CVE-2021-47539

In the Linux kernel, the following vulnerability has been resolved: rxrpc: Fix rxrpcpeer leak in rxrpclookupbundle Need to call rxrpcputpeer for bundle candidate before kfree as it holds a ref to rxrpcpeer. DH: v2: Changed to abstract out the bundle freeing code into a function...

DEBIAN-CVE-2021-47539

In the Linux kernel, the following vulnerability has been resolved: rxrpc: Fix rxrpcpeer leak in rxrpclookupbundle Need to call rxrpcputpeer for bundle candidate before kfree as it holds a ref to rxrpcpeer. DH: v2: Changed to abstract out the bundle freeing code into a function...

UBUNTU-CVE-2021-47539

In the Linux kernel, the following vulnerability has been resolved: rxrpc: Fix rxrpcpeer leak in rxrpclookupbundle Need to call rxrpcputpeer for bundle candidate before kfree as it holds a ref to rxrpcpeer. DH: v2: Changed to abstract out the bundle freeing code into a function...

CVE-2021-47539

CVE-2021-47539 affects the Linux kernel RxRPC code. The issue is a use-after-free-like leak where a rxrpc_peer may be leaked during rxrpc_look_up_bundle() when handling a bundle candidate. The provided data states the root cause is a leak of the rxrpc_peer and the remediation is to call rxrpc_put...

Linux kernel 安全漏洞

Linux kernel is the kernel used by Linux, the open source operating system of the Linux Foundation in the United States. A security vulnerability exists in Linux kernel, which stems from the rxrpcpeer leak in the rxrpc module rxrpclookupbundle...

CVE-2024-4362 SiteOrigin Widgets Bundle <= 1.60.0 - - Authenticated (Contributor+) Stored Cross-Site Scripting via 'siteorigin_widget' Shortcode

The SiteOrigin Widgets Bundle plugin for WordPress is vulnerable to Stored Cross-Site Scripting via the plugin's 'siteoriginwidget' shortcode in all versions up to, and including, 1.60.0 due to insufficient input sanitization and output escaping on user supplied attributes. This makes it possible...

CVE-2024-4362 SiteOrigin Widgets Bundle <= 1.60.0 - - Authenticated (Contributor+) Stored Cross-Site Scripting via 'siteorigin_widget' Shortcode

The SiteOrigin Widgets Bundle plugin for WordPress is vulnerable to Stored Cross-Site Scripting via the plugin's 'siteoriginwidget' shortcode in all versions up to, and including, 1.60.0 due to insufficient input sanitization and output escaping on user supplied attributes. This makes it possible...

CVE-2024-4362

CVE-2024-4362 affects SiteOrigin Widgets Bundle for WordPress. It is a Stored XSS via the plugin’s siteorigin_widget shortcode, in all versions up to and including 1.60.0, caused by insufficient input sanitization and output escaping on user-supplied attributes. The vulnerability can be exploited...

WordPress SiteOrigin Widgets Bundle plugin <= 1.60.0 - - Authenticated (Contributor+) Stored Cross-Site Scripting via 'siteorigin_widget' Shortcode vulnerability

WordPress SiteOrigin Widgets Bundle plugin = 1.60.0 - - Authenticated Contributor+ Stored Cross-Site Scripting via 'siteoriginwidget' Shortcode vulnerability discovered by stealthcopter in WordPress Plugin SiteOrigin Widgets Bundle versions = 1.60.0...

WordPress SiteOrigin Widgets Bundle Plugin <= 1.60.0 is vulnerable to Cross Site Scripting (XSS)

Software SiteOrigin Widgets Bundle Type Plugin Vulnerable versions = 1.60.0 Fixed in 1.61.0 OWASP Top 10 A7: Cross-Site Scripting XSS Classification Cross Site Scripting XSS CVE CVE-2024-4362 Patch priority Low CVSS severity Low 6.5 Developer Claim ownership PSID 9b62158e461e Credits stealthcopte...

CVE-2024-29651

A prototype pollution flaw was found in the API Dev Tools json-schema-ref-parser. This flaw allows a remote attacker to cause a denial of service, Cross-site scripting, or arbitrary code via the bundle, parse, resolve, and dereference functions. Mitigation Mitigation for this issue is either not...

scheb/two-factor-bundle bypass two-factor authentication with remember-me option

In versions prior to 3.26.0 and prior to 4.11.0 of the "scheb/two-factor-bundle" project, a security vulnerability allowed attackers to bypass two-factor authentication 2FA using the rememberme cookie. When the rememberme checkbox was used during login, a "REMEMBERME" cookie was created. Upon...

GHSA-H6MP-MC7G-MG49 scheb/two-factor-bundle bypass two-factor authentication with unverified JWT trusted device token

Before version 3.7 the bundle is vulnerable to a security issue in JWT, which can be exploited by an attacker to generate trusted device cookies on their own, effectively by-passing two-factor authentication...

scheb/two-factor-bundle bypass two-factor authentication with unverified JWT trusted device token

Before version 3.7 the bundle is vulnerable to a security issue in JWT, which can be exploited by an attacker to generate trusted device cookies on their own, effectively by-passing two-factor authentication...

PT-2024-40226 · Unknown · Scheb/Two-Factor-Bundle

Name of the Vulnerable Software and Affected Versions: scheb/two-factor-bundle versions prior to 3.26.0 scheb/two-factor-bundle versions prior to 4.11.0 Description: A security issue allowed attackers to bypass two-factor authentication 2FA using the remember me cookie. When the remember me...

GHSA-5F97-H2C2-826Q json-schema-ref-parser Prototype Pollution issue

A Prototype Pollution issue in API Dev Tools json-schema-ref-parser v.11.0.0 and v.11.1.0 allows a remote attacker to execute arbitrary code via the bundle, parse, resolve, dereference functions...

json-schema-ref-parser Prototype Pollution issue

A Prototype Pollution issue in API Dev Tools json-schema-ref-parser v.11.0.0 and v.11.1.0 allows a remote attacker to execute arbitrary code via the bundle, parse, resolve, dereference functions...

CVE-2024-29651

A Prototype Pollution issue in API Dev Tools json-schema-ref-parser v.11.0.0 and v.11.1.0 allows a remote attacker to execute arbitrary code via the bundle, parse, resolve, dereference functions...

CVE-2024-29651

CVE-2024-29651 is a Prototype Pollution vulnerability in API Dev Tools json-schema-ref-parser (versions 11.0.0 and 11.1.0). The flaw allows remote code execution or denial of service by manipulating Object.prototype via bundle(), parse(), resolve(), or dereference() functions. Affected IBM stack ...

Session Hijacking

friendsofsymfony/user-bundle is vulnerable to session hijacking. The vulnerability is due to inadequate session management, which could allow an attacker to take over a users session...