8549 matches found
PT-2024-26741
Name of the Vulnerable Software and Affected Versions Linux kernel affected versions not specified Description The issue is related to the DisplayPort driver's sysfs nodes being present to the userspace before the completion of typec altmode set drvdata in dp altmode probe. This can trigger a NUL...
RHEL 8 : frr (RHSA-2024:1113)
The remote Redhat Enterprise Linux 8 host has a package installed that is affected by multiple vulnerabilities as referenced in the RHSA-2024:1113 advisory. FRRouting is free software that manages TCP/IP based routing protocols. It supports BGP4, OSPFv2, OSPFv3, ISIS, RIP, RIPng, PIM, NHRP, PBR,...
CVE-2023-52520
In the Linux kernel, the following vulnerability has been resolved: platform/x86: think-lmi: Fix reference leak If a duplicate attribute is found using ksetfindobj, a reference to that attribute is returned which needs to be disposed accordingly using kobjectput. Move the setting name validation...
openSUSE: Security Advisory for squashfs (SUSE-SU-2023:4591-1)
The remote host is missing an update for the SPDX-FileCopyrightText: 2024 Greenbone AG Some text descriptions might be excerpted from a referenced sources, and are Copyright C by the respective right holders. SPDX-License-Identifier: GPL-2.0-only ifdescription...
CVE-2023-52520
In the Linux kernel, the following vulnerability has been resolved: platform/x86: think-lmi: Fix reference leak If a duplicate attribute is found using ksetfindobj, a reference to that attribute is returned which needs to be disposed accordingly using kobjectput. Move the setting name validation...
Spoofing
In the Linux kernel, the following vulnerability has been resolved: platform/x86: think-lmi: Fix reference leak If a duplicate attribute is found using ksetfindobj, a reference to that attribute is returned which needs to be disposed accordingly using kobjectput. Move the setting name validation...
CVE-2023-52520 platform/x86: think-lmi: Fix reference leak
In the Linux kernel, the following vulnerability has been resolved: platform/x86: think-lmi: Fix reference leak If a duplicate attribute is found using ksetfindobj, a reference to that attribute is returned which needs to be disposed accordingly using kobjectput. Move the setting name validation...
CVE-2023-52520 platform/x86: think-lmi: Fix reference leak
In the Linux kernel, the following vulnerability has been resolved: platform/x86: think-lmi: Fix reference leak If a duplicate attribute is found using ksetfindobj, a reference to that attribute is returned which needs to be disposed accordingly using kobjectput. Move the setting name validation...
CVE-2023-52557
In OpenBSD 7.3 before errata 016, npppd8 could crash by a l2tp message which has an AVP Attribute-Value Pair with wrong length...
CVE-2023-52557 OpenBSD 7.3 invalid l2tp message npppd crash
In OpenBSD 7.3 before errata 016, npppd8 could crash by a l2tp message which has an AVP Attribute-Value Pair with wrong length...
CVE-2024-25293
mjml-app versions 3.0.4 and 3.1.0-beta were discovered to contain a remote code execution RCE via the href attribute...
CVE-2024-25293
mjml-app versions 3.0.4 and 3.1.0-beta were discovered to contain a remote code execution RCE via the href attribute...
CVE-2024-25293
mjml-app versions 3.0.4 and 3.1.0-beta were discovered to contain a remote code execution RCE via the href attribute...
MJML App Security Vulnerability
MJML App is an MJML open source MJML desktop application. A security vulnerability exists in mjml-app version 3.0.4 and 3.1.0-beta, which stems from a Remote Code Execution RCE vulnerability in the href attribute...
PT-2024-14627 · Openbsd · Openbsd
Name of the Vulnerable Software and Affected Versions: OpenBSD version 7.3 Description: The issue is related to a crash in npppd8 caused by an L2TP message containing an AVP Attribute-Value Pair with an incorrect length. Recommendations: For OpenBSD version 7.3, apply errata 016 to resolve the...
PT-2024-20866 · Mjml-App · Mjml-App
Name of the Vulnerable Software and Affected Versions: mjml-app versions 3.0.4 through 3.1.0-beta Description: The issue allows for remote code execution RCE via the href attribute. Recommendations: For versions 3.0.4 and 3.1.0-beta, consider restricting access to the href attribute until a patch...
CVE-2024-25293
mjml-app versions 3.0.4 and 3.1.0-beta were discovered to contain a remote code execution RCE via the href attribute...
jinja2: HTML attribute injection when passing user input as keys to xmlattr filter
A cross-site scripting XSS flaw was found in Jinja2 due to the xmlattr filter allowing keys with spaces, contrary to XML/HTML attribute standards. If an application accepts user-input keys and renders them for other users, attackers can inject additional attributes, potentially leading to XSS. Th...
CVE-2024-1070
The SiteOrigin Widgets Bundle plugin for WordPress is vulnerable to Stored Cross-Site Scripting via the features attribute in all versions up to, and including, 1.58.2 due to insufficient input sanitization and output escaping. This makes it possible for authenticated attackers, with contributor...
CVE-2024-1054
The Booster for WooCommerce plugin for WordPress is vulnerable to Stored Cross-Site Scripting via the plugin's 'wcjproductbarcode' shortcode in all versions up to, and including, 7.1.6 due to insufficient input sanitization and output escaping on user supplied attributes like 'color'. This makes ...