Astra Linux - уязвимость в firefox

By manipulating the fullscreen feature while opening a data-list, an attacker could overlay a text box over the address bar. This could lead to user confusion and potential spoofing attacks. This vulnerability affects Firefox versions less than 127...

CVE-2026-31481

In the Linux kernel, the following vulnerability has been resolved: tracing: Drain deferred trigger frees if kthread creation fails Boot-time trigger registration can fail before the trigger-data cleanup kthread exists. Deferring those frees until late init is fine, but the post-boot fallback mus...

Unity Linux 20.1060a / 20.1070a Security Update: kernel (UTSA-2025-992941)

The Unity Linux 20 host has a package installed that is affected by a vulnerability as referenced in the UTSA-2025-992941 advisory. In the Linux kernel, the following vulnerability has been resolved: hwmon: ibmpex Fix possible UAF when ibmpexregisterbmc fails Smatch report warning as follows:...

Linux Distros Unpatched Vulnerability : CVE-2024-5698

The Linux/Unix host has one or more packages installed that are impacted by a vulnerability without a vendor supplied patch available. - By manipulating the fullscreen feature while opening a data-list, an attacker could have overlaid a text box over the address bar. This could have led to user...

SUSE CVE-2024-58072

In the Linux kernel, the following vulnerability has been resolved: wifi: rtlwifi: remove unused checkbuddypriv Commit 2461c7d60f9f "rtlwifi: Update header file" introduced a global list of private data structures. Later on, commit 26634c4b1868 "rtlwifi Modify existing bits to match vendor versio...

WordPress plugin KiviCare SQL注入漏洞

WordPress and WordPress plugin are both products of the WordPress Foundation.WordPress is a set of blogging platforms developed using the PHP language. The platform supports setting up personal blog sites on servers with PHP and MySQL.WordPress plugin is an application plugin. A SQL injection...

PT-2024-38688 · Anhui Deshun Intelligent Technology · Jielink+ Jsotc2016

Name of the Vulnerable Software and Affected Versions: Anhui Deshun Intelligent Technology Jieshun JieLink+ JSOTC2016 up to 20240805 Description: A vulnerability has been found in the software, classified as problematic, and affects an unknown functionality of the file...

netty-codec-http: Allocation of Resources Without Limits or Throttling

A flaw was found in the io.netty:netty-codec-http package. Affected versions of this package are vulnerable to Allocation of Resources Without Limits or Throttling issues due to the accumulation of data in the HttpPostRequestDecoder. The decoder cumulates bytes in the undecodedChunk buffer until ...

SUSE CVE-2024-5698

By manipulating the fullscreen feature while opening a data-list, an attacker could have overlaid a text box over the address bar. This could have led to user confusion and possible spoofing attacks. This vulnerability affects Firefox 127...

CVE-2024-5698

By manipulating the fullscreen feature while opening a data-list, an attacker could have overlaid a text box over the address bar. This could have led to user confusion and possible spoofing attacks. This vulnerability affects Firefox 127...

UBUNTU-CVE-2024-5698

By manipulating the fullscreen feature while opening a data-list, an attacker could have overlaid a text box over the address bar. This could have led to user confusion and possible spoofing attacks. This vulnerability affects Firefox 127...

CVE-2024-5698

CVE-2024-5698 affects Mozilla Firefox prior to version 127, where manipulating the fullscreen feature when opening a data-list could overlay a text box on the address bar, enabling user confusion and potential spoofing. The issue is confirmed across multiple sources (Mozilla advisories and vendor...

CVE-2024-5698

By manipulating the fullscreen feature while opening a data-list, an attacker could have overlaid a text box over the address bar. This could have led to user confusion and possible spoofing attacks. This vulnerability affects Firefox 127...

CVE-2023-32212

An attacker could have positioned a datalist element to obscure the address bar. This vulnerability affects Firefox 113, Firefox ESR 102.11, and Thunderbird 102.11...

CVE-2022-33718

An improper access control vulnerability in Wi-Fi Service prior to SMR AUG-2022 Release 1 allows untrusted applications to manipulate the list of apps that can use mobile data...

CVE-2022-33718

An improper access control vulnerability in Wi-Fi Service prior to SMR AUG-2022 Release 1 allows untrusted applications to manipulate the list of apps that can use mobile data...

PT-2020-16951 · Maxmind +8 · Libmaxminddb +8

Name of the Vulnerable Software and Affected Versions: libmaxminddb versions prior to 1.4.3 Description: The issue is a heap-based buffer over-read in the dump entry data list function in maxminddb.c. This occurs in libmaxminddb before version 1.4.3. Recommendations: For versions prior to 1.4.3,...

CVE-2018-18608

DedeCMS 5.7 SP2 allows XSS via the function named GetPageList defined in the include/datalistcp.class.php file that is used to display the page numbers list at the bottom of some templates, as demonstrated by the PATHINFO to /member/index.php, /member/pm.php, /member/contentlist.php, or...