SUSE CVE-2025-71304

In the Linux kernel, the following vulnerability has been resolved: smack: /smack/doi: accept previously used values Writing to /smack/doi a value that has ever been written there in the past disables networking for non-ambient labels. E.g. cat /smack/doi 3 netlabelctl -p cipso list Configured...

EUVD-2025-209968

In the Linux kernel, the following vulnerability has been resolved: smack: /smack/doi: accept previously used values Writing to /smack/doi a value that has ever been written there in the past disables networking for non-ambient labels. E.g. cat /smack/doi 3 netlabelctl -p cipso list Configured...

CVE-2025-71304

In the Linux kernel, the following vulnerability has been resolved: smack: /smack/doi: accept previously used values Writing to /smack/doi a value that has ever been written there in the past disables networking for non-ambient labels. E.g. cat /smack/doi 3 netlabelctl -p cipso list Configured...

CVE-2025-58144

This CNA information record relates to multiple CVEs; the text explains which aspects/vulnerabilities correspond to which CVE. There are two issues related to the mapping of pages belonging to other domains: For one, an assertion is wrong there, where the case actually needs handling. A NULL...

Incorrect User Management

Overview org.keycloak:keycloak-services is an open source identity and access management solution for modern applications and services. Affected versions of this package are vulnerable to Incorrect User Management in oidc/OrganizationMembershipMapper.java, which relies on matching the domain of a...

PT-2024-36978 · Linux · Linux Kernel

Name of the Vulnerable Software and Affected Versions: Linux kernel versions prior to 6.13.0-rc1-00028-g4b50c3c3b998-dirty Description: A NULL pointer dereference issue has been resolved in the Linux kernel's iommu/vt-d component. The issue occurs when trying to map pages to a nested parent domai...

A flaw was found in the way Samba maps domain users to local users. An authenticated attacker could use this flaw to cause possible privilege escalation.

...

WordPress Domain Mapping System – Manage Unlimited Domains on your Site Plugin < 1.9.3 is vulnerable to Cross Site Scripting (XSS)

Software Domain Mapping System – Manage Unlimited Domains on your Site Type Plugin Vulnerable versions 1.9.3 Fixed in 1.9.3 OWASP Top 10 A3: Injection Classification Cross Site Scripting XSS CVE CVE-2023-33999 Patch priority Medium CVSS severity Medium 7.1 Developer Claim ownership PSID...

WordPress Domain Mapping System – Manage Unlimited Domains on your Site plugin <= 1.6.7 - Toggle The Debug Mode via Cross-Site Request Forgery (CSRF) vulnerability

Toggle The Debug Mode via Cross-Site Request Forgery CSRF vulnerability discovered in WordPress Domain Mapping System – Manage Unlimited Domains on your Site plugin versions = 1.6.7. Solution Update the WordPress Domain Mapping System – Manage Unlimited Domains on your Site plugin to the latest...

WordPress Domain Mapping System – Manage Unlimited Domains on your Site plugin <= 1.6.7 - Sensitive Information Disclosure vulnerability

Sensitive Information Disclosure vulnerability discovered in WordPress Domain Mapping System – Manage Unlimited Domains on your Site plugin versions = 1.6.7. Solution Update the WordPress Domain Mapping System – Manage Unlimited Domains on your Site plugin to the latest available version at least...

Design/Logic Flaw

long running loops in grant table handling In order to properly monitor resource use, Xen maintains information on the grant mappings a domain may create to map grants offered by other domains. In the process of carrying out certain actions, Xen would iterate over all such entries, including ones...

CVE-2021-28698

long running loops in grant table handling In order to properly monitor resource use, Xen maintains information on the grant mappings a domain may create to map grants offered by other domains. In the process of carrying out certain actions, Xen would iterate over all such entries, including ones...

CVE-2020-5340

RSA Authentication Manager versions prior to 8.4 P10 contain a stored cross-site scripting vulnerability in the Security Console. A malicious RSA Authentication Manager Security Console administrator with advanced privileges could exploit this vulnerability to store arbitrary HTML or JavaScript...

Cross site scripting

RSA Authentication Manager versions prior to 8.4 P10 contain a stored cross-site scripting vulnerability in the Security Console. A malicious RSA Authentication Manager Security Console administrator with advanced privileges could exploit this vulnerability to store arbitrary HTML or JavaScript...

WordPress: code.wordpress.net subdomain Takeover

Hy Wordpress sec i found as it is posible to takeover this domain http://code.wordpress.net when you navigate it you will get this error msg: Warning! Domain mapping upgrade for this domain not found. Please log in and go to the Domains Upgrades page of your blog to use this domain. $ host...

Security: Wrong security context loaded when using SAML2 STS Login Module

It was found that when processing undefined security domains, the org.jboss.security.plugins.mapping.JBossMappingManager implementation would fall back to the default security domain if it was available. A user with valid credentials in the defined default domain, with a role that is valid in the...

WP Super Cache 1.3 - trunk/plugins/domain-mapping.php URI XSS

The WP Super Cache WordPress plugin was affected by a trunk/plugins/domain-mapping.php URI XSS security vulnerability...