Electrolink FM/DAB/TV Transmitter 安全漏洞

The Electrolink FM/DAB/TV Transmitter is a series of transmitters from Electrolink. A security vulnerability exists in the Electrolink FM/DAB/TV Transmitter that stems from the presence of an elevation of privilege vulnerability, which could lead to an attacker manipulating or tampering with...

PT-2024-21528

Name of the Vulnerable Software and Affected Versions Linux kernel affected versions not specified Description A warning in copy from iter has been reported by Syzkaller due to an iov iter being used in the wrong direction. This occurs when a request with a transfer direction of SG DXFER TO FROM...

CVE-2024-21064

Vulnerability in the Oracle Business Intelligence Enterprise Edition product of Oracle Analytics component: Analytics Web Answers. Supported versions that are affected are 7.0.0.0.0 and 12.2.1.4.0. Easily exploitable vulnerability allows low privileged attacker with network access via HTTP to...

VulnCheck KEV: CVE-2023-41892

Craft CMS is a platform for creating digital experiences. This is a high-impact, low-complexity attack vector. Users running Craft installations before 4.4.15 are encouraged to update to at least that version to mitigate the issue. This issue has been fixed in Craft CMS 4.4.15...

CVE-2024-21610

An Improper Handling of Exceptional Conditions vulnerability in the Class of Service daemon cosd of Juniper Networks Junos OS allows an authenticated, network-based attacker with low privileges to cause a limited Denial of Service DoS. In a scaled CoS scenario with 1000s of interfaces, when...

OESA-2024-1424 flatpak security update

flatpak is a system for building, distributing and running sandboxed desktop applications on Linux. See https://wiki.gnome.org/Projects/SandboxedApps for more information. Security Fixes: Flatpak is a system for building, distributing, and running sandboxed desktop applications on Linux. Versions...

Improper Authorization org.springframework.security:spring-security-core Dependency in Bitbucket Data Center and Server

This High severity org.springframework.security:spring-security-core Dependency vulnerability was introduced in versions 8.0.0, 8.1.0, 8.2.0, 8.3.0, 8.4.0, 8.5.0, 8.6.0, 8.7.0, 8.8.0, 8.9.0, 8.10.0, 8.11.0, 8.12.0, 8.13.0, 8.14.0-eap01, 8.15.0, 8.16.0, 8.17.0, 8.18.0, and 8.19.0 of Bitbucket Data...

CVE-2024-3344

The Otter Blocks – Gutenberg Blocks, Page Builder for Gutenberg Editor & FSE plugin for WordPress is vulnerable to Stored Cross-Site Scripting via SVG file upload in all versions up to, and including, 2.6.8 due to insufficient input sanitization and output escaping. This makes it possible for...

PT-2024-25261 · WordPress · The Otter Blocks – Gutenberg Blocks

Name of the Vulnerable Software and Affected Versions: The Otter Blocks – Gutenberg Blocks, Page Builder for Gutenberg Editor & FSE plugin for WordPress versions up to, and including, 2.6.8 Description: The issue is related to Stored Cross-Site Scripting via SVG file upload due to insufficient...

DoS (Denial of Service) software.amazon.ion:ion-java Dependency in Jira Software Data Center and Server

This High severity software.amazon.ion:ion-java Dependency vulnerability was introduced in versions 9.0.0, 9.1.0, 9.2.0, 9.3.0, 9.4.0, 9.5.0, 9.6.0, 9.7.0, 9.8.0, 9.9.0, 9.10.0, 9.11.0, 9.12.0, 9.13.0, and 9.14.0 of Jira Software Data Center and Server. This software.amazon.ion:ion-java Dependenc...

Injection com.fasterxml.jackson.core:jackson-databind Dependency in Crowd Data Center and Server

This High severity com.fasterxml.jackson.core:jackson-databind Dependency vulnerability was introduced in versions 5.0.0, 5.1.0, and 5.2.0 of Crowd Data Center and Server. This com.fasterxml.jackson.core:jackson-databind Dependency vulnerability, with a CVSS Score of 8.1 and a CVSS Vector of...

Injection com.fasterxml.jackson.core:jackson-databind Dependency in Crowd Data Center and Server

This High severity com.fasterxml.jackson.core:jackson-databind Dependency vulnerability was introduced in versions 5.0.0, 5.1.0, and 5.2.0 of Crowd Data Center and Server. This com.fasterxml.jackson.core:jackson-databind Dependency vulnerability, with a CVSS Score of 8.1 and a CVSS Vector of...

Injection com.fasterxml.jackson.core:jackson-databind Dependency in Crowd Data Center and Server

This High severity com.fasterxml.jackson.core:jackson-databind Dependency vulnerability was introduced in versions 5.0.0, 5.1.0, and 5.2.0 of Crowd Data Center and Server. This com.fasterxml.jackson.core:jackson-databind Dependency vulnerability, with a CVSS Score of 8.1 and a CVSS Vector of...

Injection com.fasterxml.jackson.core:jackson-databind Dependency in Crowd Data Center and Server

This High severity com.fasterxml.jackson.core:jackson-databind Dependency vulnerability was introduced in versions 5.0.0, 5.1.0, and 5.2.0 of Crowd Data Center and Server. This com.fasterxml.jackson.core:jackson-databind Dependency vulnerability, with a CVSS Score of 8.8 and a CVSS Vector of...

PT-2024-19651 · WordPress · Revslider

Name of the Vulnerable Software and Affected Versions: Revslider plugin for WordPress versions up to, and including, 6.6.20 Description: The issue is related to Stored Cross-Site Scripting via svg upload due to insufficient input sanitization and output escaping. This allows authenticated attacke...

NVIDIA CUDA toolkit 安全漏洞

The NVIDIA CUDA toolkit is a toolkit from NVIDIA, Inc. It provides a development environment for creating high-performance GPU-accelerated applications. A security vulnerability exists in the NVIDIA CUDA toolkit. An attacker could exploit this vulnerability to cause a denial of service...

CVE-2024-30249 Cloudburst Network DoS in RakNet connection handling

Cloudburst Network provides network components used within Cloudburst projects. A vulnerability in versions prior to 1.0.0.CR1-20240330.101522-15 impacts publicly accessible software depending on the affected versions of Network and allows an attacker to use Network as an amplification vector for...

PT-2024-21998 · Unknown · Huly Platform

Name of the Vulnerable Software and Affected Versions: Huly Platform version 0.6.202 Description: The issue allows attackers to execute arbitrary code via the upload of a crafted SVG file to issues, which is a result of a Cross Site Scripting vulnerability. Recommendations: For Huly Platform...

Piccolo 安全漏洞

Piccolo is a fast, user-friendly ORM and query builder from Piccolo Open Source. A security vulnerability exists in Piccolo Admin prior to version 1.3.2, which stems from the fact that Piccolo's admin panel allows uploading of media files, which can be exploited by an attacker to upload an SVG...

wall in util-linux through 2.40 often installed with setgid tty permissions allows escape sequences to be sent to other users' terminals through argv. (Specifically escape sequences received from stdin are blocked but escape sequences received from argv are not blocked.) There may be plausible scenarios where this leads to account takeover.

...