WordPress plugin Easy Pricing Tables 跨站脚本漏洞

WordPress and WordPress plugin are both products of the WordPress Foundation.WordPress is a blogging platform developed using the PHP language. The platform supports setting up personal blog sites on servers with PHP and MySQL.WordPress plugin is an application plugin. A cross-site scripting...

IBM Concert Cross-Site Request Forgery Vulnerability

IBM Concert is an enterprise collaboration platform from IBM. IBM Concert suffers from a cross-site request forgery vulnerability vulnerability due to a failure to set the SameSite attribute for cookies. An attacker could exploit this vulnerability to conduct a cross-site request forgery CSRF...

Cross-site Scripting (XSS)

Overview Affected versions of this package are vulnerable to Cross-site Scripting XSS due to improper sanitization of the bem Twig function. Note: This is only exploitable when the function is used outside of Drupal. If the Drupal Attribute class exists, the function uses it and it does escape...

CVE-2024-6480 SIP Reviews Shortcode for WooCommerce <= 1.2.3 - Authenticated (Contributor+) Cross-Site Scripting

The SIP Reviews Shortcode for WooCommerce plugin for WordPress is vulnerable to Stored Cross-Site Scripting via the 'noofreviews' attribute in the woocommercereviews shortcode in all versions up to, and including, 1.2.3 due to insufficient input sanitization and output escaping on user supplied...

kernel: ext4: do not create EA inode under buffer lock

A vulnerability was found in the Linux kernel's ext4 filesystem, where the system could create EA inodes while holding a buffer lock, this approach can lead to deadlocks, especially if the filesystem is corrupted...

Huawei EulerOS: Security Advisory for python-jinja2 (EulerOS-SA-2024-2602)

The remote host is missing an update for the Huawei EulerOS SPDX-FileCopyrightText: 2024 Greenbone AG Some text descriptions might be excerpted from a referenced sources, and are Copyright C by the respective right holders. SPDX-License-Identifier: GPL-2.0-only ifdescription...

apache-avro: Schema parsing may trigger Remote Code Execution (RCE)

A vulnerability was found in Apache Avro. The project is affected and at risk if it accepts an org.apache.Avro/avroAvro schema for parsing provided by an end user. This flaw allows an attacker to trigger remote code execution by using the special "java-class" attribute...

CVE-2024-43177

IBM Concert 1.0.0 and 1.0.1 vulnerable to attacks that rely on the use of cookies without the SameSite attribute...

CVE-2024-43177

IBM Concert 1.0.0 and 1.0.1 vulnerable to attacks that rely on the use of cookies without the SameSite attribute...

CVE-2024-43173

IBM Concert 1.0.0 and 1.0.1 vulnerable to attacks that rely on the use of cookies without the SameSite attribute...

CVE-2024-43173

IBM Concert 1.0.0 and 1.0.1 vulnerable to attacks that rely on the use of cookies without the SameSite attribute...

CVE-2024-43177 IBM Concert improper certificate validation

IBM Concert 1.0.0 and 1.0.1 vulnerable to attacks that rely on the use of cookies without the SameSite attribute...

CVE-2024-43177

CVE-2024-43177 affects IBM Concert Software versions 1.0.0–1.0.1, with the root cause described as cookies being used without the SameSite attribute. Public sources note the vulnerability could enable attacks related to cookie handling, and the NVD metrics show a critical impact (base score 9.8 i...

CVE-2024-43177 IBM Concert improper certificate validation

IBM Concert 1.0.0 and 1.0.1 vulnerable to attacks that rely on the use of cookies without the SameSite attribute...

CVE-2024-43173

IBM Concert software versions 1.0.0–1.0.1 are vulnerable to attacks that rely on cookies without the SameSite attribute. The evidence from multiple sources (IBM’s Security Bulletin and CVE entries) describes a SameSite cookie issue that could enable cross-site request forgery-like abuse. Affected...

CVE-2024-43173 IBM Concert information disclosure

IBM Concert 1.0.0 and 1.0.1 vulnerable to attacks that rely on the use of cookies without the SameSite attribute...

CVE-2024-43173 IBM Concert information disclosure

IBM Concert 1.0.0 and 1.0.1 vulnerable to attacks that rely on the use of cookies without the SameSite attribute...

PT-2024-30359 · Ibm · Ibm Concert

Name of the Vulnerable Software and Affected Versions: IBM Concert versions 1.0.0 through 1.0.1 Description: The issue is related to the use of cookies without the SameSite attribute, which can lead to attacks. Recommendations: For versions 1.0.0 and 1.0.1, consider configuring cookies to include...

IBM Concert 安全漏洞

IBM Concert is an enterprise collaboration platform from IBM. IBM Concert suffers from a cross-site request forgery vulnerability vulnerability due to a failure to set the SameSite attribute for cookies. An attacker could exploit this vulnerability to conduct a cross-site request forgery CSRF...

AZL-51482 CVE-2024-50039 affecting package kernel for versions less than 6.6.57.1-1

In the Linux kernel, the following vulnerability has been resolved: net/sched: accept TCASTAB only for root qdisc Most qdiscs maintain their backlog using qdiscpktlenskb on the assumption it is invariant between the enqueue and dequeue handlers. Unfortunately syzbot can crash a host rather easily...