PT-2024-32463 · Unknown · Contiki-Ng

Name of the Vulnerable Software and Affected Versions: Contiki-NG versions prior to the next release after 4.9 Description: The issue is related to an unaligned memory access in the Contiki-NG operating system, specifically in its two RPL implementations. This can be triggered when an IPv6 packet...

CVE-2024-53253

Sentry is an error tracking and performance monitoring platform. Version 24.11.0, and only version 24.11.0, is vulnerable to a scenario where a specific error message generated by the Sentry platform could include a plaintext Client ID and Client Secret for an application integration. The Client ...

CVE-2024-53253

CVE-2024-53253 affects Sentry v24.11.0 (self-hosted); a specific error message could leak plaintext integration Client ID and Client Secret in an HTTP response when a failing third‑party response triggers select-requester.invalid-response during a Search UI async flow. The leak does not grant dat...

CVE-2024-53253 Sentry's improper error handling leaks Application Integration Client Secret

Sentry is an error tracking and performance monitoring platform. Version 24.11.0, and only version 24.11.0, is vulnerable to a scenario where a specific error message generated by the Sentry platform could include a plaintext Client ID and Client Secret for an application integration. The Client ...

CVE-2024-51838

Improper Neutralization of Input During Web Page Generation 'Cross-site Scripting' vulnerability in smajda Pull This pull-this allows DOM-Based XSS.This issue affects Pull This: from n/a through = 1.1...

CVE-2024-51838 WordPress Pull This plugin <= 1.1 - Cross Site Scripting (XSS) vulnerability

Improper Neutralization of Input During Web Page Generation 'Cross-site Scripting' vulnerability in Jon Smajda Pull This allows DOM-Based XSS.This issue affects Pull This: from n/a through 1.1...

CVE-2024-51838 WordPress Pull This plugin <= 1.1 - Cross Site Scripting (XSS) vulnerability

Improper Neutralization of Input During Web Page Generation 'Cross-site Scripting' vulnerability in smajda Pull This pull-this allows DOM-Based XSS.This issue affects Pull This: from n/a through = 1.1...

CVE-2024-51838

CVE-2024-51838 describes a DOM-based XSS in the WordPress plugin Pull This (by Jon Smajda), affecting versions from n/a through 1.1. The issue is triggered by improper input neutralization during web page generation. The connected documents confirm the vulnerability type and affected plugin, and ...

WordPress plugin Pull This 跨站脚本漏洞

WordPress and WordPress plugin are both products of the WordPress Foundation.WordPress is a blogging platform developed using the PHP language. The platform supports personal blog sites on PHP and MySQL servers.WordPress plugin is an application plugin. A cross-site scripting vulnerability exists...

CVE-2024-52867

guix-daemon in GNU Guix before 5ab3c4c allows privilege escalation because build outputs are accessible by local users before file metadata concerns e.g., for setuid and setgid programs are properly addressed. The vulnerability can be remediated within the product via certain pull, reconfigure, a...

CVE-2024-52867

guix-daemon in GNU Guix before 5ab3c4c allows privilege escalation because build outputs are accessible by local users before file metadata concerns e.g., for setuid and setgid programs are properly addressed. The vulnerability can be remediated within the product via certain pull, reconfigure, a...

CVE-2024-52867

guix-daemon in GNU Guix before 5ab3c4c allows privilege escalation because build outputs are accessible by local users before file metadata concerns e.g., for setuid and setgid programs are properly addressed. The vulnerability can be remediated within the product via certain pull, reconfigure, a...

CVE-2024-52867

guix-daemon in GNU Guix before 5ab3c4c allows privilege escalation because build outputs are accessible by local users before file metadata concerns e.g., for setuid and setgid programs are properly addressed. The vulnerability can be remediated within the product via certain pull, reconfigure, a...

CVE-2024-52867

guix-daemon in GNU Guix before 5ab3c4c allows privilege escalation because build outputs are accessible by local users before file metadata concerns e.g., for setuid and setgid programs are properly addressed. The vulnerability can be remediated within the product via certain pull, reconfigure, a...

kernel: geneve: make sure to pull inner header in geneve_rx()

In the Linux kernel, the following vulnerability has been resolved: geneve: make sure to pull inner header in geneverx syzbot triggered a bug in geneverx 1 Issue is similar to the one I fixed in commit 8d975c15c0cd "ip6tunnel: make sure to pull inner header in ip6tnlrcv" We have to save...

WordPress plugin Debug Tool 安全漏洞

WordPress and WordPress plugin are both products of the WordPress Foundation.WordPress is a blogging platform developed using the PHP language. The platform supports personal blog sites on servers running PHP and MySQL.WordPress plugin is an application plugin. A security vulnerability exists in...

WordPress Pull This plugin <= 1.1 - Cross Site Scripting (XSS) vulnerability

Cross Site Scripting XSS vulnerability discovered by SOPROBRO Patchstack Alliance in WordPress Plugin Pull This versions = 1.1...

WordPress Pull This Plugin <= 1.1 is vulnerable to Cross Site Scripting (XSS)

Software Pull This Type Plugin Vulnerable versions = 1.1 Fixed in N/A OWASP Top 10 A3: Injection Classification Cross Site Scripting XSS CVE CVE-2024-51838 Patch priority Low CVSS severity Low 6.5 Developer Claim ownership PSID 538facb51ff5 Credits SOPROBRO Required privilege Contributor Publishe...

SUSE CVE-2024-49978

In the Linux kernel, the following vulnerability has been resolved: gso: fix udp gso fraglist segmentation after pull from fraglist Detect gso fraglist skbs with corrupted geometry see below and pass these to skbsegment instead of skbsegmentlist, as the first can segment them correctly. Valid...

CVE-2024-49979

In the Linux kernel, the following vulnerability has been resolved: net: gso: fix tcp fraglist segmentation after pull from fraglist Detect tcp gso fraglist skbs with corrupted geometry see below and pass these to skbsegment instead of skbsegmentlist, as the first can segment them correctly. Vali...