WordPress plugin ID-SK Toolkit 跨站脚本漏洞

WordPress and WordPress plugin are both products of the WordPress Foundation.WordPress is a blogging platform developed using the PHP language. The platform supports setting up personal blog sites on servers with PHP and MySQL.WordPress plugin is an application plugin. A cross-site scripting...

PT-2024-39735 · WordPress · Editor Custom Color Palette

Name of the Vulnerable Software and Affected Versions: Editor Custom Color Palette plugin for WordPress versions up to, and including, 3.3.7 Description: The issue arises from insufficient input sanitization and output escaping, allowing authenticated attackers with Author-level access and above ...

The vulnerability of the corporate version of the GitHub Enterprise Server, related to insufficient protection of service data, allows attackers to carry out phishing attacks.

The vulnerability of the corporate version of the GitHub Enterprise Server is related to insufficient protection of sensitive data. Exploiting this vulnerability could allow a malicious actor to carry out phishing attacks using malicious SVG files and URL links...

DRUPAL-CONTRIB-2024-051

This module enables you to animate an SVG graphic by selecting certain rows in a view. The module doesn't sufficiently sanitize the SVG file before embedding it into the html. This vulnerability is mitigated by the fact that an attacker must have a role with the permission to upload SVG files...

DRUPAL-CONTRIB-2024-050

This module enables you to embed the content of an SVG file into the body html of a node and optionally allows to translate text contained within the image. The module doesn't sufficiently sanitize the SVG file before embedding it into the html. This vulnerability is mitigated by the fact that an...

PT-2025-2101 · Drupal · Drupal Svg Embed

Name of the Vulnerable Software and Affected Versions: Drupal SVG Embed versions 0.0.0 through 2.1.2 Description: The issue is related to improper neutralization of input during web page generation, which can lead to Cross-Site Scripting XSS attacks. This allows a remote attacker to conduct XSS...

Cisco Adaptive Security Appliance 安全漏洞

The Cisco Adaptive Security Appliance is a network appliance from the American company Cisco, Inc. It is used to protect corporate networks and data centers of all sizes. A security vulnerability exists in the Cisco Adaptive Security Appliance that originates from a logic error when establishing ...

The vulnerability of the veth component in the Linux operating system’s kernel allows a hacker to trigger a service failure.

The vulnerability of the veth component in the Linux operating system’s kernel is related to incorrect validation of input data. Exploiting this vulnerability can allow an attacker to cause a service failure...

CVE-2024-21134

...

CVE-2024-49974

In the Linux kernel, the following vulnerability has been resolved: NFSD: Limit the number of concurrent async COPY operations Nothing appears to limit the number of concurrent async COPY operations that clients can start. In addition, AFAICT each async COPY can copy an unlimited number of 4MB...

SUSE-SU-2024:3744-1 Security update for qemu

This update for qemu fixes the following issues: Security fixes: - CVE-2024-8354: Fixed assertion failure in usbepget bsc1230834 - CVE-2024-8612: Fixed information leak in virtio devices bsc1230915 Update version to 8.2.7: Security fixes: - CVE-2024-7409: Fixed denial of service via improper...

SUSE CVE-2024-50020

In the Linux kernel, the following vulnerability has been resolved: ice: Fix improper handling of refcount in icesriovsetmsixveccount This patch addresses an issue with improper reference count handling in the icesriovsetmsixveccount function. First, the function calls icegetvfbyid, which...

PT-2024-33275 · Umbraco · Umbraco

Name of the Vulnerable Software and Affected Versions: Umbraco versions 13.x prior to 13.5.2 Umbraco versions 10.x prior to 10.8.7 Umbraco versions 8.x prior to 8.18.15 Description: There is a potential risk of code execution for Backoffice users when they “preview” SVG files in full screen mode...

DEBIAN-CVE-2024-50042

In the Linux kernel, the following vulnerability has been resolved: ice: Fix increasing MSI-X on VF Increasing MSI-X value on a VF leads to invalid memory operations. This is caused by not reallocating some arrays. Reproducer: modprobe ice echo 0 /sys/bus/pci/devices/$PFPCI/sriovdriversautoprobe...

UBUNTU-CVE-2024-50020

In the Linux kernel, the following vulnerability has been resolved: ice: Fix improper handling of refcount in icesriovsetmsixveccount This patch addresses an issue with improper reference count handling in the icesriovsetmsixveccount function. First, the function calls icegetvfbyid, which...

CVE-2024-49974

In the Linux kernel, the following vulnerability has been resolved: NFSD: Limit the number of concurrent async COPY operations Nothing appears to limit the number of concurrent async COPY operations that clients can start. In addition, AFAICT each async COPY can copy an unlimited number of 4MB...

CVE-2024-49974 NFSD: Limit the number of concurrent async COPY operations

In the Linux kernel, the following vulnerability has been resolved: NFSD: Limit the number of concurrent async COPY operations Nothing appears to limit the number of concurrent async COPY operations that clients can start. In addition, AFAICT each async COPY can copy an unlimited number of 4MB...

CVE-2024-49974 NFSD: Limit the number of concurrent async COPY operations

In the Linux kernel, the following vulnerability has been resolved: NFSD: Limit the number of concurrent async COPY operations Nothing appears to limit the number of concurrent async COPY operations that clients can start. In addition, AFAICT each async COPY can copy an unlimited number of 4MB...

CVE-2024-49974

CVE-2024-49974 : In the Linux kernel NFSD, there was no limit on concurrent async COPY operations, enabling potential DoS as each async COPY could create many 4MB chunks and run long. A fix introduces a simple per-namespace restriction to bound concurrent background COPY operations. When the limi...

CVE-2024-49974 NFSD: Limit the number of concurrent async COPY operations

In the Linux kernel, the following vulnerability has been resolved: NFSD: Limit the number of concurrent async COPY operations Nothing appears to limit the number of concurrent async COPY operations that clients can start. In addition, AFAICT each async COPY can copy an unlimited number of 4MB...