openSUSE: Security Advisory for chromium (openSUSE-SU-2022:10086-1)

The remote host is missing an update for the SPDX-FileCopyrightText: 2024 Greenbone AG Some text descriptions might be excerpted from a referenced sources, and are Copyright C by the respective right holders. SPDX-License-Identifier: GPL-2.0-only ifdescription...

openSUSE: Security Advisory for chromium (openSUSE-SU-2023:0092-1)

The remote host is missing an update for the SPDX-FileCopyrightText: 2024 Greenbone AG Some text descriptions might be excerpted from a referenced sources, and are Copyright C by the respective right holders. SPDX-License-Identifier: GPL-2.0-only ifdescription...

CVE-2023-52499

In the Linux kernel, the following vulnerability has been resolved: powerpc/47x: Fix 47x syscall return crash Eddie reported that newer kernels were crashing during boot on his 476 FSP2 system: kernel tried to execute user page b7ee2000 - exploit attempt? uid: 0 BUG: Unable to handle kernel...

CVE-2023-52499

In the Linux kernel, the following vulnerability has been resolved: powerpc/47x: Fix 47x syscall return crash Eddie reported that newer kernels were crashing during boot on his 476 FSP2 system: kernel tried to execute user page b7ee2000 - exploit attempt? uid: 0 BUG: Unable to handle kernel...

CVE-2023-52499 powerpc/47x: Fix 47x syscall return crash

In the Linux kernel, the following vulnerability has been resolved: powerpc/47x: Fix 47x syscall return crash Eddie reported that newer kernels were crashing during boot on his 476 FSP2 system: kernel tried to execute user page b7ee2000 - exploit attempt? uid: 0 BUG: Unable to handle kernel...

golang: cmd/go: Protocol Fallback when fetching modules

A flaw was found in the Golang package cmd/go. This issue permits the fallback to insecure "git://" if trying to fetch a .git module that has no "https://" or "git+ssh://" available...

Denial Of Service (DOS)

NodeJS is vulnerable to Denial Of Service DOS. The vulnerability is caused due the fact that the fetch function in Node.js always decodes Brotli, making it possible for an attacker to cause resource exhaustion when fetching content from an untrusted URL. An attacker controlling the URL passed int...

SUSE CVE-2024-1554

The fetch API and navigation incorrectly shared the same cache, as the cache key did not include the optional headers fetch may contain. Under the correct circumstances, an attacker may have been able to poison the local browser cache by priming it with a fetch response controlled by the addition...

Simple Ajax Chat < 20240223 - Unauthenticated Stored XSS

Description The plugin does not prevent visitors from using malicious Names when using the chat, which will be reflected unsanitized to other users. await fetch"http://vulnerable-site.tld/wp-content/plugins/simple-ajax-chat/simple-ajax-chat-core.php?sacSendChat=yes", "credentials": "include",...

Updated nodejs yarnpkg packages fix security vulnerabilities

This is a security release. The following CVEs are fixed in this release: CVE-2024-21892 - Code injection and privilege escalation through Linux capabilities- High CVE-2024-22019 - http: Reading unprocessed HTTP request with unbounded chunk extension allows DoS attacks- High CVE-2023-46809 -...

GHSA-FMG4-X8PW-HJHG Fiber has Insecure CORS Configuration, Allowing Wildcard Origin with Credentials

The CORS middleware allows for insecure configurations that could potentially expose the application to multiple CORS-related vulnerabilities. Specifically, it allows setting the Access-Control-Allow-Origin header to a wildcard "" while also having the Access-Control-Allow-Credentials set to true...

Cache Poisoning

firefox is vulnerable to Cache Poisoning. The vulnerability is due to incorrect sharing of cache between the fetch API and navigation, as the cache key does not include optional headers that fetch may contain. It allows an attacker could potentially poison the local browser cache by priming it wi...

CVE-2024-0593

The Simple Job Board plugin for WordPress is vulnerable to unauthorized access of data| due to insufficient authorization checking on the fetchquickjob function in all versions up to, and including, 2.10.8. This makes it possible for unauthenticated attackers to fetch arbitrary posts, which can b...

Authorization

The Simple Job Board plugin for WordPress is vulnerable to unauthorized access of data| due to insufficient authorization checking on the fetchquickjob function in all versions up to, and including, 2.10.8. This makes it possible for unauthenticated attackers to fetch arbitrary posts, which can b...

CVE-2024-1554

The fetch API and navigation incorrectly shared the same cache, as the cache key did not include the optional headers fetch may contain. Under the correct circumstances, an attacker may have been able to poison the local browser cache by priming it with a fetch response controlled by the addition...

CVE-2024-1554

The fetch API and navigation incorrectly shared the same cache, as the cache key did not include the optional headers fetch may contain. Under the correct circumstances, an attacker may have been able to poison the local browser cache by priming it with a fetch response controlled by the addition...

UBUNTU-CVE-2024-1554

The fetch API and navigation incorrectly shared the same cache, as the cache key did not include the optional headers fetch may contain. Under the correct circumstances, an attacker may have been able to poison the local browser cache by priming it with a fetch response controlled by the addition...

Design/Logic Flaw

The fetch API and navigation incorrectly shared the same cache, as the cache key did not include the optional headers fetch may contain. Under the correct circumstances, an attacker may have been able to poison the local browser cache by priming it with a fetch response controlled by the addition...

CVE-2024-1554

The fetch API and navigation incorrectly shared the same cache, as the cache key did not include the optional headers fetch may contain. Under the correct circumstances, an attacker may have been able to poison the local browser cache by priming it with a fetch response controlled by the addition...

CVE-2024-1554

The fetch API and navigation incorrectly shared the same cache, as the cache key did not include the optional headers fetch may contain. Under the correct circumstances, an attacker may have been able to poison the local browser cache by priming it with a fetch response controlled by the addition...