8527 matches found
PT-2024-38890
Name of the Vulnerable Software and Affected Versions: Clean Login plugin for WordPress versions up to, and including, 1.14.5 Description: The Clean Login plugin for WordPress is vulnerable to Local File Inclusion via the template attribute of the clean-login-register shortcode. This allows...
jinja2: accepts keys containing non-attribute characters
A flaw was found in jinja2. The xmlattr filter accepts keys containing non-attribute characters. XML/HTML attributes cannot contain spaces, /, , or =, as each would then be interpreted as starting a separate attribute. If an application accepts keys as opposed to only values as user input, and...
PT-2024-37216 · Hubspot · Hubspot
Name of the Vulnerable Software and Affected Versions: HubSpot – CRM, Email Marketing, Live Chat, Forms & Analytics plugin for WordPress versions up to, and including, 11.1.22 Description: The issue is related to Stored Cross-Site Scripting via the url attribute of the HubSpot Meeting Widget due ...
Sensitive Cookie In HTTPS Session Without "Secure" Attribute
taipy is vulnerable to Sensitive Cookie in HTTPS Session Without "Secure" Attribute. The vulnerability is due to the improper setting of security flags on session cookies. An attacker can intercept or tamper with the cookie over insecure connections by exploiting the lack of Secure and HttpOnly...
kernel: scsi: qedi: Fix crash while reading debugfs attribute
In the Linux kernel, the following vulnerability has been resolved: scsi: qedi: Fix crash while reading debugfs attribute The qedidbgdonotrecovercmdread function invokes sprintf directly on a user pointer, which results into the crash. To fix this issue, use a small local stack buffer for sprintf...
kernel: NFSv4: Fix memory leak in nfs4_set_security_label
A vulnerability was found in the nfs4setsecuritylabel in the Linux kernel, where the function fails to free the nfsfattr attribute before exiting, leaving said memory allocation present. As the nfs4setsecuritylabel is called repeatedly over time, this may lead to memory exhaustion...
ROS-20240828-08
Vulnerability of ANGLE library in Mozilla Firefox, Firefox ESR and Thunderbird email client is related to using uninitialized resource. is related to the use of an uninitialized resource. Exploitation of the vulnerability could allow an attacker to disclose protected information Vulnerability in...
Incorrect Input Validation
libfrr.so is vulnerable to Incorrect Input Validation. The vulnerability is caused due to an issue in function bgpattrencap within bgpd/bgpattr.c which does not check the actual remaining stream length before taking the TLV value...
SUSE CVE-2023-52893
In the Linux kernel, the following vulnerability has been resolved: gsmi: fix null-deref in gsmigetvariable We can get EFI variables without fetching the attribute, so we must allow for that in gsmi. commit 859748255b43 "efi: pstore: Omit efivars caching EFI varstore access layer" added a new...
REXML 安全漏洞
REXML is a Ruby open source XML toolkit for Ruby. A security vulnerability exists in REXML versions prior to 3.3.6, which stems from a denial of service DoS vulnerability when parsing deep XML containing many attributes with the same local name...
CVE-2023-52906
A flaw was found in the Linux Kernel. The 'TCAMPLSLABEL' attribute is of the 'NLAU32' type, but has a validation type of 'NLAVALIDATEFUNCTION'. This is an invalid combination according to 'struct nlapolicy', which can trigger the nlagetrangeunsigned warning when validation of the attribute fails...
GO-2022-1192 usememos/memos missing Secure cookie attribute in github.com/usememos/memos
usememos/memos missing Secure cookie attribute in github.com/usememos/memos...
CVE-2023-52906
In the Linux kernel, the following vulnerability has been resolved: net/sched: actmpls: Fix warning during failed attribute validation The 'TCAMPLSLABEL' attribute is of 'NLAU32' type, but has a validation type of 'NLAVALIDATEFUNCTION'. This is an invalid combination according to the comment abov...
DEBIAN-CVE-2023-52906
In the Linux kernel, the following vulnerability has been resolved: net/sched: actmpls: Fix warning during failed attribute validation The 'TCAMPLSLABEL' attribute is of 'NLAU32' type, but has a validation type of 'NLAVALIDATEFUNCTION'. This is an invalid combination according to the comment abov...
DEBIAN-CVE-2023-52893
In the Linux kernel, the following vulnerability has been resolved: gsmi: fix null-deref in gsmigetvariable We can get EFI variables without fetching the attribute, so we must allow for that in gsmi. commit 859748255b43 "efi: pstore: Omit efivars caching EFI varstore access layer" added a new...
DEBIAN-CVE-2022-48882
In the Linux kernel, the following vulnerability has been resolved: net/mlx5e: Fix macsec possible null dereference when updating MAC security entity SecY Upon updating MAC security entity SecY in hw offload path, the macsec security association SA initialization routine is called. In case of...
UBUNTU-CVE-2023-52906
In the Linux kernel, the following vulnerability has been resolved: net/sched: actmpls: Fix warning during failed attribute validation The 'TCAMPLSLABEL' attribute is of 'NLAU32' type, but has a validation type of 'NLAVALIDATEFUNCTION'. This is an invalid combination according to the comment abov...
UBUNTU-CVE-2022-48882
In the Linux kernel, the following vulnerability has been resolved: net/mlx5e: Fix macsec possible null dereference when updating MAC security entity SecY Upon updating MAC security entity SecY in hw offload path, the macsec security association SA initialization routine is called. In case of...
CVE-2023-52906 net/sched: act_mpls: Fix warning during failed attribute validation
In the Linux kernel, the following vulnerability has been resolved: net/sched: actmpls: Fix warning during failed attribute validation The 'TCAMPLSLABEL' attribute is of 'NLAU32' type, but has a validation type of 'NLAVALIDATEFUNCTION'. This is an invalid combination according to the comment abov...
CVE-2023-52906
CVE-2023-52906 affects the Linux kernel’s net/sched code (act_mpls). The TCA_MPLS_LABEL attribute is NLA_U32 but uses NLA_POLICY_VALIDATE_FN, causing nla_get_range_unsigned() warnings due to negative min/max values. The fix changes the attribute type to NLA_BINARY and relocates length validation ...