2269 matches found
WordPress Fabrica Synced Pattern Instances plugin <= 1.0.8 - Reflected Cross Site Scripting (XSS) vulnerability
Reflected Cross Site Scripting XSS vulnerability discovered by João Pedro Soares de Alcântara - Kinorth Patchstack Alliance in WordPress Plugin Fabrica Synced Pattern Instances versions = 1.0.8...
WordPress Fabrica Synced Pattern Instances Plugin <= 1.0.8 is vulnerable to Cross Site Scripting (XSS)
Software Fabrica Synced Pattern Instances Type Plugin Vulnerable versions = 1.0.8 Fixed in 1.0.9 OWASP Top 10 A3: Injection Classification Cross Site Scripting XSS CVE CVE-2024-51695 Patch priority Medium CVSS severity Medium 7.1 Developer Claim ownership PSID 0fa9f1896c6c Credits João Pedro S...
MetaMask: Missing ^ Line Beginner Leads to Origin Spoofing
The vulnerability was identified in MetaMask's regex-based origin validation for endowments. Due to a missing caret ^ anchor at the beginning of the regex pattern, origin spoofing was possible. This oversight allowed malicious domains to be treated as trusted, bypassing intended security...
Malicious code in sc-pattern-library (npm)
--- -= Per source details. Do not edit below this line.=- Source: ghsa-malware 6cbcdc7facabe72ef42307c4747ea188fbeec7c3f4f2203bfab0770204dc01c9 Any computer that has this package installed or running should be considered fully compromised. All secrets and keys stored on that computer should be...
Denial-of-service due to unbounded pattern matching in Redis
...
UBUNTU-CVE-2024-46951
An issue was discovered in psi/zcolor.c in Artifex Ghostscript before 10.04.0. An unchecked Implementation pointer in Pattern color space could lead to arbitrary code execution...
AWS Cloud Development Kit Vulnerability Exposes Users to Potential Account Takeover Risks
Cybersecurity researchers have disclosed a security flaw impacting Amazon Web Services AWS Cloud Development Kit CDK that could have resulted in an account takeover under specific circumstances. "The impact of this issue could, in certain scenarios, allow an attacker to gain administrative access...
CVE-2024-20407
A vulnerability in the interaction between the TCP Intercept feature and the Snort 3 detection engine on Cisco Firepower Threat Defense FTD Software could allow an unauthenticated, remote attacker to bypass configured policies on an affected system. Devices that are configured with Snort 2 are no...
CVE-2024-20407
Cisco Firepower Threat Defense (FTD) Software contains a vulnerability in the interaction between the TCP Intercept feature and Snort 3 detection engine that could allow an unauthenticated, remote attacker to bypass configured policies and inject unintended traffic through an affected device. The...
SUSE CVE-2024-46951
An issue was discovered in psi/zcolor.c in Artifex Ghostscript before 10.04.0. An unchecked Implementation pointer in Pattern color space could lead to arbitrary code execution...
PT-2024-33856
Name of the Vulnerable Software and Affected Versions: Linux kernel versions prior to 6.6.58 Description: The issue is related to an integer overflow in the Linux kernel's DRM/AMD display module. Specifically, the sampling rate variable, which is an uint8 t, is assigned an unsigned int, leading t...
OESA-2024-2269 redis security update
Redis is an advanced key-value store. It is often referred to as a dattructure server since keys can contain strings, hashes ,lists, sets anorted sets. Security Fixes: Redis is an in-memory database that persists on disk. On startup, Redis begins listening on a Unix socket before adjusting its...
OESA-2024-2272 redis security update
Redis is an advanced key-value store. It is often referred to as a dattructure server since keys can contain strings, hashes ,lists, sets anorted sets. Security Fixes: Redis is an in-memory database that persists on disk. On startup, Redis begins listening on a Unix socket before adjusting its...
CVE-2024-38820 CVE-2024-38820: Spring Framework DataBinder Case Sensitive Match Exception
The fix for CVE-2022-22968 made disallowedFields patterns in DataBinder case insensitive. However, String.toLowerCase has some Locale dependent exceptions that could potentially result in fields not protected as expected...
Fedora: Security Advisory (FEDORA-2024-8a9a692906)
The remote host is missing an update for the SPDX-FileCopyrightText: 2024 Greenbone AG Some text descriptions might be excerpted from a referenced sources, and are Copyright C by the respective right holders. SPDX-License-Identifier: GPL-2.0-only ifdescription...
Fedora 40 : redis (2024-5d4eb04e76)
The remote Fedora 40 host has a package installed that is affected by multiple vulnerabilities as referenced in the FEDORA-2024-5d4eb04e76 advisory. Redis Community Edition 7.2.6 Released Wed 02 Oct 2024 20:17:04 IDT Upgrade urgency SECURITY: See security fixes below. Security fixes CVE-2024-3144...
CVE-2024-9616
The CVE-2024-9616 entry concerns BlockMeister – Block Pattern Builder for WordPress. A Reflected Cross-Site Scripting flaw exists in all versions up to 3.1.10 due to use of add_query_arg without proper escaping, enabling unauthenticated attackers to inject scripts into pages that run when a user ...
CVE-2024-9616 BlockMeister – Block Pattern Builder <= 3.1.10 - Reflected Cross-Site Scripting
The BlockMeister – Block Pattern Builder plugin for WordPress is vulnerable to Reflected Cross-Site Scripting due to the use of addqueryarg without appropriate escaping on the URL in all versions up to, and including, 3.1.10. This makes it possible for unauthenticated attackers to inject arbitrar...
PT-2024-39721 · WordPress · The Blockmeister – Block Pattern Builder
Name of the Vulnerable Software and Affected Versions: The BlockMeister – Block Pattern Builder plugin for WordPress versions up to, and including, 3.1.10 Description: The issue arises from the use of add query arg without proper escaping on the URL, leading to Reflected Cross-Site Scripting. Thi...
WordPress BlockMeister – Block Pattern Builder plugin <= 3.1.10 - Reflected Cross-Site Scripting vulnerability
Reflected Cross-Site Scripting vulnerability discovered by vgo0 in WordPress Plugin BlockMeister – Block Pattern Builder versions = 3.1.10...