WordPress Base64 Encoder/Decoder Plugin <= 0.9.2 is vulnerable to Cross Site Scripting (XSS)

Software Base64 Encoder/Decoder Type Plugin Vulnerable versions = 0.9.2 Fixed in N/A OWASP Top 10 A7: Cross-Site Scripting XSS Classification Cross Site Scripting XSS CVE CVE-2024-3822 Patch priority Low CVSS severity Low 7.1 Developer Claim ownership PSID 72ed251444bf Credits Francisco Spínola...

WordPress Base64 Encoder/Decoder Plugin <= 0.9.2 is vulnerable to Cross Site Request Forgery (CSRF)

Software Base64 Encoder/Decoder Type Plugin Vulnerable versions = 0.9.2 Fixed in N/A OWASP Top 10 A5: Broken Access Control Classification Cross Site Request Forgery CSRF CVE CVE-2024-3824 Patch priority Low CVSS severity Low 4.3 Developer Claim ownership PSID 51b5eb3fcb26 Credits Bob Matyas...

WordPress Base64 Encoder/Decoder Plugin <= 0.9.2 is vulnerable to Cross Site Scripting (XSS)

Software Base64 Encoder/Decoder Type Plugin Vulnerable versions = 0.9.2 Fixed in N/A OWASP Top 10 A7: Cross-Site Scripting XSS Classification Cross Site Scripting XSS CVE CVE-2024-3823 Patch priority Low CVSS severity Low 4.3 Developer Claim ownership PSID 27653189d20e Credits Bob Matyas Required...

The vulnerability of the AVerCaster video encoding device lies in its insufficient attempt-limiting mechanism, which allows attackers to execute a brute-force attack.

The vulnerability of the AVerCaster video encoding device is related to insufficient restrictions on authentication attempts. Exploiting this vulnerability allows a remote attacker to execute an attack using brute-force methods...

The vulnerability of the AVerCaster video encoding device, related to the transmission of authentication information in an open manner, allows a intruder to gain unauthorized access to the protected information.

The vulnerability of the AVerCaster video encoding device lies in the transmission of authentication information in an open manner. Exploiting this vulnerability can allow a remote attacker to gain unauthorized access to the protected information...

SUSE CVE-2024-27074

In the Linux kernel, the following vulnerability has been resolved: media: go7007: fix a memleak in go7007loadencoder In go7007loadencoder, bouncei.e. go-bootfw, is allocated without a deallocation thereafter. After the following call chain: saa7134go7007init |- go7007bootencoder |-...

PT-2024-40753 · Unknown · Checkstyle

Name of the Vulnerable Software and Affected Versions: Checkstyle affected versions not specified Description: A security exception occurs in the JavaLanguageParser.expr function, potentially related to encoding issues in the UTF 8.updatePositions and UTF 8$Encoder.encodeArrayLoop functions...

CVE-2024-27074

In the Linux kernel, the following vulnerability has been resolved: media: go7007: fix a memleak in go7007loadencoder In go7007loadencoder, bouncei.e. go-bootfw, is allocated without a deallocation thereafter. After the following call chain: saa7134go7007init |- go7007bootencoder |-...

CVE-2024-27074

The CVE-2024-27074 entry concerns a Linux kernel memory leak in the media go7007 path. Specifically, in go7007_load_encoder the bounce object (go-&gt;boot_fw) is allocated but not deallocated, and is freed later via kfree(go) after the call chain saa7134_go7007_init -&gt; go7007_boot_encoder -&gt...

CVE-2024-27074 media: go7007: fix a memleak in go7007_load_encoder

In the Linux kernel, the following vulnerability has been resolved: media: go7007: fix a memleak in go7007loadencoder In go7007loadencoder, bouncei.e. go-bootfw, is allocated without a deallocation thereafter. After the following call chain: saa7134go7007init |- go7007bootencoder |-...

AZL-67478 CVE-2024-26938 affecting package kernel 5.15.200.1-1

In the Linux kernel, the following vulnerability has been resolved: drm/i915/bios: Tolerate devdata==NULL in intelbiosencodersupportsdpdualmode If we have no VBT, or the VBT didn't declare the encoder in question, we won't have the 'devdata' for the encoder. Instead of oopsing just bail early. We...

DEBIAN-CVE-2024-26938

In the Linux kernel, the following vulnerability has been resolved: drm/i915/bios: Tolerate devdata==NULL in intelbiosencodersupportsdpdualmode If we have no VBT, or the VBT didn't declare the encoder in question, we won't have the 'devdata' for the encoder. Instead of oopsing just bail early. We...

CVE-2024-26938

CVE-2024-26938 is a Linux kernel vulnerability in the drm/i915/bios path. The issue occurs when int​el_bios_encoder_supports_dp_dual_mode() encounters a NULL devdata for a DP encoder (e.g., if there is no VBT or the VBT does not declare the encoder). The kernel previously could oops or mis-handle...

CVE-2024-26938 drm/i915/bios: Tolerate devdata==NULL in intel_bios_encoder_supports_dp_dual_mode()

In the Linux kernel, the following vulnerability has been resolved: drm/i915/bios: Tolerate devdata==NULL in intelbiosencodersupportsdpdualmode If we have no VBT, or the VBT didn't declare the encoder in question, we won't have the 'devdata' for the encoder. Instead of oopsing just bail early. We...

The vulnerability of the Adobe Media Encoder application, related to the execution of operations beyond buffer boundaries in memory, allows an attacker to execute arbitrary code.

The vulnerability of the Adobe Media Encoder application relates to the execution of operations beyond the buffer boundaries in memory. Exploiting this vulnerability allows an attacker to execute arbitrary code using a specially created malicious file...

The vulnerability of the JpegEncoder::Encode function in the file format decoders and encoders of the libheif library allows a attacker to cause a service failure.

The vulnerability of the JpegEncoder::Encode function in file format decoders and encoders of the libheif library is related to a memory leak. Exploiting this vulnerability could allow an attacker to cause service interruptions...

Base64 Encoder/Decoder <= 0.9.2 - Settings Reset via CSRF

Description The plugin does not have CSRF check in place when resetting its settings, which could allow attackers to make a logged in admin reset them via a CSRF attack PoC Make a logged in admin open an HTML file containing the following:...

Base64 Encoder/Decoder <= 0.9.2 - Stored XSS via CSRF

Description The plugin does not have CSRF check when updating its settings, and is missing sanitisation as well as escaping, which could allow attackers to make logged in admin add Stored XSS payloads via a CSRF attack Make a logged in admin open an HTML file containing the following: alert999'...

Base64 Encoder/Decoder <= 0.9.2 - Stored XSS via CSRF

Description The plugin does not have CSRF check when updating its settings, and is missing sanitisation as well as escaping, which could allow attackers to make logged in admin add Stored XSS payloads via a CSRF attack PoC Make a logged in admin open an HTML file containing the following:...

Base64 Encoder/Decoder <= 0.9.2 - Settings Reset via CSRF

Description The plugin does not have CSRF check in place when resetting its settings, which could allow attackers to make a logged in admin reset them via a CSRF attack Make a logged in admin open an HTML file containing the following:...