io.jenkins.blueocean:blueocean-pipeline-scm-api (>=1.27.4 <=1.27.5.1), io.jenkins.plugins:code-coverage-api (>=4.2.0 <=4.7.0) +12 more potentially affected by CVE-2023-32977 via org.jenkins-ci.plugins.workflow:workflow-job (>=0.1-beta-1 <=1292.v27d8cc3e2602)

org.jenkins-ci.plugins.workflow:workflow-job MAVEN version =0.1-beta-1, =1.27.4, =4.2.0, =1.17.vd2468d9c5e85, =0.1-beta-1, =1.14, =1.16.4 - org.jenkins-ci.plugins:gradle =2.12.0.1 - org.jenkins-ci.plugins:inline-pipeline =1.0.3 Source cves: CVE-2023-32977 Source advisory: OSV:GHSA-2WVV-PHHW-QVMC...

GHSA-M974-XJ4J-7QV5 Boxo bitswap/server: DOS unbounded persistent memory leak

Impact An attacker is able allocate arbitrarily many bytes in the Bitswap server by sending many WANTBLOCK and or WANTHAVE requests which are queued in an unbounded queue, with allocations that persist even if the connection is closed. This affects users accepting untrusted connections with the...

PT-2023-20166 · Boxo · Boxo

Name of the Vulnerable Software and Affected Versions: Boxo versions 0.4.0 through 0.5.0 Description: An attacker can cause a Bitswap server to allocate and leak unbounded amounts of memory by sending many WANT BLOCK and or WANT HAVE requests which are queued in an unbounded queue, with allocatio...

kernel: gfs2: Always check inode size of inline inodes

In the Linux kernel, the following vulnerability has been resolved: gfs2: Always check inode size of inline inodes Check if the inode size of stuffed inline inodes is within the allowed range when reading inodes from disk gfs2dinodein. This prevents us from on-disk corruption. The two checks in...

PT-2024-1443 · Openeuler +7 · Openeuler Kernel +7

Name of the Vulnerable Software and Affected Versions: openEuler kernel versions 4.19.90 through 4.19.90-2401.3 openEuler kernel versions 5.10.0-60.18.0 through 5.10.0-183.0.0 Description: The issue is related to an integer overflow in the ext4 write inline data end function of the openEuler kern...

SUSE-SU-2023:2127-1 Security update for go1.19

This update for go1.19 fixes the following issues: Update to 1.19.9 bnc1200441: - CVE-2023-24539: fixed an improper sanitization of CSS values bnc1211029. - CVE-2023-24540: fixed an improper handling of JavaScript whitespace bnc1211030. - CVE-2023-29400: fixed an improper handling of empty HTML...

CVE-2023-24005

Auth. admin+ Stored Cross-Site Scripting XSS vulnerability in Winwar Media Inline Tweet Sharer – Twitter Sharing Plugin plugin = 2.5.3 versions...

CVE-2023-24005

Auth. admin+ Stored Cross-Site Scripting XSS vulnerability in Winwar Media Inline Tweet Sharer – Twitter Sharing Plugin plugin = 2.5.3 versions...

Cross site scripting

Auth. admin+ Stored Cross-Site Scripting XSS vulnerability in Winwar Media Inline Tweet Sharer – Twitter Sharing Plugin plugin = 2.5.3 versions...

CVE-2023-24005

Affects WordPress plugin WordPress Inline Tweet Sharer – Twitter Sharing Plugin (Plugin

CVE-2023-24005 WordPress Inline Tweet Sharer – Twitter Sharing Plugin Plugin <= 2.5.3 is vulnerable to Cross Site Scripting (XSS)

Auth. admin+ Stored Cross-Site Scripting XSS vulnerability in Winwar Media Inline Tweet Sharer – Twitter Sharing Plugin plugin = 2.5.3 versions...

WordPress plugin Inline Tweet Sharer – Twitter Sharing 跨站脚本漏洞

WordPress and WordPress plugin are both products of the WordPress Foundation.WordPress is a blogging platform developed using the PHP language. The platform supports personal blog sites on PHP and MySQL servers.WordPress plugin is an application plugin. A cross-site scripting vulnerability exists...

inline-alpin.de Cross Site Scripting vulnerability OBB-3252618

Following the coordinated and responsible vulnerability disclosure guidelines of the ISO 29147 standard, Open Bug Bounty has: a. verified the vulnerability and confirmed its existence; b. notified the website operator about its existence. Technical details of the vulnerability are currently hidde...

CVE-2023-28670

Jenkins Pipeline Aggregator View Plugin 1.13 and earlier does not escape a variable representing the current view's URL in inline JavaScript, resulting in a stored cross-site scripting XSS vulnerability exploitable by authenticated attackers with Overall/Read permission...

NimPlant - A Light-Weight First-Stage C2 Implant Written In Nim

ByCas van Cooten @chvancooten, with special thanks to some awesome folks: Fabian Mosch @S3cur3Th1sSh1t for sharing dynamic invocation implementation in Nim and the Ekko sleep mask function snovvcrash @snovvcrash for adding the initial version of execute-assembly & self-deleting implant option...

Webinar — A MythBusting Special: 9 Myths about File-based Threats

Bad actors love to deliver threats in files. Persistent and persuasive messages convince unsuspecting victims to accept and open files from unknown sources, executing the first step in a cyber attack. This continues to happen whether the file is an EXE or a Microsoft Excel document. Far too often...

SUSE CVE-2005-3167

Incomplete blacklist vulnerability in MediaWiki before 1.4.11 does not properly remove certain CSS inputs HTML inline style attributes that are processed as active content by Internet Explorer, which allows remote attackers to conduct cross-site scripting XSS attacks...

SUSE CVE-2005-3895

Open Ticket Request System OTRS 1.0.0 through 1.3.2 and 2.0.0 through 2.0.3, when AttachmentDownloadType is set to inline, renders text/html e-mail attachments as HTML in the browser when the queue moderator attempts to download the attachment, which allows remote attackers to execute arbitrary w...

SUSE CVE-2005-4501

MediaWiki before 1.5.4 uses a hard-coded "internal placeholder string", which allows remote attackers to bypass protection against cross-site scripting XSS attacks and execute Javascript using inline style attributes, which are processed by Internet Explorer...

SUSE CVE-2005-4807

Stack-based buffer overflow in the asbad function in messages.c in the GNU as gas assembler in Free Software Foundation GNU Binutils before 20050721 allows attackers to execute arbitrary code via a .c file with crafted inline assembly code...