Astra Linux - уязвимость в linux-5.10, linux-6.1

In the Linux kernel, the following vulnerability has been resolved: mptcp: fix 'scheduling while atomic' in mptcppmnlappendnewlocaladdr If multiple connection requests attempt to create an implicit mptcp endpoint in parallel, more than one caller may end up in mptcppmnlappendnewlocaladdr because...

Apache Artemis: Apache ActiveMQ Artemis: Apache Artemis and Apache ActiveMQ Artemis: Unauthorized address creation due to incorrect authorization during JMS topic subscription.

A flaw was found in Apache Artemis and Apache ActiveMQ Artemis. An authenticated user can exploit this incorrect authorization vulnerability by attempting to create a non-durable Java Message Service JMS topic subscription on an address that does not exist. If the user has "createDurableQueue"...

Apache Artemis: Unauthorized Temporary Address Creation via OpenWire Protocol

Incorrect Authorization CWE-863 vulnerability in Apache Artemis, Apache ActiveMQ Artemis exists when an application using the OpenWire protocol attempts to create a non-durable JMS topic subscription on an address that doesn't exist with an authenticated user which has the "createDurableQueue"...

CVE-2026-32642

Incorrect Authorization CWE-863 vulnerability in Apache Artemis, Apache ActiveMQ Artemis exists when an application using the OpenWire protocol attempts to create a non-durable JMS topic subscription on an address that doesn't exist with an authenticated user which has the "createDurableQueue"...

CVE-2026-32642

Incorrect Authorization CWE-863 vulnerability in Apache Artemis, Apache ActiveMQ Artemis exists when an application using the OpenWire protocol attempts to create a non-durable JMS topic subscription on an address that doesn't exist with an authenticated user which has the "createDurableQueue"...

CVE-2026-32642 Apache Artemis, Apache ActiveMQ Artemis: Temporary address auto-created for OpenWire consumer without createAddress permission

Incorrect Authorization CWE-863 vulnerability in Apache Artemis, Apache ActiveMQ Artemis exists when an application using the OpenWire protocol attempts to create a non-durable JMS topic subscription on an address that doesn't exist with an authenticated user which has the "createDurableQueue"...

Apache Artemis 安全漏洞

Apache Artemis is a messaging broker software developed by the Apache Foundation. Versions of Apache Artemis such as 2.52.0 and earlier, as well as Apache ActiveMQ Artemis versions like 2.44.0 and earlier, have security vulnerabilities. These vulnerabilities stem from improper authorization, whic...

Bagisto has Normal & Blind SSTI from low-privilege user when ordering product

Summary SSTI when normal customer orders any product in add address step can inject value run in admin view. Details As normal user 1. Go to http://127.0.0.1:8000/ 2. Add order to cart and continue to checkout 3. In step of add address inject this value 77 in any input As admin 1. Go to...

WooCommerce Multiple Customer Addresses & Shipping < 21.7 - Arbitrary Address Creation/Deletion/Access/Update via IDOR

The plugin does not ensure that the address to add/update/retrieve/delete and duplicate belong to the user making the request, or is from a high privilege users, allowing any authenticated users, such as subscriber to add/update/duplicate/delete as well as retrieve addresses of other users. Run t...

Add chainId to address creation.

Lines of code Vulnerability details Impact Although it may not be in the plan to deploy multiple zkSync rollups, it makes sense to include chainid in computeCreate2Address from the very start. It would be more EIP-155 compliant, and will prevent future replay attacks, where a tx of first zkSync...

CVE-2020-14348

It was found in AMQ Online before 1.5.2 that injecting an invalid field to a user's AddressSpace configuration of the user namespace puts AMQ Online in an inconsistent state, where the AMQ Online components do not operate properly, such as the failure of provisioning and the failure of creating...

CVE-2020-14348

AMQ Online prior to 1.5.2 is affected by CVE-2020-14348, where injecting an invalid top-level field into a user’s AddressSpace configuration in the user namespace can lead to an inconsistent state, causing provisioning and address-creation failures and degraded operation of AMQ Online components....

dotnet: crash in IPAddress.TryCreate leading to ASP.Net Core Denial of Service

A denial of service vulnerability exists when .NET Framework or .NET Core improperly handle web requests, aka '.Net Framework and .Net Core Denial of Service Vulnerability'. This CVE ID is unique from CVE-2019-0820, CVE-2019-0980...