CVE-2022-48793

In the Linux kernel, the following vulnerability has been resolved: KVM: x86: nSVM: fix potential NULL derefernce on nested migration Turns out that due to review feedback and/or rebases I accidentally moved the call to nestedsvmloadcr3 to be too early, before the NPT is enabled, which is very...

CVE-2022-48793

CVE-2022-48793 affects the Linux kernel KVM/x86 nested migration path. The root cause is a NULL dereference caused by calling nested_svm_load_cr3 before Nested Page Tables (NPT) are enabled, preventing guest memory access and breaking mmu walk initialization. Red Hat and vendor advisories (RHSA-2...

CVE-2022-48793 KVM: x86: nSVM: fix potential NULL derefernce on nested migration

In the Linux kernel, the following vulnerability has been resolved: KVM: x86: nSVM: fix potential NULL derefernce on nested migration Turns out that due to review feedback and/or rebases I accidentally moved the call to nestedsvmloadcr3 to be too early, before the NPT is enabled, which is very...

SUSE CVE-2024-6611

A nested iframe, triggering a cross-site navigation, could send SameSite=Strict or Lax cookies. This vulnerability affects Firefox 128 and Thunderbird 128...

RHEL 5 : python (Unpatched Vulnerability)

The remote Redhat Enterprise Linux 5 host has one or more packages installed that are affected by a vulnerability that has been acknowledged by the vendor but will not be patched. - python: Nested zip file Zip bomb vulnerability in Lib/zipfile.py CVE-2019-9674 Note that Nessus has not tested for...

UBUNTU-CVE-2024-6611

A nested iframe, triggering a cross-site navigation, could send SameSite=Strict or Lax cookies. This vulnerability affects Firefox 128 and Thunderbird 128...

CVE-2024-6611

A nested iframe, triggering a cross-site navigation, could send SameSite=Strict or Lax cookies. This vulnerability affects Firefox 128 and Thunderbird 128...

CVE-2024-6611 Incorrect handling of SameSite cookies

A nested iframe, triggering a cross-site navigation, could send SameSite=Strict or Lax cookies. This vulnerability affects Firefox 128 and Thunderbird 128...

CVE-2024-6611

A nested iframe, triggering a cross-site navigation, could send SameSite=Strict or Lax cookies. This vulnerability affects Firefox 128 and Thunderbird 128...

CVE-2024-6611 Incorrect handling of SameSite cookies

A nested iframe, triggering a cross-site navigation, could send SameSite=Strict or Lax cookies. This vulnerability affects Firefox 128 and Thunderbird 128...

CVE-2024-5943

The Nested Pages plugin for WordPress is vulnerable to Cross-Site Request Forgery in all versions up to, and including, 3.2.7. This is due to missing or incorrect nonce validation on the 'settingsPage' function and missing santization of the 'tab' parameter. This makes it possible for...

CVE-2024-5943

CVE-2024-5943 — The Nested Pages WordPress plugin is vulnerable to Cross-Site Request Forgery in all versions up to 3.2.7. The issue arises from missing or incorrect nonce validation in the settingsPage function and missing sanitization of the tab parameter. This allows unauthenticated attackers ...

WordPress Nested Pages plugin <= 3.2.7 - Cross-Site Request Forgery to Local File Inclusion vulnerability

Cross-Site Request Forgery to Local File Inclusion vulnerability discovered by Bassem Essam in WordPress Plugin Nested Pages versions = 3.2.7...

PT-2024-37258 · WordPress · Nested Pages

Name of the Vulnerable Software and Affected Versions: Nested Pages plugin for WordPress versions up to, and including, 3.2.7 Description: The issue is due to missing or incorrect nonce validation on the settingsPage function and missing sanitization of the tab parameter. This makes it possible f...

WordPress plugin Nested Pages security vulnerability

WordPress and WordPress plugin are both products of the WordPress Foundation.WordPress is a blogging platform developed using the PHP language. The platform supports setting up personal blog sites on servers with PHP and MySQL. WordPress plugin is an application plugin. A security vulnerability...

WordPress Nested Pages Plugin <= 3.2.7 is vulnerable to Cross Site Request Forgery (CSRF)

Software Nested Pages Type Plugin Vulnerable versions = 3.2.7 Fixed in 3.2.8 OWASP Top 10 A1: Broken Access Control Classification Cross Site Request Forgery CSRF CVE CVE-2024-5943 Patch priority Low CVSS severity Low 8.3 Developer Claim ownership PSID ec525e948d0f Credits Bassem Essam Required...

AZL-43474 CVE-2024-37298 affecting package podman 4.1.1-26

gorilla/schema converts structs to and from form values. Prior to version 1.4.1 Running schema.Decoder.Decode on a struct that has a field of type struct... opens it up to malicious attacks regarding memory allocations, taking advantage of the sparse slice functionality. Any use of...

AZL-43146 CVE-2024-37298 affecting package telegraf for versions less than 1.29.4-7

gorilla/schema converts structs to and from form values. Prior to version 1.4.1 Running schema.Decoder.Decode on a struct that has a field of type struct... opens it up to malicious attacks regarding memory allocations, taking advantage of the sparse slice functionality. Any use of...

Astra Linux – Vulnerability in Firefox

A nested iframe, which triggers cross-site navigation, may send cookies with the SameSite=Strict or Lax attribute. This vulnerability affects Firefox 128 and Thunderbird 128...

Malicious code in accepts-nested_serialized_attributes (RubyGems)

--- -= Per source details. Do not edit below this line.=-...