CVE-2021-47374

In the Linux kernel, the following vulnerability has been resolved: dma-debug: prevent an error message from causing runtime problems For some drivers, that use the DMA API. This error message can be reached several millions of times per second, causing spam to the kernel's printk buffer and...

Linux kernel 安全漏洞

Linux kernel is the kernel used by Linux, the open source operating system of the Linux Foundation in the United States. A security vulnerability exists in the Linux kernel that stems from an error message causing a runtime issue to exist...

CVE-2024-25533

Error messages in RuvarOA v6.01 and v12.01 were discovered to leak the physical path of the website /WorkFlow/OfficeFileUpdate.aspx. This vulnerability can allow attackers to write files to the server or execute arbitrary commands via crafted SQL statements...

MediaWiki 安全漏洞

MediaWiki is a suite of free and freely available web-based Wiki engines from the MediaWiki Foundation. The product can be used to deploy internal knowledge management and content management systems. A security vulnerability exists in MediaWiki that stems from an error message that is not escaped...

GHSA-969F-V7JV-PGJ3 ThinkPHP Cross-Site Scripting Vulnerability

ThinkPHP 8.0.3 allows remote attackers to exploit XSS due to inadequate filtering of function argument values in thinkexception.tpl...

CVE-2024-34467

ThinkPHP 8.0.3 allows remote attackers to exploit XSS due to inadequate filtering of function argument values in thinkexception.tpl...

CVE-2024-34467

ThinkPHP 8.0.3 allows remote attackers to exploit XSS due to inadequate filtering of function argument values in thinkexception.tpl...

CVE-2024-26999

In the Linux kernel, the following vulnerability has been resolved: serial/pmaczilog: Remove flawed mitigation for rx irq flood The mitigation was intended to stop the irq completely. That may be better than a hard lock-up but it turns out that you get a crash anyway if you're using pmaczilog as ...

CVE-2024-26999

In the Linux kernel, the following vulnerability has been resolved: serial/pmaczilog: Remove flawed mitigation for rx irq flood The mitigation was intended to stop the irq completely. That may be better than a hard lock-up but it turns out that you get a crash anyway if you're using pmaczilog as ...

CVE-2024-26999 serial/pmac_zilog: Remove flawed mitigation for rx irq flood

In the Linux kernel, the following vulnerability has been resolved: serial/pmaczilog: Remove flawed mitigation for rx irq flood The mitigation was intended to stop the irq completely. That may be better than a hard lock-up but it turns out that you get a crash anyway if you're using pmaczilog as ...

CVE-2022-48648

In the Linux kernel, the following vulnerability has been resolved: sfc: fix null pointer dereference in efxhardstartxmit Trying to get the channel from the txqueue variable here is wrong because we can only be here if txqueue is NULL, so we shouldn't dereference it. As the above comment in the...

shim: Out-of-bounds read printing error messages

A flaw was found in Shim when an error happened while creating a new ESL variable. If Shim fails to create the new variable, it tries to print an error message to the user; however, the number of parameters used by the logging function doesn't match the format string used by it, leading to a cras...

shim: Out-of-bounds read printing error messages

A flaw was found in Shim when an error happened while creating a new ESL variable. If Shim fails to create the new variable, it tries to print an error message to the user; however, the number of parameters used by the logging function doesn't match the format string used by it, leading to a cras...

Concrete CMS 9.2.7 Cross Site Scripting / Open Redirect Vulnerabilities

Concrete CMS version 9.2.7 suffers from information disclosure, open redirection, and persistent cross site scripting vulnerabilities. Exploit Title: Multiple Web Flaws in concretecmsv9.2.7 Exploit Author: Andrey Stoykov Version: 9.2.7 Tested on: Ubuntu 22.04 Blog: http://msecureltd.blogspot.com...

The vulnerability of the Phonos extension of the programming environment for implementing the MediaWiki hypertext environment allows a hacker to perform cross-site scripting attacks.

The vulnerability of the Phonos extension for implementing the MediaWiki hypertext environment exists due to the lack of measures taken to protect the structure of web pages. Exploiting this vulnerability could allow a malicious actor to perform cross-site scripting attacks via the...

Information Exposure Through an Error Message

Overview Affected versions of this package are vulnerable to Information Exposure Through an Error Message due to improper handling of sensitive information. An attacker can gain access to sensitive information by exploiting this vulnerability. Remediation Upgrade Azure.Identity to version 1.11.0...

CVE-2023-6877

The RSS Aggregator by Feedzy – Feed to Post, Autoblogging, News & YouTube Video Feeds Aggregator plugin for WordPress is vulnerable to Stored Cross-Site Scripting via the plugin's shortcodes in all versions up to, and including, 4.3.3 due to insufficient input sanitization and output escaping on...

CVE-2024-26797 drm/amd/display: Prevent potential buffer overflow in map_hw_resources

In the Linux kernel, the following vulnerability has been resolved: drm/amd/display: Prevent potential buffer overflow in maphwresources Adds a check in the maphwresources function to prevent a potential buffer overflow. The function was accessing arrays using an index that could potentially be...

CVE-2024-26797

In the Linux kernel, the following vulnerability has been resolved: drm/amd/display: Prevent potential buffer overflow in maphwresources Adds a check in the maphwresources function to prevent a potential buffer overflow. The function was accessing arrays using an index that could potentially be...

SUSE-SU-2024:1106-1 Security update for util-linux

This update for util-linux fixes the following issues: - CVE-2024-28085: Properly neutralize escape sequences in wall. bsc1221831 - Prevent error message if /var/lib/libuuid/clock.txt does not exist bsc1194642 - Fixed performance degradation bsc1207987...