CVE-2024-50246

In the Linux kernel, the following vulnerability has been resolved: fs/ntfs3: Add rough attr allocsize check...

CVE-2024-50243 fs/ntfs3: Fix general protection fault in run_is_mapped_full

In the Linux kernel, the following vulnerability has been resolved: fs/ntfs3: Fix general protection fault in runismappedfull Fixed deleating of a non-resident attribute in ntfscreateinode rollback...

CVE-2024-50243 fs/ntfs3: Fix general protection fault in run_is_mapped_full

In the Linux kernel, the following vulnerability has been resolved: fs/ntfs3: Fix general protection fault in runismappedfull Fixed deleating of a non-resident attribute in ntfscreateinode rollback...

ext4: avoid OOB when system.data xattr changes underneath the filesystem

...

AZL-53564 CVE-2024-50198 affecting package kernel for versions less than 6.6.64.2-1

In the Linux kernel, the following vulnerability has been resolved: iio: light: veml6030: fix IIO device retrieval from embedded device The dev pointer that is received as an argument in the inilluminanceperiodavailableshow function references the device embedded in the IIO device, not in the i2c...

AZL-53679 CVE-2024-50198 affecting package kernel for versions less than 5.15.173.1-1

In the Linux kernel, the following vulnerability has been resolved: iio: light: veml6030: fix IIO device retrieval from embedded device The dev pointer that is received as an argument in the inilluminanceperiodavailableshow function references the device embedded in the IIO device, not in the i2c...

CVE-2024-50198 iio: light: veml6030: fix IIO device retrieval from embedded device

In the Linux kernel, the following vulnerability has been resolved: iio: light: veml6030: fix IIO device retrieval from embedded device The dev pointer that is received as an argument in the inilluminanceperiodavailableshow function references the device embedded in the IIO device, not in the i2c...

CVE-2024-50198 iio: light: veml6030: fix IIO device retrieval from embedded device

In the Linux kernel, the following vulnerability has been resolved: iio: light: veml6030: fix IIO device retrieval from embedded device The dev pointer that is received as an argument in the inilluminanceperiodavailableshow function references the device embedded in the IIO device, not in the i2c...

EulerOS 2.0 SP9 : kernel (EulerOS-SA-2024-2832)

According to the versions of the kernel packages installed, the EulerOS installation on the remote host is affected by the following vulnerabilities : media: dvbdev: Fix memory leak in dvbmediadevicefreeCVE-2020-36777 Drivers: hv: vmbus: Use after free in vmbusopenCVE-2021-47049 KVM: PPC: Fix...

IBM Concert Trust Management Issues Vulnerability (CNVD-2024-49175)

IBM Concert is a new tool from International Business Machines IBM Inc. that uses generative AI to help manage complex cloud-native applications. A trust management issue vulnerability exists in IBM Concert versions 1.0.0 and 1.0.1 that stems from vulnerability to attacks that rely on the use of...

The vulnerability of the Nested iFrame Handler component in the Firefox web browser arises from an incorrect SameSite attribute in the cookie file. This allows attackers to access sensitive data, compromise its integrity, and cause service failures.

The vulnerability of the Nested iFrame Handler component in the Firefox web browser is related to an incorrect SameSite attribute in the cookie file. Exploiting this vulnerability can allow a remote attacker to access sensitive data, compromise its integrity, and cause service interruptions...

Protection Mechanism Failure

Overview twig/twig is a flexible, fast, and secure template language for PHP. Affected versions of this package are vulnerable to Protection Mechanism Failure in a sandbox, an attacker can access attributes of Array-like objects due to improper validation by the security policy. Note: This change...

CVE-2024-8323

The Pricing Tables WordPress Plugin – Easy Pricing Tables plugin for WordPress is vulnerable to Stored Cross-Site Scripting via the ‘fontFamily’ attribute in all versions up to, and including, 3.2.6 due to insufficient input sanitization and output escaping. This makes it possible for authenticat...

PT-2024-38938 · WordPress · Easy Pricing Tables

Name of the Vulnerable Software and Affected Versions: Easy Pricing Tables plugin for WordPress versions up to, and including, 3.2.6 Description: The issue is related to Stored Cross-Site Scripting via the fontFamily attribute due to insufficient input sanitization and output escaping. This allow...

WordPress plugin Easy Pricing Tables 跨站脚本漏洞

WordPress and WordPress plugin are both products of the WordPress Foundation.WordPress is a blogging platform developed using the PHP language. The platform supports setting up personal blog sites on servers with PHP and MySQL.WordPress plugin is an application plugin. A cross-site scripting...

IBM Concert Cross-Site Request Forgery Vulnerability

IBM Concert is an enterprise collaboration platform from IBM. IBM Concert suffers from a cross-site request forgery vulnerability vulnerability due to a failure to set the SameSite attribute for cookies. An attacker could exploit this vulnerability to conduct a cross-site request forgery CSRF...

Cross-site Scripting (XSS)

Overview Affected versions of this package are vulnerable to Cross-site Scripting XSS due to improper sanitization of the bem Twig function. Note: This is only exploitable when the function is used outside of Drupal. If the Drupal Attribute class exists, the function uses it and it does escape...

CVE-2024-6480 SIP Reviews Shortcode for WooCommerce <= 1.2.3 - Authenticated (Contributor+) Cross-Site Scripting

The SIP Reviews Shortcode for WooCommerce plugin for WordPress is vulnerable to Stored Cross-Site Scripting via the 'noofreviews' attribute in the woocommercereviews shortcode in all versions up to, and including, 1.2.3 due to insufficient input sanitization and output escaping on user supplied...

kernel: ext4: do not create EA inode under buffer lock

A vulnerability was found in the Linux kernel's ext4 filesystem, where the system could create EA inodes while holding a buffer lock, this approach can lead to deadlocks, especially if the filesystem is corrupted...

Huawei EulerOS: Security Advisory for python-jinja2 (EulerOS-SA-2024-2602)

The remote host is missing an update for the Huawei EulerOS SPDX-FileCopyrightText: 2024 Greenbone AG Some text descriptions might be excerpted from a referenced sources, and are Copyright C by the respective right holders. SPDX-License-Identifier: GPL-2.0-only ifdescription...