firefox: thunderbird: Confusing display of origin for external protocol handler prompt

The Mozilla Foundation's Security Advisory: The origin of an external protocol handler prompt could be obscured using a data: URL within an iframe...

DEBIAN-CVE-2024-10460

The origin of an external protocol handler prompt could have been obscured using a data: URL within an iframe. This vulnerability affects Firefox 132, Firefox ESR 128.4, Thunderbird 128.4, and Thunderbird 132...

SUSE CVE-2024-49958

In the Linux kernel, the following vulnerability has been resolved: ocfs2: reserve space for inline xattr before attaching reflink tree One of our customers reported a crash and a corrupted ocfs2 filesystem. The crash was due to the detection of corruption. Upon troubleshooting, the fsck -fn outp...

CVE-2024-49958

In the Linux kernel, the following vulnerability has been resolved: ocfs2: reserve space for inline xattr before attaching reflink tree One of our customers reported a crash and a corrupted ocfs2 filesystem. The crash was due to the detection of corruption. Upon troubleshooting, the fsck -fn outp...

AZL-52290 CVE-2024-49958 affecting package kernel for versions less than 5.15.173.1-1

In the Linux kernel, the following vulnerability has been resolved: ocfs2: reserve space for inline xattr before attaching reflink tree One of our customers reported a crash and a corrupted ocfs2 filesystem. The crash was due to the detection of corruption. Upon troubleshooting, the fsck -fn outp...

DEBIAN-CVE-2024-49958

In the Linux kernel, the following vulnerability has been resolved: ocfs2: reserve space for inline xattr before attaching reflink tree One of our customers reported a crash and a corrupted ocfs2 filesystem. The crash was due to the detection of corruption. Upon troubleshooting, the fsck -fn outp...

CVE-2024-49958

In the Linux kernel, the following vulnerability has been resolved: ocfs2: reserve space for inline xattr before attaching reflink tree One of our customers reported a crash and a corrupted ocfs2 filesystem. The crash was due to the detection of corruption. Upon troubleshooting, the fsck -fn outp...

UBUNTU-CVE-2024-49958

In the Linux kernel, the following vulnerability has been resolved: ocfs2: reserve space for inline xattr before attaching reflink tree One of our customers reported a crash and a corrupted ocfs2 filesystem. The crash was due to the detection of corruption. Upon troubleshooting, the fsck -fn outp...

CVE-2024-49958 ocfs2: reserve space for inline xattr before attaching reflink tree

In the Linux kernel, the following vulnerability has been resolved: ocfs2: reserve space for inline xattr before attaching reflink tree One of our customers reported a crash and a corrupted ocfs2 filesystem. The crash was due to the detection of corruption. Upon troubleshooting, the fsck -fn outp...

CVE-2024-49958 ocfs2: reserve space for inline xattr before attaching reflink tree

In the Linux kernel, the following vulnerability has been resolved: ocfs2: reserve space for inline xattr before attaching reflink tree One of our customers reported a crash and a corrupted ocfs2 filesystem. The crash was due to the detection of corruption. Upon troubleshooting, the fsck -fn outp...

CVE-2024-49958

CVE-2024-49958 affects OCFS2 in the Linux kernel, where during reflink-based operations inline xattrs space was reserved without confirming root metadata capacity. The function ocfs2_reflink_xattr_inline() reduced l_count from 243 to 227 while root metadata block already had extents up to 230, ca...

CVE-2024-49958 ocfs2: reserve space for inline xattr before attaching reflink tree

In the Linux kernel, the following vulnerability has been resolved: ocfs2: reserve space for inline xattr before attaching reflink tree One of our customers reported a crash and a corrupted ocfs2 filesystem. The crash was due to the detection of corruption. Upon troubleshooting, the fsck -fn outp...

AZL-50823 CVE-2024-47701 affecting package kernel for versions less than 5.15.173.1-1

In the Linux kernel, the following vulnerability has been resolved: ext4: avoid OOB when system.data xattr changes underneath the filesystem When looking up for an entry in an inlined directory, if evalueoffs is changed underneath the filesystem by some change in the block device, it will lead to...

AZL-50891 CVE-2024-47701 affecting package kernel for versions less than 6.6.56.1-5

In the Linux kernel, the following vulnerability has been resolved: ext4: avoid OOB when system.data xattr changes underneath the filesystem When looking up for an entry in an inlined directory, if evalueoffs is changed underneath the filesystem by some change in the block device, it will lead to...

UBUNTU-CVE-2024-47701

In the Linux kernel, the following vulnerability has been resolved: ext4: avoid OOB when system.data xattr changes underneath the filesystem When looking up for an entry in an inlined directory, if evalueoffs is changed underneath the filesystem by some change in the block device, it will lead to...

CVE-2024-47701 ext4: avoid OOB when system.data xattr changes underneath the filesystem

In the Linux kernel, the following vulnerability has been resolved: ext4: avoid OOB when system.data xattr changes underneath the filesystem When looking up for an entry in an inlined directory, if evalueoffs is changed underneath the filesystem by some change in the block device, it will lead to...

CVE-2024-9064

The Elementor Inline SVG plugin for WordPress is vulnerable to Stored Cross-Site Scripting via SVG File uploads in all versions up to, and including, 1.2.0 due to insufficient input sanitization and output escaping. This makes it possible for authenticated attackers, with Author-level access and...

WordPress plugin Elementor Inline SVG 跨站脚本漏洞

WordPress and WordPress plugin are both products of the WordPress Foundation.WordPress is a blogging platform developed using the PHP language. The platform supports setting up personal blog sites on servers with PHP and MySQL.WordPress plugin is an application plugin. A cross-site scripting...

WordPress Elementor Inline SVG plugin <= 1.2.0 - Authenticated (Author+) Stored Cross-Site Scripting vulnerability

Authenticated Author+ Stored Cross-Site Scripting vulnerability discovered by Francesco Carlucci in WordPress Plugin Elementor Inline SVG versions = 1.2.0...

WordPress Elementor Inline SVG Plugin <= 1.2.0 is vulnerable to Cross Site Scripting (XSS)

Software Elementor Inline SVG Type Plugin Vulnerable versions = 1.2.0 Fixed in N/A OWASP Top 10 A7: Cross-Site Scripting XSS Classification Cross Site Scripting XSS CVE CVE-2024-9064 Patch priority Low CVSS severity Low 5.9 Developer Claim ownership PSID 46f705204dc3 Credits Francesco Carlucci...