The vulnerability of the sdhci_write_dataport function in the QEMU hardware emulation software allows a hacker to cause a service failure.

The vulnerability of the sdhciwritedataport function in the QEMU hardware emulation software is related to overflow in the queue, caused by the parameters s-datacount and s-fifobuffer. Exploiting this vulnerability can allow a hacker to cause a service failure...

PT-2024-26758

Name of the Vulnerable Software and Affected Versions Linux kernel affected versions not specified Description The issue arises when an skb is added to a neigh-arp queue while waiting for an arp reply, and the original skb's skb-dev can be different from neigh's neigh-dev. This can occur in...

Linux kernel 安全漏洞

Linux kernel is the kernel used by Linux, the open source operating system of the Linux Foundation in the United States. A security vulnerability exists in the Linux kernel that stems from not reclaiming a buffer when the Rx queue is full...

GHSA-W9P3-26FX-5MP3 eZ Platform Admin UI is vulnerable to Cross-site Scripting (XSS)

There is an XSS vulnerability in CKEditor, which is used by AlloyEditor, which is used in eZ Platform Admin UI. Scripts can be injected through specially crafted "protected" comments. We are not sure it is exploitable in eZ Platform, but recommend installing it to be on the safe side. It is fixed...

eZ Platform Admin UI is vulnerable to Cross-site Scripting (XSS)

There is an XSS vulnerability in CKEditor, which is used by AlloyEditor, which is used in eZ Platform Admin UI. Scripts can be injected through specially crafted "protected" comments. We are not sure it is exploitable in eZ Platform, but recommend installing it to be on the safe side. It is fixed...

eZ Platform Editor Cross-site Scripting (XSS)

This Security Advisory is about two issues of low to medium severity. We recommend that you install the update as soon as possible. There is an XSS vulnerability in CKEditor, which is used by AlloyEditor, which is used in eZ Platform Admin UI. Scripts can be injected through specially crafted...

GHSA-4C2W-V5RQ-5MX7 eZ Platform Editor Cross-site Scripting (XSS)

This Security Advisory is about two issues of low to medium severity. We recommend that you install the update as soon as possible. There is an XSS vulnerability in CKEditor, which is used by AlloyEditor, which is used in eZ Platform Admin UI. Scripts can be injected through specially crafted...

CVE-2024-31856

An attacker with certain MQTT permissions can create malicious messages to all CyberPower PowerPanel devices. This could result in an attacker injecting SQL syntax, writing arbitrary files to the system, and executing remote code...

PT-2024-40068 · Ez Systems +2 · Ez Platform +5

Name of the Vulnerable Software and Affected Versions: eZ Platform versions 1.13.x through 3.1.2 eZ Platform EE versions 2.5.13 through 3.1.2 CKEditor versions prior to 4.14 AlloyEditor versions prior to 2.11.9 Description: There are two security issues of low to medium severity. The first issue ...

The vulnerability of the `flush_all_cpus_locked()` function in the `mm/slub.c` module of the Linux kernel’s memory management subsystem allows a attacker to compromise the confidentiality, integrity, and accessibility of the protected information.

The vulnerability of the flushallcpuslocked function in the mm/slub.c module of the Linux kernel’s memory management subsystem is related to the use of an incorrect queue for task execution. Exploiting this vulnerability could allow an attacker to compromise the confidentiality, integrity, and...

PT-2024-40496 · Ez Systems +1 · Ez Platform +4

Name of the Vulnerable Software and Affected Versions: eZ Platform versions prior to 1.13.x with ezsystems/PlatformUIAssetsBundle version 4.2.3 eZ Platform version 2.5.13 with ezsystems/ezplatform-admin-ui-assets version 4.2.1 eZ Platform version 3.0. with ezsystems/ezplatform-admin-ui-assets...

ZEIT Next.js 环境问题漏洞

ZEIT Next.js is an open source web application framework from ZEIT based on Vue.js, Node.js, Webpack and Babel.js. An environmental issue vulnerability exists in ZEIT Next.js versions 13.4 through prior to 13.5.1 that stems from the presence of a response queue poisoning vulnerability...

CVE-2024-34701 CreateWiki vulnerable to impersonation of wiki requester

CreateWiki is Miraheze's MediaWiki extension for requesting & creating wikis. It is possible for users to be considered as the requester of a specific wiki request if their local user ID on any wiki in a wiki farm matches the local ID of the requester at the wiki where the wiki request was made...

PT-2024-26118 · Unknown · Createwiki

Name of the Vulnerable Software and Affected Versions: CreateWiki affected versions not specified Description: The issue allows users to be considered as the requester of a specific wiki request if their local user ID on any wiki in a wiki farm matches the local ID of the requester at the wiki...

GHSA-77R5-GW3J-2MPF Next.js Vulnerable to HTTP Request Smuggling

Impact Inconsistent interpretation of a crafted HTTP request meant that requests are treated as both a single request, and two separate requests by Next.js, leading to desynchronized responses. This led to a response queue poisoning vulnerability in the affected Next.js versions. For a request to...

Next.js Vulnerable to HTTP Request Smuggling

Impact Inconsistent interpretation of a crafted HTTP request meant that requests are treated as both a single request, and two separate requests by Next.js, leading to desynchronized responses. This led to a response queue poisoning vulnerability in the affected Next.js versions. For a request to...

CVE-2024-34350 Next.js Vulnerable to HTTP Request Smuggling

Next.js is a React framework that can provide building blocks to create web applications. Prior to 13.5.1, an inconsistent interpretation of a crafted HTTP request meant that requests are treated as both a single request, and two separate requests by Next.js, leading to desynchronized responses...

CVE-2024-34350 Next.js Vulnerable to HTTP Request Smuggling

Next.js is a React framework that can provide building blocks to create web applications. Prior to 13.5.1, an inconsistent interpretation of a crafted HTTP request meant that requests are treated as both a single request, and two separate requests by Next.js, leading to desynchronized responses...

PT-2024-25807 · Next.Js · Next.Js

Name of the Vulnerable Software and Affected Versions: Next.js versions prior to 13.5.1 Description: The issue arises from an inconsistent interpretation of crafted HTTP requests, leading to desynchronized responses and a response queue poisoning vulnerability. This occurs when the affected route...

SUSE CVE-2022-48673

In the Linux kernel, the following vulnerability has been resolved: net/smc: Fix possible access to freed memory in link clear After modifying the QP to the Error state, all RX WR would be completed with WC in IBWCWRFLUSHERR status. Current implementation does not wait for it is done, but destroy...