WordPress plugin Endless Scroll 跨站脚本漏洞

WordPress and WordPress plugins are both products of the WordPress Foundation. WordPress is a blog platform developed using the PHP language. This platform allows for the creation of personal blog websites on servers based on PHP and MySQL. A WordPress plugin is an application that can be install...

Astra Linux - уязвимость в linux, linux-5.10, linux-5.15, linux-6.1

In the Linux kernel, the following vulnerability has been resolved: x86: stopped the use of stack-based calculations in the profilepc function. The profilepc function is used for timer-based profiling, which isn’t really that relevant anymore. It also makes assumptions about the stack layout that...

UBUNTU-CVE-2024-53061

In the Linux kernel, the following vulnerability has been resolved: media: s5p-jpeg: prevent buffer overflows The current logic allows word to be less than 2. If this happens, there will be buffer overflows, as reported by smatch. Add extra checks to prevent it. While here, remove an unused word ...

CVE-2024-50156 drm/msm: Avoid NULL dereference in msm_disp_state_print_regs()

In the Linux kernel, the following vulnerability has been resolved: drm/msm: Avoid NULL dereference in msmdispstateprintregs If the allocation in msmdispstatedumpregs failed then block-state can be NULL. The msmdispstateprintregs function does have code to try to handle it with: if reg dumpaddr =...

UBUNTU-CVE-2022-48886

In the Linux kernel, the following vulnerability has been resolved: ice: Add check for kzalloc Add the check for the return value of kzalloc in order to avoid NULL pointer dereference. Moreover, use the goto-label to share the clean code...

SUSE-SU-2024:1158-1 Security update for kubevirt, virt-api-container, virt-controller-container, virt-exportproxy-container, virt-exportserver-container, virt-handler-container, virt-launcher-container, virt-libguestfs-tools-container, virt-operator-container, virt-pr-helper-container

This update for kubevirt, virt-api-container, virt-controller-container, virt-exportproxy-container, virt-exportserver-container, virt-handler-container, virt-launcher-container, virt-libguestfs-tools-container, virt-operator-container, virt-pr-helper-container fixes the following issues: - rebui...

MiniPool.Count state is not fully cleaned up

Lines of code Vulnerability details Impact MiniCount state is not fully cleaned up Proof of Concept According to the PR that aims to address M-19 code-423n4/2022-12-gogopool-findings235 We removed minipool count entirely, in favor of the new AVAXValidating variable that tracks the amount of AVAX...

OESA-2022-1684 maven-shared-utils security update

This package can be the functional replacement of plexus-utils in Maven. At the same time, the package has many hightlights, such as: a lot of methods got cleaned up, generics got added and a lot of unused code dropped. Security Fixes: In Apache Maven maven-shared-utils prior to version 3.3.3, th...

Linux kernel denial of service vulnerability (CNVD-2022-79428)

Linux kernel is the kernel used by the Linux Foundation's open-source operating system Linux.KVM is one of the kernel-based virtual machines. A denial of service vulnerability exists in Linux kernel, which stems from a lack of code cleanup when the deviceadd call fails when adding a partition to...

CVE-2021-4150

A use-after-free flaw was found in the addpartition in block/partitions/core.c in the Linux kernel. A local attacker with user privileges could cause a denial of service on the system. The issue results from the lack of code cleanup when deviceadd call fails when adding a partition to the disk...

CVE-2021-4150

A use-after-free flaw was found in the addpartition in block/partitions/core.c in the Linux kernel. A local attacker with user privileges could cause a denial of service on the system. The issue results from the lack of code cleanup when deviceadd call fails when adding a partition to the disk...

Design/Logic Flaw

A use-after-free flaw was found in the addpartition in block/partitions/core.c in the Linux kernel. A local attacker with user privileges could cause a denial of service on the system. The issue results from the lack of code cleanup when deviceadd call fails when adding a partition to the disk...

CVE-2021-4150

A use-after-free flaw was found in the addpartition in block/partitions/core.c in the Linux kernel. A local attacker with user privileges could cause a denial of service on the system. The issue results from the lack of code cleanup when deviceadd call fails when adding a partition to the disk...

CVE-2021-4150

A use-after-free flaw was found in the addpartition in block/partitions/core.c in the Linux kernel. A local attacker with user privileges could cause a denial of service on the system. The issue results from the lack of code cleanup when deviceadd call fails when adding a partition to the disk...

PT-2022-1778

Name of the Vulnerable Software and Affected Versions Bitrix Site Manager versions prior to 21.0.100 Bitrix Site Manager versions 22.0.0 through 22.0.400 Bitrix Site Manager module Landing versions prior to 23.800.0 Description The 'vote' also known as "Polls, Votes" module in Bitrix Site Manager...

CVE-2021-45480

A memory leak flaw was found in the Reliable Datagram Socket RDS in TCP in the Linux kernel. A local attacker, with user privileges, could cause a denial of service on the system. The issue results from the code cleanup in rdsconncreate in net/rds/connection.c. Mitigation Mitigation for this issu...

CVE-2021-4150

A use-after-free flaw was found in the addpartition in block/partitions/core.c in the Linux kernel. A local attacker with user privileges could cause a denial of service on the system. The issue results from the lack of code cleanup when deviceadd call fails when adding a partition to the disk...

CVE-2021-28703

grant table v2 status pages may remain accessible after de-allocation take two Guest get permitted access to certain Xen-owned pages of memory. The majority of such pages remain allocated / associated with a guest for its entire lifetime. Grant table v2 status pages, however, get de-allocated whe...

openSUSE Security Update : cobbler (openSUSE-2021-46)

This update for cobbler fixes the following issues : - Add cobbler-tests subpackage for unit testing for openSUSE/SLE - Adds LoadModule definitions for openSUSE/SLE - Switch to new refactored auth module. - use systemctl to restart cobblerd on logfile rotation boo1169207 Mainline logrotate conf...

Security update for cobbler (moderate)

openSUSE Security Update: Security update for cobbler Announcement ID: openSUSE-SU-2021:0058-1 Rating: moderate References: 1020376 1029276 1048183 1074594 1075014 1081714 1081739 1090205 1097733 1101670 1104189 1104190 1104287 1105440 1105442 1113747 1128754 1128926 1130658 1134588 1149075 11518...