kernel: tipc: move bc link creation back to tipc_node_create

In the Linux kernel, the following vulnerability has been resolved: tipc: move bc link creation back to tipcnodecreate Shuang Li reported a NULL pointer dereference crash: BUG: kernel NULL pointer dereference, address: 0000000000000068 RIP: 0010:tipclinkisup+0x5/0x10 tipc Call Trace:...

PT-2022-37354 · Unknown +2 · Democritus-Domains +2

Name of the Vulnerable Software and Affected Versions: d8s-htm version 0.1.0 democritus-domains affected versions not specified Description: A potential code-execution backdoor was inserted by a third party into the d8s-urls for python distributed on PyPI. The democritus-domains package also...

Hospital Management System 跨站脚本漏洞

Hospital Management System HMS is a computer system that helps manage health care-related information and helps health care providers do their jobs efficiently. hospital Management System v4.0 contains a cross-site scripting vulnerability that originates in the view-patient .php and...

CVE-2022-39420

Vulnerability in the Oracle Transportation Management product of Oracle Supply Chain component: Data, Functional Security. Supported versions that are affected are 6.4.3 and 6.5.1. Easily exploitable vulnerability allows low privileged attacker with network access via HTTP to compromise Oracle...

Design/Logic Flaw

Vulnerability in the Oracle Transportation Management product of Oracle Supply Chain component: Data, Functional Security. Supported versions that are affected are 6.4.3 and 6.5.1. Easily exploitable vulnerability allows low privileged attacker with network access via HTTP to compromise Oracle...

Oracle PeopleSoft Enterprise PeopleTools 跨站脚本漏洞

Oracle PeopleSoft Enterprise PeopleTools is Oracle's technology for delivering PeopleSoft applications that are synchronized with users' needs and expectations. A cross-site scripting vulnerability exists in Oracle PeopleSoft Enterprise PeopleTools. An attacker could exploit the vulnerability to...

GSD-2022-1006545 smb3: fix temporary data corruption in insert range

smb3: fix temporary data corruption in insert range This is an automated ID intended to aid in discovery of potential security vulnerabilities. The actual impact and attack plausibility have not yet been proven. This ID is fixed in Linux Kernel version v5.19.12 by commit...

Say Hello to Crazy Thin ‘Deep Insert’ ATM Skimmers

A number of financial institutions in and around New York City are dealing with a rash of super-thin "deep insert" skimming devices designed to fit inside the mouth of an ATMs card acceptance slot. The card skimmers are paired with tiny pinhole cameras that are cleverly disguised as part of the...

DEBIAN-CVE-2022-1184

A use-after-free flaw was found in fs/ext4/namei.c:dxinsertblock in the Linux kernel’s filesystem sub-component. This flaw allows a local attacker with a user privilege to cause a denial of service...

UBUNTU-CVE-2022-1184

A use-after-free flaw was found in fs/ext4/namei.c:dxinsertblock in the Linux kernel’s filesystem sub-component. This flaw allows a local attacker with a user privilege to cause a denial of service...

PT-2024-11770

Name of the Vulnerable Software and Affected Versions Linux kernel affected versions not specified Description The issue concerns temporary data corruption in the insert range of the smb3 module. The insert range does not discard the affected cached region, which can risk temporarily corrupting...

mariadb: server crash in Item_field::fix_outer_field for INSERT SELECT

MariaDB v10.4 to v10.8 was discovered to contain a segmentation fault via the component Itemfield::fixouterfield...

CVE-2022-22411

IBM Spectrum Scale Data Access Services DAS 5.1.3.1 could allow an authenticated user to insert code which could allow the attacker to manipulate cluster resources due to excessive permissions. IBM X-Force ID: 223016...

CVE-2022-33994

The Gutenberg plugin through 13.7.3 for WordPress allows stored XSS by the Contributor role via an SVG document to the "Insert from URL" feature. NOTE: the XSS payload does not execute in the context of the WordPress instance's domain; however, analogous attempts by low-privileged users to...

CVE-2022-33994

The Gutenberg plugin through 13.7.3 for WordPress allows stored XSS by the Contributor role via an SVG document to the "Insert from URL" feature. NOTE: the XSS payload does not execute in the context of the WordPress instance's domain; however, analogous attempts by low-privileged users to...

CVE-2022-33994

CVE-2022-33994 affects the WordPress Gutenberg plugin up to version 13.7.3. The vulnerability is a stored XSS via the SVG document when using the Insert from URL feature, exploitable by a Contributor, with the XSS payload not executing in the WordPress domain context. The description notes that s...

PT-2022-21956 · WordPress · Gutenberg

Name of the Vulnerable Software and Affected Versions: Gutenberg plugin versions through 13.7.3 for WordPress Description: The issue allows stored XSS by the Contributor role via an SVG document to the "Insert from URL" feature. The XSS payload does not execute in the context of the WordPress...

WordPress plugin Gutenberg 跨站脚本漏洞

WordPress and WordPress plugin are both products of the WordPress Foundation.WordPress is a blogging platform developed using the PHP language. The platform supports setting up personal blog sites on servers with PHP and MySQL.WordPress plugin is an application plugin. A cross-site scripting...

CVE-2022-27873

An attacker can force the victim’s device to perform arbitrary HTTP requests in WAN through a malicious SVG file being parsed by Autodesk Fusion 360’s document parser. The vulnerability exists in the application’s ‘Insert SVG’ procedure. An attacker can also leverage this vulnerability to obtain...

CVE-2022-27873

An attacker can force the victim’s device to perform arbitrary HTTP requests in WAN through a malicious SVG file being parsed by Autodesk Fusion 360’s document parser. The vulnerability exists in the application’s ‘Insert SVG’ procedure. An attacker can also leverage this vulnerability to obtain...