Joomla core 3.0.0-3.10.15-elts,4.0.0-4.4.5,5.0.0-5.1.1 - Unauthenticated XSS in Wrapper extensions vulnerability

Unauthenticated XSS in Wrapper extensions vulnerability discovered by ? in WordPress Core Joomla versions 3.0.0-3.10.15-elts,4.0.0-4.4.5,5.0.0-5.1.1...

[20240704] - Core - XSS in Wrapper extensions

The wrapper extensions do not correctly validate inputs, leading to XSS vectors...

GHSA-665W-MWRR-77Q3 Arbitrary file read via Playwright's screenshot feature exploiting file wrapper

Impact All users of url-to-png. Please see https://github.com/jasonraimondi/url-to-png/issues/47 Patches v2.0.3 requires input url to be of protocol http or https Workarounds Requires upgrade. References - https://github.com/jasonraimondi/url-to-png/issues/47 -...

SUSE CVE-2021-47253

In the Linux kernel, the following vulnerability has been resolved: drm/amd/display: Fix potential memory leak in DMUB hwinit Why On resume we perform DMUB hwinit which allocates memory: dmresume-dmdmubhwinit-dcdmubsrvcreate-kzalloc That results in memory leak in suspend/resume scenarios. How...

traceroute: improper command line parsing

A vulnerability was found in traceroute. This security issue is caused by wrapper scripts that do not properly parse command lines...

kernel: ext4: Fix function prototype mismatch for ext4_feat_ktype

In the Linux kernel, the following vulnerability has been resolved: ext4: Fix function prototype mismatch for ext4featktype With clang's kernel control flow integrity kCFI, CONFIGCFICLANG, indirect call targets are validated against the expected function pointer prototype to make sure the call...

DEBIAN-CVE-2021-47253

In the Linux kernel, the following vulnerability has been resolved: drm/amd/display: Fix potential memory leak in DMUB hwinit Why On resume we perform DMUB hwinit which allocates memory: dmresume-dmdmubhwinit-dcdmubsrvcreate-kzalloc That results in memory leak in suspend/resume scenarios. How...

UBUNTU-CVE-2021-47253

In the Linux kernel, the following vulnerability has been resolved: drm/amd/display: Fix potential memory leak in DMUB hwinit Why On resume we perform DMUB hwinit which allocates memory: dmresume-dmdmubhwinit-dcdmubsrvcreate-kzalloc That results in memory leak in suspend/resume scenarios. How...

CVE-2021-47253

In the Linux kernel, the following vulnerability has been resolved: drm/amd/display: Fix potential memory leak in DMUB hwinit Why On resume we perform DMUB hwinit which allocates memory: dmresume-dmdmubhwinit-dcdmubsrvcreate-kzalloc That results in memory leak in suspend/resume scenarios. How...

SUSE CVE-2024-34997

joblib v1.4.2 was discovered to contain a deserialization vulnerability via the component joblib.numpypickle::NumpyArrayWrapper.readarray. NOTE: this is disputed by the supplier because NumpyArrayWrapper is only used during caching of trusted content...

CVE-2024-35802

A flaw was found in the Linux kernel. Incorrect position-dependent variable references in the startup code may lead to a crash...

PT-2024-26286

Name of the Vulnerable Software and Affected Versions joblib version 1.4.2 Description A deserialization issue was found in the joblib.numpy pickle::NumpyArrayWrapper.read array component. This issue is disputed by the supplier, who claims that NumpyArrayWrapper is only used during caching of...

Ez Platform and Legacy are prone to an insecure interpretation of PHP/PHAR uploads

The eZ Platform and Legacy are affected by an issue related to how uploaded PHP and PHAR files are handled, and consists of two parts: 1. Web server configuration, and 2. Disabling the PHAR stream wrapper. 1. WEB SERVER CONFIGURATION The sample web server configuration in our documentation can in...

GHSA-PQJM-XCP8-WGMM Ez Platform and Legacy are prone to an insecure interpretation of PHP/PHAR uploads

The eZ Platform and Legacy are affected by an issue related to how uploaded PHP and PHAR files are handled, and consists of two parts: 1. Web server configuration, and 2. Disabling the PHAR stream wrapper. 1. WEB SERVER CONFIGURATION The sample web server configuration in our documentation can in...

PT-2024-40768 · Oracle · Java.Base

Name of the Vulnerable Software and Affected Versions: com.github.javaparser affected versions not specified Description: The issue is related to a security exception. Technical details about the crash include the insertComments function in com.github.javaparser.CommentsInserter, as well as the...

CVE-2024-1572

The WP ULike plugin for WordPress is vulnerable to Stored Cross-Site Scripting via the plugin's 'wpulike' shortcode in all versions up to, and including, 4.6.9 due to insufficient input sanitization and output escaping on the user supplied 'wrapperclass' attribute. This makes it possible for...

WordPress plugin WP ULike 安全漏洞

WordPress and WordPress plugin are both products of the WordPress Foundation.WordPress is a set of blogging platforms developed using the PHP language. The platform supports setting up personal blog sites on servers with PHP and MySQL.WordPress plugin is an application plugin. A security...

CVE-2024-26953

In the Linux kernel, the following vulnerability has been resolved: net: esp: fix bad handling of pages from pagepool When the skb is reorganized during espoutput !esp-inline, the pages coming from the original skb fragments are supposed to be released back to the system through putpage. But if t...

traceroute: improper command line parsing

A vulnerability was found in traceroute. This security issue is caused by wrapper scripts that do not properly parse command lines...

PT-2024-23469 · WordPress · Wpvivid Backup & Migration Plugin

Name of the Vulnerable Software and Affected Versions: WPvivid Backup & Migration Plugin for WordPress versions up to, and including, 0.9.99 Description: The issue arises from insufficient path validation on the tree nodenodeid parameter, allowing authenticated attackers with admin-level access a...