CVE-2024-47499 Junos OS and Junos OS Evolved: In a BMP scenario receipt of a malformed AS PATH attribute can cause an RPD crash

An Improper Check for Unusual or Exceptional Conditions vulnerability in the routing protocol daemon RPD of Juniper Networks Junos OS and Junos OS Evolved allows an unauthenticated, network based attacker to cause a Denial of Service DoS. In a scenario where BGP Monitoring Protocol BMP is...

apache-avro: Schema parsing may trigger Remote Code Execution (RCE)

A vulnerability was found in Apache Avro. The project is affected and at risk if it accepts an org.apache.Avro/avroAvro schema for parsing provided by an end user. This flaw allows an attacker to trigger remote code execution by using the special "java-class" attribute...

apache-avro: Schema parsing may trigger Remote Code Execution (RCE)

A vulnerability was found in Apache Avro. The project is affected and at risk if it accepts an org.apache.Avro/avroAvro schema for parsing provided by an end user. This flaw allows an attacker to trigger remote code execution by using the special "java-class" attribute...

apache-avro: Schema parsing may trigger Remote Code Execution (RCE)

A vulnerability was found in Apache Avro. The project is affected and at risk if it accepts an org.apache.Avro/avroAvro schema for parsing provided by an end user. This flaw allows an attacker to trigger remote code execution by using the special "java-class" attribute...

CVE-2024-39516

An Out-of-Bounds Read vulnerability in the routing protocol daemon rpd of Juniper Networks Junos OS and Junos OS Evolved allows an unauthenticated network-based attacker sending a specifically malformed BGP packet to cause rpd to crash and restart, resulting in a Denial of Service DoS. Continued...

apache-avro: Schema parsing may trigger Remote Code Execution (RCE)

A vulnerability was found in Apache Avro. The project is affected and at risk if it accepts an org.apache.Avro/avroAvro schema for parsing provided by an end user. This flaw allows an attacker to trigger remote code execution by using the special "java-class" attribute...

CentOS 7 : thunderbird (RHSA-2022:9079)

The remote CentOS Linux 7 host has a package installed that is affected by multiple vulnerabilities as referenced in the RHSA-2022:9079 advisory. - If a Thunderbird user quoted from an HTML email, for example by replying to the email, and the email contained either a VIDEO tag with the POSTER...

PT-2024-39393 · WordPress · The Curator.Io

Name of the Vulnerable Software and Affected Versions: The Curator.io: Show all your social media posts in a beautiful feed. plugin for WordPress versions up to, and including, 1.9 Description: The issue is related to Stored Cross-Site Scripting via the feed id attribute due to insufficient input...

apache-avro: Schema parsing may trigger Remote Code Execution (RCE)

A vulnerability was found in Apache Avro. The project is affected and at risk if it accepts an org.apache.Avro/avroAvro schema for parsing provided by an end user. This flaw allows an attacker to trigger remote code execution by using the special "java-class" attribute...

apache-avro: Schema parsing may trigger Remote Code Execution (RCE)

A vulnerability was found in Apache Avro. The project is affected and at risk if it accepts an org.apache.Avro/avroAvro schema for parsing provided by an end user. This flaw allows an attacker to trigger remote code execution by using the special "java-class" attribute...

Security update for Mesa

This update for Mesa fixes the following issues: CVE-2023-45913: Fixed NULL pointer dereference via dri2GetGlxDrawableFromXDrawableId bsc1222040 CVE-2023-45919: Fixed buffer over-read in glXQueryServerString bsc1222041 CVE-2023-45922: Fixed segmentation violation in glXGetDrawableAttribute...

CLSA-2024-1728297353 kernel: Fix of 5 CVEs

drm/amd/pm: fix the Out-of-bounds read warning CVE-2024-46731 - hwmon: w83627ehf Fix underflows seen when writing limit attributes CVE-2024-46756 - hwmon: lm95234 Fix underflows seen when writing limit attributes CVE-2024-46758 - hwmon: nct6775-core Fix underflows seen when writing limit...

CVE-2024-47561

A vulnerability was found in Apache Avro. The project is affected and at risk if it accepts an org.apache.Avro/avroAvro schema for parsing provided by an end user. This flaw allows an attacker to trigger remote code execution by using the special "java-class" attribute. Mitigation 1. Avoid parsin...

cups-filters: libcupsfilters: `cfGetPrinterAttributes` API does not perform sanitization on returned IPP attributes

A flaw was found in OpenPrinting CUPS. In certain conditions, a remote attacker can add a malicious printer or directly hijack an existing printer by replacing the valid IPP URL with a malicious one. Also, it is possible that due to a lack of validation of IPP attributes returned by the server,...

cups-filters: libcupsfilters: `cfGetPrinterAttributes` API does not perform sanitization on returned IPP attributes

A flaw was found in OpenPrinting CUPS. In certain conditions, a remote attacker can add a malicious printer or directly hijack an existing printer by replacing the valid IPP URL with a malicious one. Also, it is possible that due to a lack of validation of IPP attributes returned by the server,...

WordPress Ibtana plugin <= 1.2.4.4 - Authenticated (Contributor+) Stored Cross-Site Scripting via align Attribute vulnerability

Authenticated Contributor+ Stored Cross-Site Scripting via align Attribute vulnerability discovered by Francesco Carlucci in WordPress Plugin Ibtana versions = 1.2.4.4...

PT-2024-38912 · WordPress · Ibtana

Name of the Vulnerable Software and Affected Versions: Ibtana – WordPress Website Builder plugin for WordPress versions up to, and including, 1.2.4.4 Description: The issue is related to Stored Cross-Site Scripting via the align attribute within the 'wp:ive/ive-productscarousel' Gutenberg block d...

cups-filters: libcupsfilters: `cfGetPrinterAttributes` API does not perform sanitization on returned IPP attributes

A flaw was found in OpenPrinting CUPS. In certain conditions, a remote attacker can add a malicious printer or directly hijack an existing printer by replacing the valid IPP URL with a malicious one. Also, it is possible that due to a lack of validation of IPP attributes returned by the server,...

389-ds-base: a heap overflow leading to denail-of-servce while writing a value larger than 256 chars (in log_entry_attr)

A heap overflow flaw was found in 389-ds-base. This issue leads to a denial of service when writing a value larger than 256 chars in logentryattr...

CVE-2024-47604

CVE-2024-47604 describes an XSS vulnerability in NuGetGallery’s handling of HTML element attributes. The issue could allow an attacker to execute arbitrary HTML or JavaScript in a victim’s browser. Affected product is NuGet Gallery (NuGet.org backend/frontend). The underlying root cause is improp...