8541 matches found
CVE-2024-4553
The WP Shortcodes Plugin — Shortcodes Ultimate plugin for WordPress is vulnerable to Stored Cross-Site Scripting via the plugin's 'sumembers' shortcode in all versions up to, and including, 7.1.5 due to insufficient input sanitization and output escaping on user supplied 'color' attribute. This...
CVE-2024-4553
CVE-2024-4553 affects the WordPress plugin WP Shortcodes Plugin — Shortcodes Ultimate. The stored XSS flaw occurs in the su_members shortcode due to insufficient input sanitization and output escaping of the color attribute, exploitable by authenticated users with contributor-level access or high...
CVE-2024-4470
The Master Slider – Responsive Touch Slider plugin for WordPress is vulnerable to Stored Cross-Site Scripting via the plugin's 'msslideinfo' shortcode in all versions up to, and including, 3.9.9 due to insufficient input sanitization and output escaping on user supplied 'tagname' attribute. This...
SUSE CVE-2024-35790
In the Linux kernel, the following vulnerability has been resolved: usb: typec: altmodes/displayport: create sysfs nodes as driver's default device attribute group The DisplayPort driver's sysfs nodes may be present to the userspace before typecaltmodesetdrvdata completes in dpaltmodeprobe. This...
Linux kernel 安全漏洞
Linux kernel is the kernel used by Linux, the open source operating system of the Linux Foundation in the United States. A security vulnerability exists in the Linux kernel that stems from a contention between the xattrset|get and listxattr operations...
Linux kernel 安全漏洞
Linux kernel is the kernel used by Linux, the open source operating system of the Linux Foundation in the United States. A security vulnerability exists in Linux kernel, which stems from a vulnerability in the x86/mm/pat module...
CVE-2024-3812
The Salient Core plugin for WordPress is vulnerable to Local File Inclusion in all versions up to, and including, 2.0.7 via the 'nectaricon' shortcode 'iconlinea' attribute. This makes it possible for authenticated attackers, with contributor-level and above permissions, to include and execute...
PT-2024-27888 · WordPress · Salient Shortcodes
Name of the Vulnerable Software and Affected Versions: Salient Shortcodes plugin for WordPress versions up to, and including, 1.5.3 Description: The Salient Shortcodes plugin for WordPress is vulnerable to Local File Inclusion via the icon shortcode image attribute. This allows authenticated...
CVE-2024-35790
In the Linux kernel, the following vulnerability has been resolved: usb: typec: altmodes/displayport: create sysfs nodes as driver's default device attribute group The DisplayPort driver's sysfs nodes may be present to the userspace before typecaltmodesetdrvdata completes in dpaltmodeprobe. This...
CVE-2024-35790
In the Linux kernel, the following vulnerability has been resolved: usb: typec: altmodes/displayport: create sysfs nodes as driver's default device attribute group The DisplayPort driver's sysfs nodes may be present to the userspace before typecaltmodesetdrvdata completes in dpaltmodeprobe. This...
DEBIAN-CVE-2024-35790
In the Linux kernel, the following vulnerability has been resolved: usb: typec: altmodes/displayport: create sysfs nodes as driver's default device attribute group The DisplayPort driver's sysfs nodes may be present to the userspace before typecaltmodesetdrvdata completes in dpaltmodeprobe. This...
CVE-2024-35790
In the Linux kernel, the following vulnerability has been resolved: usb: typec: altmodes/displayport: create sysfs nodes as driver's default device attribute group The DisplayPort driver's sysfs nodes may be present to the userspace before typecaltmodesetdrvdata completes in dpaltmodeprobe. This...
UBUNTU-CVE-2024-35790
In the Linux kernel, the following vulnerability has been resolved: usb: typec: altmodes/displayport: create sysfs nodes as driver's default device attribute group The DisplayPort driver's sysfs nodes may be present to the userspace before typecaltmodesetdrvdata completes in dpaltmodeprobe. This...
CVE-2024-35790
CVE-2024-35790 in the Linux kernel : The issue was in the DisplayPort/USB Type-C subsystem where sysfs nodes could be exposed before the driver finished setup, risking NULL pointer dereferences in hpd_show/pin_assignment_show due to dev_get_drvdata() returning NULL. The fix removes manual sysfs n...
CVE-2024-35790 usb: typec: altmodes/displayport: create sysfs nodes as driver's default device attribute group
In the Linux kernel, the following vulnerability has been resolved: usb: typec: altmodes/displayport: create sysfs nodes as driver's default device attribute group The DisplayPort driver's sysfs nodes may be present to the userspace before typecaltmodesetdrvdata completes in dpaltmodeprobe. This...
CVE-2024-35790 usb: typec: altmodes/displayport: create sysfs nodes as driver's default device attribute group
In the Linux kernel, the following vulnerability has been resolved: usb: typec: altmodes/displayport: create sysfs nodes as driver's default device attribute group The DisplayPort driver's sysfs nodes may be present to the userspace before typecaltmodesetdrvdata completes in dpaltmodeprobe. This...
OESA-2024-1605 python-jinja2 security update
Jinja2 is one of the most used template engines for Python. It is inspired by Django's templating system but extends it with an expressive language that gives template authors a more powerful set of tools. On top of that it adds sandboxed execution and optional automatic escaping for applications...
CVE-2024-35176
REXML is an XML toolkit for Ruby. The REXML gem before 3.2.6 has a denial of service vulnerability when it parses an XML that has many s in an attribute value. Those who need to parse untrusted XMLs may be impacted to this vulnerability. The REXML gem 3.2.7 or later include the patch to fix this...
Ruby 安全漏洞
Ruby is a cross-platform, object-oriented, dynamically typed programming language from the individual developer, Gyohiro Matsumoto. A security vulnerability exists in Ruby REXML versions prior to 3.2.6, which stems from a denial of service vulnerability in the REXML gem when parsing attribute...
REXML contains a denial of service vulnerability
Impact The REXML gem before 3.2.6 has a DoS vulnerability when it parses an XML that has many s in an attribute value. If you need to parse untrusted XMLs, you many be impacted to this vulnerability. Patches The REXML gem 3.2.7 or later include the patch to fix this vulnerability. Workarounds Don...