6046 matches found
WordPress plugin WP Project Manager 安全漏洞
WordPress and WordPress plugin are both products of the WordPress Foundation.WordPress is a blogging platform developed using the PHP language. The platform supports setting up personal blog sites on servers with PHP and MySQL.WordPress plugin is an application plugin. A security vulnerability...
CVE-2024-50293
Technical details about CVE-2024-50293 (net/smc dangling sk in __smc_create) are not publicly provided in the supplied documents. Monitor for updates from official advisories.
CVE-2024-50293 net/smc: do not leave a dangling sk pointer in __smc_create()
In the Linux kernel, the following vulnerability has been resolved: net/smc: do not leave a dangling sk pointer in smccreate Thanks to commit 4bbd360a5084 "socket: Print pf-create when it does not clear sock-sk on failure.", syzbot found an issue with AFSMC: smccreate must clear sock-sk on failur...
CVE-2024-50286 ksmbd: fix slab-use-after-free in ksmbd_smb2_session_create
In the Linux kernel, the following vulnerability has been resolved: ksmbd: fix slab-use-after-free in ksmbdsmb2sessioncreate There is a race condition between ksmbdsmb2sessioncreate and ksmbdexpiresession. This patch add missing sessionstablelock while adding/deleting session from global session...
CVE-2024-50280 dm cache: fix flushing uninitialized delayed_work on cache_ctr error
In the Linux kernel, the following vulnerability has been resolved: dm cache: fix flushing uninitialized delayedwork on cachectr error An unexpected WARNON from flushwork may occur when cache creation fails, caused by destroying the uninitialized delayedwork waker in the error path of cachecreate...
PT-2024-10587 · Google · Android
Name of the Vulnerable Software and Affected Versions: Android affected versions not specified Description: The issue is related to a permission bypass due to a write size mismatch in the writeToParcel and createFromParcel methods of DcParamObject.java. This could lead to an elevation of...
Linux kernel 安全漏洞
Linux kernel is the kernel used by Linux, the open source operating system of the Linux Foundation in the United States. A security vulnerability exists in the Linux kernel that stems from leaving a dangling sk pointer in the smccreate function...
Vulnerability of components of the Linux operating system’s kernel, net/mlx5e, which allows a hacker to cause a service failure
The vulnerability of the net/mlx5e components in the Linux operating system is related to errors in the double release function of arfscreategroups. Exploiting this vulnerability can allow an attacker to cause a service failure...
PT-2024-34876 · Markus +1 · Markus +1
Name of the Vulnerable Software and Affected Versions: MarkUs versions prior to 2.4.8 Description: The issue is related to an arbitrary file write vulnerability in the update/upload/create file methods in Controllers, allowing authenticated instructors to write arbitrary files to any location on...
BIT-POSTGRESQL-2024-10976 PostgreSQL row security below e.g. subqueries disregards user ID changes
Incomplete tracking in PostgreSQL of tables with row security allows a reused query to view or change different rows from those intended. CVE-2023-2455 and CVE-2016-2193 fixed most interaction between row security and user ID changes. They missed cases where a subquery, WITH query, security invok...
CVE-2024-50983
FlightPath 7.5 contains a Cross Site Scripting XSS vulnerability, which allows authenticated remote attackers with administrative rights to inject arbitrary JavaScript in the web browser of a user by including a malicious payload into the Last Name section in the Create/Edit Faculty/Staff User or...
CVE-2017-13312
In createFromParcel of MediaCas.java, there is a possible parcel read/write mismatch due to improper input validation. This could lead to local escalation of privilege where an app can start an activity with system privileges with no additional execution privileges needed. User interaction is not...
CVE-2024-50983
FlightPath 7.5 contains a Cross Site Scripting XSS vulnerability, which allows authenticated remote attackers with administrative rights to inject arbitrary JavaScript in the web browser of a user by including a malicious payload into the Last Name section in the Create/Edit Faculty/Staff User or...
The vulnerability of PostgreSQL database management system’s CREATE POLICY command for tables with row-level protection allows attackers to execute arbitrary commands.
The vulnerability of PostgreSQL database management system’s CREATE POLICY commands related to the lack of consistency between independent representations of the overall state. Exploiting this vulnerability allows an attacker, operating remotely, to execute arbitrary commands by repeatedly using...
Calibre-Web 访问控制错误漏洞
Calibre-Web is a web application for browsing, reading, and downloading eBooks from the Calibre database by Jan B, an individual developer. An access control error vulnerability exists in Calibre-Web that stems from the createshelf method in shelf.py not verifying that a user has the required...
PT-2024-10582 · Google · Android
Name of the Vulnerable Software and Affected Versions: Android affected versions not specified Description: The issue is related to a read/write serialization problem in the createFromParcel method of ViewPager.java. This could allow for a permissions bypass, enabling local escalation of privileg...
CVE-2024-50983
FlightPath 7.5 contains a Cross Site Scripting XSS vulnerability, which allows authenticated remote attackers with administrative rights to inject arbitrary JavaScript in the web browser of a user by including a malicious payload into the Last Name section in the Create/Edit Faculty/Staff User or...
PT-2024-16598 · WordPress · The Popup Box – Create Countdown
Name of the Vulnerable Software and Affected Versions: The Popup Box – Create Countdown, Coupon, Video, Contact Form Popups plugin for WordPress versions up to, and including, 4.9.7 Description: The issue is related to a missing capability check on the deactivate plugin option function, which...
AZL-53215 CVE-2024-10976 affecting package postgresql for versions less than 16.5-1
Incomplete tracking in PostgreSQL of tables with row security allows a reused query to view or change different rows from those intended. CVE-2023-2455 and CVE-2016-2193 fixed most interaction between row security and user ID changes. They missed cases where a subquery, WITH query, security invok...
CVE-2023-4458
A flaw was found within the parsing of extended attributes in the kernel ksmbd module. The issue results from the lack of proper validation of user-supplied data, which can result in a read past the end of an allocated buffer. An attacker can leverage this to disclose sensitive information on...