CVE-2020-36310

CVE-2020-36310 affects the Linux kernel prior to 5.8, specifically arch/x86/kvm/svm/svm.c, where set_memory_region_test can infinite-loop on certain nested page faults (CID-e72436bc3a52). The connected Nessus/OSS documents confirm this exact issue in Unity Linux kernels and Debian/openSUSE adviso...

CVE-2020-36310

An issue was discovered in the Linux kernel before 5.8. arch/x86/kvm/svm/svm.c allows a setmemoryregiontest infinite loop for certain nested page faults, aka CID-e72436bc3a52...

CVE-2021-24171

The WooCommerce Upload Files WordPress plugin before 59.4 ran a single sanitization pass to remove blocked extensions such as .php. It was possible to bypass this and upload a file with a PHP extension by embedding a "blocked" extension within another "blocked" extension in the "wcuffilename"...

UBUNTU-CVE-2021-29657

arch/x86/kvm/svm/nested.c in the Linux kernel before 5.11.12 has a use-after-free in which an AMD KVM guest can bypass access control on host OS MSRs when there are nested guests, aka CID-a58d9166a756. This occurs because of a TOCTOU race condition associated with a VMCB12 double fetch in...

PT-2021-4275 · Linux +5 · Linux Kernel +5

Name of the Vulnerable Software and Affected Versions: Linux kernel versions prior to 5.11.12 Description: The issue is related to a use-after-free vulnerability in the arch/x86/kvm/svm/nested.c component of the Linux kernel, specifically affecting AMD KVM guests. This vulnerability can be...

Cross site scripting

Rocket.Chat before 3.11, 3.10.5, 3.9.7, 3.8.8 is vulnerable to persistent cross-site scripting XSS using nested markdown tags allowing a remote attacker to inject arbitrary JavaScript in a message. This flaw leads to arbitrary file read and RCE on Rocket.Chat desktop app...

CVE-2021-21624

An incorrect permission check in Jenkins Role-based Authorization Strategy Plugin 3.1 and earlier allows attackers with Item/Read permission on nested items to access them, even if they lack Item/Read permission for parent folders...

Authorization

An incorrect permission check in Jenkins Role-based Authorization Strategy Plugin 3.1 and earlier allows attackers with Item/Read permission on nested items to access them, even if they lack Item/Read permission for parent folders...

PT-2021-14667 · Oracle +1 · Java +1

Name of the Vulnerable Software and Affected Versions: Jenkins Role-based Authorization Strategy Plugin versions 3.1 and earlier Description: The issue arises from an incorrect permission check, allowing attackers with Item/Read permission on nested items to access them even if they lack Item/Rea...

PT-2021-14666 · Oracle +1 · Java +1

Name of the Vulnerable Software and Affected Versions: Jenkins Matrix Authorization Strategy Plugin versions 2.6.5 and earlier Description: The issue arises from an incorrect permission check, allowing attackers with Item/Read permission on nested items to access them even if they lack Item/Read...

Jenkins Matrix Authorization Strategy 安全漏洞

Jenkins Matrix Authorization Strategy is a Jenkins open source application plugin . The plug-in in Jenkins to achieve fine-grained access control . An incorrect permission check in Jenkins Matrix Authorization Strategy Plugin 2.6.5 and earlier allows attackers with Item/Read permissions to nested...

perl: heap-based buffer overflow in regular expression compiler leads to DoS

Perl before 5.30.3 on 32-bit platforms allows a heap-based buffer overflow because nested regular expression quantifiers have an integer overflow...

CVE-2021-27889

Cross-site Scripting XSS vulnerability in MyBB before 1.8.26 via Nested Auto URL when parsing messages...

CVE-2021-27889

Cross-site Scripting XSS vulnerability in MyBB before 1.8.26 via Nested Auto URL when parsing messages...

Cross site scripting

Cross-site Scripting XSS vulnerability in MyBB before 1.8.26 via Nested Auto URL when parsing messages...

CVE-2021-27889

Cross-site Scripting XSS vulnerability in MyBB before 1.8.26 via Nested Auto URL when parsing messages...

MyBB 跨站脚本漏洞

MyBB is a free open source forum software. A cross-site scripting vulnerability exists in the parsing of messages in Nested Auto URLs in versions of MyBB prior to 1.8.26. No details of the vulnerability are provided at this time...

PT-2021-17648 · Mybb · Mybb

Name of the Vulnerable Software and Affected Versions: MyBB versions prior to 1.8.26 Description: The issue is related to a Cross-site Scripting XSS vulnerability. It occurs when parsing messages, specifically via Nested Auto URL. This vulnerability can be exploited to execute malicious scripts o...

CVE-2020-1898

The fbunserialize function did not impose a depth limit for nested deserialization. That meant a maliciously constructed string could cause deserialization to recurse, leading to stack exhaustion. This issue affected HHVM prior to v4.32.3, between versions 4.33.0 and 4.56.0, 4.57.0, 4.58.0, 4.58....

CVE-2020-1898

The fbunserialize function did not impose a depth limit for nested deserialization. That meant a maliciously constructed string could cause deserialization to recurse, leading to stack exhaustion. This issue affected HHVM prior to v4.32.3, between versions 4.33.0 and 4.56.0, 4.57.0, 4.58.0, 4.58....