PT-2022-20224 · Go +9 · Go +9

Name of the Vulnerable Software and Affected Versions: Go versions prior to 1.17.12 Go versions prior to 1.18.4 Description: The issue is related to uncontrolled recursion in the Decoder.Decode function in the encoding/gob package. This allows an attacker to cause a panic due to stack exhaustion ...

Framework: Data Binding Rules Vulnerability

In Spring Framework versions 5.3.0 - 5.3.18, 5.2.0 - 5.2.20, and older unsupported versions, the patterns for disallowedFields on a DataBinder are case sensitive which means a field is not effectively protected unless it is listed with both upper and lower case for the first character of the fiel...

jackson-databind: denial of service via a large depth of nested objects

A flaw was found in the Jackson Databind package. This cause of the issue is due to a Java StackOverflow exception and a denial of service via a significant depth of nested objects...

GO-2022-0192 Incorrect parsing of nested templates in golang.org/x/net/html

The Parse function can panic on some invalid inputs. For example, the Parse function panics on the input ""...

Important: Red Hat Security Advisory: kernel security and bug fix update

An update for kernel is now available for Red Hat Enterprise Linux 8. Red Hat Product Security has rated this update as having a security impact of Important. A Common Vulnerability Scoring System CVSS base score, which gives a detailed severity rating, is available for each vulnerability from th...

golang: regexp: stack exhaustion via a deeply nested expression

A stack overflow flaw was found in Golang's regexp module, which can crash the runtime if the application using regexp accepts very long or arbitrarily long regexps from untrusted sources that have sufficient nesting depths. To exploit this vulnerability, an attacker would need to send large...

WordPress Nested Pages plugin跨站脚本漏洞

WordPress and WordPress plugin are both products of the WordPress Foundation. WordPress is a set of blogging platforms developed using the PHP language. WordPress plugin is an application plugin. WordPress Nested Pages plugin version prior to 3.1.21 has a cross-site scripting vulnerability that...

Important: kernel security and bug fix update

The kernel packages contain the Linux kernel, the core of any Linux operating system. Security Fixes: kernel: buffer overflow in IPsec ESP transformation code CVE-2022-27666 kernel: out-of-bounds read in fbcongetfont function CVE-2020-28915 For more details about the security issues, including th...

ALSA-2022:5316 Important: kernel security and bug fix update

The kernel packages contain the Linux kernel, the core of any Linux operating system. Security Fixes: kernel: buffer overflow in IPsec ESP transformation code CVE-2022-27666 kernel: out-of-bounds read in fbcongetfont function CVE-2020-28915 For more details about the security issues, including th...

kernel security and bug fix update

An update is available for kernel. This update affects Rocky Linux 8. A Common Vulnerability Scoring System CVSS base score, which gives a detailed severity rating, is available for each vulnerability from the CVE list The kernel packages contain the Linux kernel, the core of any Linux operating...

RLSA-2022:5316 Important: kernel security and bug fix update

The kernel packages contain the Linux kernel, the core of any Linux operating system. Security Fixes: kernel: buffer overflow in IPsec ESP transformation code CVE-2022-27666 kernel: out-of-bounds read in fbcongetfont function CVE-2020-28915 For more details about the security issues, including th...

CVE-2022-1990

The Nested Pages WordPress plugin before 3.1.21 does not escape and sanitize the some of its settings, which could allow high privilege users to perform Stored Cross-Site Scripting attacks when the unfilteredhtml is disallowed...

CVE-2022-1990

The Nested Pages WordPress plugin before 3.1.21 does not escape and sanitize the some of its settings, which could allow high privilege users to perform Stored Cross-Site Scripting attacks when the unfilteredhtml is disallowed...

CVE-2022-1990

The Nested Pages WordPress plugin before 3.1.21 does not escape and sanitize the some of its settings, which could allow high privilege users to perform Stored Cross-Site Scripting attacks when the unfilteredhtml is disallowed...

Cross site scripting

The Nested Pages WordPress plugin before 3.1.21 does not escape and sanitize the some of its settings, which could allow high privilege users to perform Stored Cross-Site Scripting attacks when the unfilteredhtml is disallowed...

CVE-2022-1990

CVE-2022-1990 affects the WordPress Nested Pages plugin prior to version 3.1.21. The vulnerability arises because the plugin does not escape and sanitize certain settings, enabling Stored Cross-Site Scripting when unfiltered_html is disallowed. Public sources across Red Hat, NVD, CNVD, OSV, and P...

WordPress plugin Nested Pages 跨站脚本漏洞

WordPress and WordPress plugin are both products of the WordPress Foundation. WordPress is a set of blogging platforms developed using the PHP language. WordPress plugin is an application plugin. WordPress Nested Pages plugin version prior to 3.1.21 has a cross-site scripting vulnerability that...

PT-2022-14242 · WordPress · Nested Pages

Name of the Vulnerable Software and Affected Versions: Nested Pages WordPress plugin versions prior to 3.1.21 Description: The issue allows high privilege users to perform Stored Cross-Site Scripting attacks when the unfiltered html is disallowed, due to the plugin not escaping and sanitizing som...

Reflected Cross-site Scripting in Jenkins Nested View Plugin

Jenkins Nested View Plugin 1.20 through 1.25 both inclusive does not escape search parameters, resulting in a reflected cross-site scripting XSS vulnerability. Nested View Plugin 1.26 escapes search parameters...

GHSA-H642-5H74-3X9C Reflected Cross-site Scripting in Jenkins Nested View Plugin

Jenkins Nested View Plugin 1.20 through 1.25 both inclusive does not escape search parameters, resulting in a reflected cross-site scripting XSS vulnerability. Nested View Plugin 1.26 escapes search parameters...