23 matches found
WordPress Extensions for Leaflet Map plugin <= 4.14 - Authenticated (Contributor+) Stored Cross-Site Scripting via 'elevation-track' Shortcode vulnerability
Authenticated Contributor+ Stored Cross-Site Scripting via 'elevation-track' Shortcode vulnerability discovered by zaim in WordPress Plugin Extensions for Leaflet Map versions = 4.14...
CVE-2026-5451
CVE-2026-5451 affects the WordPress plugin Extensions for Leaflet Map . The vulnerability is a stored XSS via the elevation-track shortcode in all versions up to and including 4.14, caused by insufficient input sanitization and output escaping on user-supplied attributes. An attacker with Contrib...
CVE-2026-5451 Extensions for Leaflet Map <= 4.14 - Authenticated (Contributor+) Stored Cross-Site Scripting via 'elevation-track' Shortcode
The Extensions for Leaflet Map plugin for WordPress is vulnerable to Stored Cross-Site Scripting via the 'elevation-track' shortcode in all versions up to, and including, 4.14. This is due to insufficient input sanitization and output escaping on user supplied attributes. This makes it possible f...
Moderate: Red Hat Security Advisory: Red Hat OpenShift Data Foundation 4.14 security, enhancement & bug fix update
Red Hat OpenShift Data Foundation 4.14 security, enhancement & bug fix update Red Hat OpenShift Data Foundation 4.14 security, enhancement & bug fix update...
RHSA-2025:16461 Red Hat Security Advisory: Red Hat Product OCP Tools 4.14 OpenShift Jenkins security update
Bulletin has no description...
Amazon Linux 2 : microvm-kernel (ALASMICROVM-KERNEL-4.14-2023-003)
The version of microvm-kernel installed on the remote host is prior to 4.14.246-200.474. It is, therefore, affected by multiple vulnerabilities as referenced in the ALAS2MICROVM-KERNEL-4.14-2023-003 advisory. A flaw was found in the Linux kernel's implementation of wireless drivers using the...
Atlassian Jira Service Desk < 4.13.9 Template Injection Code Execution
According to its self-reported version number, the Atlassian Jira Service Management application running on the remote host is version 4.14.x prior to 4.18.0. It is, therefore, affected by a flaw which may allow remote attackers with Jira Administrator access to execute arbitrary Java code or...
Atlassian Jira Service Management 4.14.0 < 4.18.0 Template Injection Code Execution
According to its self-reported version number, the Atlassian Jira Service Management application running on the remote host is version 4.14.x prior to 4.18.0. It is, therefore, affected by a flaw which may allow remote attackers with Jira Administrator access to execute arbitrary Java code or...
Atlassian Jira Service Management 4.21.x < 4.22.2 Internal Network Leakage Service-Side Request Forgery
According to its self-reported version number, the Atlassian Jira Service Desk application running on the remote host is version 4.14.x prior to 4.2.8 or 4.21.x prior to 4.22.2. It is, therefore, affected by a flaw which may allow authenticated remote attackers to access the content of internal...
Atlassian Jira Service Management 4.14.x < 4.20.8 Internal Network Leakage Service-Side Request Forgery
According to its self-reported version number, the Atlassian Jira Service Desk application running on the remote host is version 4.14.x prior to 4.2.8 or 4.21.x prior to 4.22.2. It is, therefore, affected by a flaw which may allow authenticated remote attackers to access the content of internal...
GSD-2022-1008288 ftrace: Fix null pointer dereference in ftrace_add_mod()
ftrace: Fix null pointer dereference in ftraceaddmod This is an automated ID intended to aid in discovery of potential security vulnerabilities. The actual impact and attack plausibility have not yet been proven. This ID is fixed in Linux Kernel version v4.14.300 by commit...
GSD-2022-1007562 mm,hugetlb: take hugetlb_lock before decrementing h->resv_huge_pages
mm,hugetlb: take hugetlblock before decrementing h-resvhugepages This is an automated ID intended to aid in discovery of potential security vulnerabilities. The actual impact and attack plausibility have not yet been proven. This ID is fixed in Linux Kernel version v4.14.298 by commit...
GSD-2022-1005165 apparmor: fix reference count leak in aa_pivotroot()
apparmor: fix reference count leak in aapivotroot This is an automated ID intended to aid in discovery of potential security vulnerabilities. The actual impact and attack plausibility have not yet been proven. This ID is fixed in Linux Kernel version v5.19.4 by commit...
CVE-2022-29581
Improper Update of Reference Count vulnerability in net/sched of Linux Kernel allows local attacker to cause privilege escalation to root. This issue affects: Linux Kernel versions prior to 5.18; version 4.14 and later versions...
GSD-2021-1001350 coresight: tmc-etf: Fix global-out-of-bounds in tmc_update_etf_buffer()
coresight: tmc-etf: Fix global-out-of-bounds in tmcupdateetfbuffer This is an automated ID intended to aid in discovery of potential security vulnerabilities. The actual impact and attack plausibility have not yet been proven. This ID is fixed in Linux Kernel version v5.4.133 by commit...
GSD-2021-1000421 i2c: sprd: fix reference leak when pm_runtime_get_sync fails
i2c: sprd: fix reference leak when pmruntimegetsync fails This is an automated ID intended to aid in discovery of potential security vulnerabilities. The actual impact and attack plausibility have not yet been proven. This ID is fixed in Linux Kernel version v5.4.119 by commit...
Xen Code Issues Vulnerabilities
Xen is an open source virtual machine monitor product from the University of Cambridge, UK. The product enables different and incompatible operating systems to run on the same computer and supports migration at runtime to ensure uptime and avoid downtime. A code issue vulnerability exists in Xen...
Xen Path Traversal Vulnerability
Xen is an open source virtual machine monitor product from the University of Cambridge, UK. The product enables different and incompatible operating systems to run on the same computer and supports runtime migration to ensure uptime and avoid downtime. A security vulnerability exists in Xen versi...
Squid <= 4.14 Privilege Escalation Vulnerability
Squid is prone to a privilege escalation vulnerability. Copyright C 2020 Greenbone Networks GmbH Some text descriptions might be excerpted from a referenced sources, and are Copyright C by the respective right holders. SPDX-License-Identifier: GPL-2.0-or-later This program is free software; you c...
DEBIAN-CVE-2019-3882
A flaw was found in the Linux kernel's vfio interface implementation that permits violation of the user's locked memory limit. If a device is bound to a vfio driver, such as vfio-pci, and the local attacker is administratively granted ownership of the device, it may cause a system memory exhausti...