CVE-2021-24494

The WP Offload SES Lite WordPress plugin before 1.4.5 did not escape some of the fields in the Activity page of the admin dashboard, such as the email's id, subject and recipient, which could lead to Stored Cross-Site Scripting issues when an attacker can control any of these fields, like the...

CVE-2021-24494

CVE-2021-24494 affects the WordPress plugin WP Offload SES Lite (before 1.4.5). The vulnerability stems from not escaping certain fields on the Activity page of the admin dashboard (e.g., email id, subject, recipient), allowing a Stored XSS when an attacker can control those fields (for example v...

WordPress 插件跨站脚本漏洞

WordPress is a set of blogging platforms developed using the PHP language by the Wordpress Foundation. The platform supports setting up personal blog sites on servers with PHP and MySQL. A cross-site scripting vulnerability exists in the WordPress WP Offload SES Lite plugin prior to version 1.4.5...

WordPress WP Offload SES Lite plugin <= 1.4.4 - Stored Cross-Site Scripting (XSS) vulnerability

Stored Cross-Site Scripting XSS vulnerability discovered by Ionut Morosan in WordPress WP Offload SES Lite plugin versions = 1.4.4. Solution Update the WordPress WP Offload SES Lite plugin to the latest available version at least 1.4.5...

WP Offload SES Lite < 1.4.5 - Stored Cross-Site Scripting (XSS)

The plugin did not escape some of the fields in the Activity page of the admin dashboard, such as the email's id, subject and recipient, which could lead to Stored Cross-Site Scripting issues when an attacker can control any of these fields, like the subject when filling a contact form for exampl...

UVI-2021-1000802 sch_htb: fix refcount leak in htb_parent_to_leaf_offload

schhtb: fix refcount leak in htbparenttoleafoffload This is an automated ID intended to aid in discovery of potential security vulnerabilities. The actual impact and attack plausibility have not yet been proven. This ID is fixed in Linux Kernel version v5.12.10 by commit...

PT-2024-11177 · Linux · Linux Kernel

Name of the Vulnerable Software and Affected Versions: Linux kernel affected versions not specified Description: A refcount leak issue has been identified in the Linux kernel, specifically in the htb parent to leaf offload function. The commit ae81feb7338c, which aimed to fix a NULL pointer...

PT-2024-11181 · Linux +4 · Linux Kernel +4

Name of the Vulnerable Software and Affected Versions: Linux kernel affected versions not specified Description: A use-after-free vulnerability has been resolved in the Linux kernel. The issue occurs when a netdev with active TLS offload goes down, and the TLS context is deallocated, but the sock...

Failed to publish image with platform layer if offload Compositing feature is enabled.

When offload Compositing feature is enabled, you may failed to publish image, which contains a platform layer. ELM log shows the following error: "An unexpected error occurred; export the log files and notify Technical Support that this error occurred."...

App Layering 2011 : After ELM Upgrade to 2011 from 2005, adding layer version gives "The issuing certificate does not have a usable private key."

--after upgrading ELM from 2005 to 2011 -- getting an error when we try to add a version to a layer "The issuing certificate does not have a usable private key." -- have offload compositing enabled on vCentre connectors...

openSUSE Security Update : gcc7 (openSUSE-2020-2301)

This update for gcc7 fixes the following issues : - CVE-2020-13844: Added mitigation for aarch64 Straight Line Speculation issue bsc1172798 - Enable fortran for the nvptx offload compiler. - Update README.First-for.SuSE.packagers - avoid assembler errors with AVX512 gather and scatter instruction...

UBUNTU-CVE-2020-10720

A flaw was found in the Linux kernel's implementation of GRO in versions before 5.2. This flaw allows an attacker with local access to crash the system...

Is 97% Network Traffic Offload Interesting?

Sports, gaming, and other live events have the potential to overwhelm network capacity due to the sheer volume of traffic generated when large numbers of viewers or gamers engage. These "peak" events may only occur once a month or even once a year sports championships, election results, gaming...

kernel: use-after-free read in napi_gro_frags() in the Linux kernel

A flaw was found in the Linux kernel’s implementation of GRO. This flaw allows an attacker with local access to crash the system...

Linux kernel resource management error vulnerability (CNVD-2020-50138)

Linux kernel is the kernel used by Linux, the open source operating system released by the Linux Foundation in the United States. A resource management error vulnerability exists in GRO in Linux kernel. A local attacker could exploit this vulnerability to cause a system crash...

PT-2022-1733 · Linux +10 · Linux Kernel +10

Name of the Vulnerable Software and Affected Versions: Linux kernel versions 5.4 through 5.6.10 Description: The issue is related to a heap out-of-bounds write in the netfilter subsystem of the Linux kernel, specifically in the nf dup netdev.c file. This can allow local users to gain privileges o...

kernel: net/mlx5e: Check for NOT_READY flag state after locking

A race condition was found in the Linux kernel Mellanox mlx5 network driver's traffic control offload flow management. A local user with privileges to configure traffic control flower filters can trigger concurrent flow deletion operations where the NOTREADY flag is checked before acquiring the...

kernel: net/sched: cbs NULL pointer dereference when offloading is enabled

A NULL pointer dereference flaw was found in the Linux kernel's network scheduler. This issue occurs when offloading is enabled, the cbs instance is not added to the list. The code also incorrectly handles the case when offload is disabled without removing the qdisc. This could allow a local user...

Cisco IOS and IOS XE Software Denial of Service Vulnerability (cisco-sa-20180328-bfd)

A denial of service DoS vulnerability exists in the Bidirectional Forwarding Detection BFD offload implementation of Cisco Catalyst 4500 Series Switches and Cisco Catalyst 4500-X Series Switches due to insufficient error handling when the BFD header in a BFD packet is incomplete. An...

Denial Of Service (DoS)

kernel is vulnerable to denial of service DoS. The vulnerability exists as a flaw was found in the way the Linux kernel handled fragmented IPv6 UDP datagrams over the bridge with UDP Fragmentation Offload UFO functionality on. A remote attacker could use this flaw to cause a denial of service...