 XSS Vulnerability in NuGetGallery's Markdown Autolinks Processing

NuGet Gallery is a package repository that powers nuget.org. The NuGetGallery has a security vulnerability related to its handling of autolinks in Markdown content. While the platform properly filters out JavaScript from standard links, it does not adequately sanitize autolinks. This oversight...

CVE-2024-54138 XSS Vulnerability in NuGetGallery's Markdown Autolinks Processing

NuGet Gallery is a package repository that powers nuget.org. The NuGetGallery has a security vulnerability related to its handling of autolinks in Markdown content. While the platform properly filters out JavaScript from standard links, it does not adequately sanitize autolinks. This oversight...

Jenkins CLI Subsystem Service Detection (TCP)

TCP based detection of services supporting the Jenkins CLI subsystem. SPDX-FileCopyrightText: 2024 Greenbone AG Some text descriptions might be excerpted from a referenced sources, and are Copyright C by the respective right holders. SPDX-License-Identifier: GPL-2.0-only ifdescription...

GHSA-GJGR-7834-RHXR Synapse's unauthenticated writes to the media repository allow planting of problematic content

Impact Synapse before version 1.106 allows, by design, unauthenticated remote participants to trigger a download and caching of remote media from a remote homeserver to the local media repository. Such content then also becomes available for download from the local homeserver in an unauthenticate...

Synapse's unauthenticated writes to the media repository allow planting of problematic content

Impact Synapse before version 1.106 allows, by design, unauthenticated remote participants to trigger a download and caching of remote media from a remote homeserver to the local media repository. Such content then also becomes available for download from the local homeserver in an unauthenticate...

CVE-2024-37303

Synapse is an open-source Matrix homeserver. Synapse before version 1.106 allows, by design, unauthenticated remote participants to trigger a download and caching of remote media from a remote homeserver to the local media repository. Such content then also becomes available for download from the...

WordPress SG Helper plugin <= 1.0 - Authenticated (Administrator+) Stored Cross-Site Scripting via SVG File Upload vulnerability

Authenticated Administrator+ Stored Cross-Site Scripting via SVG File Upload vulnerability discovered by Francesco Carlucci in WordPress Plugin SG Helper versions = 1.0...

PT-2024-20703 · Ibm · Ibm Cognos Controller

Name of the Vulnerable Software and Affected Versions: IBM Cognos Controller versions 11.0.0 through 11.0.1 Description: The issue allows malicious file upload by permitting unrestricted filetype attachments in the Journal entry page. Attackers can exploit this weakness to upload malicious...

InfoDom Performa 安全漏洞

InfoDom Performa is a digital platform for change management from InfoDom. A security vulnerability exists in InfoDom Performa version 365 4.0.1, which stems from an authenticated arbitrary file upload vulnerability in the /documentCache/upload endpoint that allows an attacker to execute arbitrar...

Cross-site Scripting (XSS)

Overview nokogiri is a gem for parsing HTML, XML, SAX, and Reader. Affected versions of this package are vulnerable to Cross-site Scripting XSS due to the configuration of HTML5 sanitization and overridden sanitizer's allowed tags. An attacker can inject malicious content by exploiting the allowe...

PT-2024-36055

Name of the Vulnerable Software and Affected Versions: Backdrop CMS versions prior to 1.28.4 Backdrop CMS versions 1.29.x prior to 1.29.2 Description: The issue allows for Cross Site Scripting XSS via an SVG document, if the SVG tag is allowed for a text format. This occurs in Backdrop CMS when a...

Backdrop CMS 安全漏洞

Backdrop CMS is a content management system CMS from Backdrop CMS open source. A security vulnerability exists in Backdrop CMS version 1.28.X prior to 1.28.4 and version 1.29.X prior to 1.29.2, which stems from a text formatting that allows the use of SVG markup, which makes it vulnerable to...

kernel: genirq/cpuhotplug, x86/vector: Prevent vector leak during CPU offline

In the Linux kernel, the following vulnerability has been resolved: genirq/cpuhotplug, x86/vector: Prevent vector leak during CPU offline The absence of IRQDMOVEPCNTXT prevents immediate effectiveness of interrupt affinity reconfiguration via procfs. Instead, the change is deferred until the next...