Vikunja 安全漏洞

Vikunja is an open-source to-do application developed by Vikunja developers. Versions of Vikunja prior to 2.2.0 contained security vulnerabilities. These vulnerabilities stemmed from defects in the password reset logic, which could allow disabled users to re-activate their accounts and bypass...

GHSA-QCJ6-VXWX-4RQV Decidim vulnerable to data disclosure through the embed feature

Impact If an attacker can infer the slug or URL of an unpublished or private resource, and this resource can be embedded such as a Participatory Process, an Assembly, a Proposal, a Result, etc, then some data of this resource could be accessed. Patches version 0.27.6...

Easy Table of Contents < 2.0.66 - Admin+ Stored XSS

Description The plugin does not sanitise and escape some of its settings, which could allow high privilege users such as editors to perform Cross-Site Scripting attacks even when unfilteredhtml is disallowed You should create new post with two more heading. Go to the settings of the plugin and...

CVE-2024-3921

The Gianism WordPress plugin through 5.1.0 does not sanitise and escape some of its settings, which could allow high privilege users such as admin to perform Stored Cross-Site Scripting attacks even when the unfilteredhtml capability is disallowed for example in multisite setup...

CVE-2024-26906

In the Linux kernel, the following vulnerability has been resolved: x86/mm: Disallow vsyscall page read for copyfromkernelnofault When trying to use copyfromkernelnofault to read vsyscall page through a bpf program, the following oops was reported: BUG: unable to handle page fault for address:...

Creating Azure catalog resources failed Resource 'citrix-xd-XXXXXX' was disallowed by policy.

Unable to create new machine catalogs when selecting the option - "Create a resource group to provision machines" within the catalog creation wizard and we observe the error - "Creating Azure catalog resources failed Resource 'citrix-xd-XXXXXX' was disallowed by policy. Reasons: 'Resource group i...

Back To The Top Button <= 2.1.5 - Admin+ Stored XSS

Description The plugin does not sanitize and escape some of its settings, which could allow high-privilege users such as admin to perform Stored Cross-Site Scripting attacks even when the unfilteredhtml capability is disallowed for example in multisite setup...

BORROWERS CAN AVOID LIQUIDATIONS, IF ERC777 TOKEN IS CONFIGURED AS AN emissionToken

Lines of code Vulnerability details Impact If a borrower is undercollateralized then he can be liquidated by a liquidator by calling the MErc20.liquidateBorrow function. liquidateBorrow function calls the MToken.liquidateBorrowFresh in its execution process. Inside the liquidateBorrowFresh functi...

CVE-2023-36471 HTML sanitizer allows form elements in restricted in org.xwiki.commons:xwiki-commons-xml

Xwiki commons is the common modules used by other XWiki top level projects. The HTML sanitizer that is included in XWiki since version 14.6RC1 allowed form and input HTML tags. In the context of XWiki, this allows an attacker without script right to either create forms that can be used for phishi...

malicious policyholder can forbid setRoleHolder/revokeExpiredRole/revokePolicy calls

Lines of code Vulnerability details Impact All policyholders can't trigger functions related to setRoleHolder, such as setRoleHolder/revokeExpiredRole/revokePolicy. So malicious hackers can achieve DoS or use expired roles for a long unexpected time. Proof of Concept In...

Fixed 7 CVEs in vim

CVE-2022-2206: adjust cmdlinerow and msgrow to the value of Rows - CVE-2022-2284: stop visual mode when closing a window - CVE-2022-2285: put a NUL after the typeahead - CVE-2022-2286: check the length of the string - CVE-2022-2287: disallow adding a word with control characters or a trailing...

Unbreakable Enterprise kernel-container security update

5.4.17-2136.304.4.5 - lib/ioviter: initialize 'flags' in new pipebuffer Max Kellermann Orabug: 33942329 CVE-2022-0847 - bpf: Disallow unprivileged bpf by default Pawan Gupta Orabug: 33942374...

Out-Of-Bounds Read

IBM Java SE version 6 includes the IBM Java Runtime Environment and the IBM Java Software Development Kit. This update fixes several vulnerabilities in the IBM Java Runtime Environment and the IBM Java Software Development Kit. Further information about these flaws can be found on the IBM Java...

Critical: Red Hat Security Advisory: java-1.8.0-ibm security update

Updated java-1.8.0-ibm packages that fix several security issues are now available for Red Hat Enterprise Linux 7 Supplementary. Red Hat Product Security has rated this update as having Critical security impact. Common Vulnerability Scoring System CVSS base scores, which give detailed severity...