146 matches found
PT-2024-29166 · Linux +2 · Linux Kernel +2
Name of the Vulnerable Software and Affected Versions: Linux kernel affected versions not specified Description: The issue arises when replacing an old shmem folio with a new one, causing mem cgroup migrate to clear the old folio's memcg data. As a result, the old folio cannot obtain the correct...
PT-2024-30632 · WordPress · Codesigner Woocommerce Builder For Elementor
Name of the Vulnerable Software and Affected Versions: The CoDesigner WooCommerce Builder for Elementor – Customize Checkout, Shop, Email, Products & More plugin for WordPress versions up to, and including, 4.4.1 Description: The issue is related to PHP Object Injection via deserialization of...
DEBIAN-CVE-2024-35872
In the Linux kernel, the following vulnerability has been resolved: mm/secretmem: fix GUP-fast succeeding on secretmem folios folioissecretmem currently relies on secretmem folios being LRU folios, to save some cycles. However, folios might reside in a folio batch without the LRU flag set, or...
UBUNTU-CVE-2024-35872
In the Linux kernel, the following vulnerability has been resolved: mm/secretmem: fix GUP-fast succeeding on secretmem folios folioissecretmem currently relies on secretmem folios being LRU folios, to save some cycles. However, folios might reside in a folio batch without the LRU flag set, or...
kernel: kernel: Denial of Service via memory leak in LRU hash maps
A flaw was found in the Linux kernel. A local user could exploit a memory leak vulnerability in the Least Recently Used LRU and LRUPERCPU hash maps. This occurs when the kernel allocates a new element during a map update but fails to release it if the hash table bucket cannot be locked. Repeated...
kernel: drm/ttm: fix bulk_move corruption when adding a entry
In the Linux kernel, the following vulnerability has been resolved: drm/ttm: fix bulkmove corruption when adding a entry When the resource is the first in the bulkmove range, adding it again thus moving it to the tail will corrupt the list since the first pointer is not moved. This eventually lea...
PT-2024-8381 · Linux +7 · Linux Kernel +7
Name of the Vulnerable Software and Affected Versions: Linux kernel affected versions not specified Description: The issue is related to the cachestat component in the Linux kernel, which can cause errors when racing with swapping and invalidation. There are two possible bugs: a swapin error can...
CVE-2024-24797
Deserialization of Untrusted Data vulnerability in G5Theme ERE Recently Viewed – Essential Real Estate Add-On.This issue affects ERE Recently Viewed – Essential Real Estate Add-On: from n/a through 1.3...
CVE-2024-24797
Deserialization of Untrusted Data vulnerability in G5Theme ERE Recently Viewed – Essential Real Estate Add-On.This issue affects ERE Recently Viewed – Essential Real Estate Add-On: from n/a through 1.3...
Deserialization of untrusted data
Deserialization of Untrusted Data vulnerability in G5Theme ERE Recently Viewed – Essential Real Estate Add-On.This issue affects ERE Recently Viewed – Essential Real Estate Add-On: from n/a through 1.3...
CVE-2024-24797 WordPress ERE Recently Viewed Plugin <= 1.3 is vulnerable to PHP Object Injection
Deserialization of Untrusted Data vulnerability in G5Theme ERE Recently Viewed – Essential Real Estate Add-On.This issue affects ERE Recently Viewed – Essential Real Estate Add-On: from n/a through 1.3...
CVE-2024-24797
CVE-2024-24797 affects the WordPress plugin ERE Recently Viewed – Essential Real Estate Add-On (G5Theme) with Deserialization of Untrusted Data leading to unauthenticated PHP Object Injection. Affected versions are 1.3 and earlier; patch available in version 2.0. The CVE is rated CRITICAL (CVSS 3...
CVE-2024-24797 WordPress ERE Recently Viewed Plugin <= 1.3 is vulnerable to PHP Object Injection
Deserialization of Untrusted Data vulnerability in G5Theme ERE Recently Viewed – Essential Real Estate Add-On.This issue affects ERE Recently Viewed – Essential Real Estate Add-On: from n/a through 1.3...
WordPress Plugin ERE Recently Viewed Code Issue Vulnerability
WordPress and WordPress plugin are both products of the WordPress Foundation.WordPress is a blogging platform developed using the PHP language. WordPress is a blogging platform developed in the PHP language that supports personal blog sites on PHP and MySQL servers.WordPress plugin is an...
ERE Recently Viewed < 2.0 - Unauthenticated PHP Object Injection
Description The plugin is vulnerable to PHP Object Injection via deserialization of untrusted input. This makes it possible for unauthenticated attackers to inject a PHP Object. If a POP chain is present via an additional plugin or theme installed on the target system, it could allow the attacker...
WordPress ERE Recently Viewed Plugin <= 1.3 is vulnerable to PHP Object Injection
Software ERE Recently Viewed Type Plugin Vulnerable versions = 1.3 Fixed in 2.0 OWASP Top 10 A3: Injection Classification PHP Object Injection CVE CVE-2024-24797 Patch priority High CVSS severity High 9.8 Developer Claim ownership PSID 835850fa9817 Credits Yudistira Arya Required privilege...
CVE-2023-34027
Deserialization of Untrusted Data vulnerability in Rajnish Arora Recently Viewed Products.This issue affects Recently Viewed Products: from n/a through 1.0.0...
CVE-2023-34027
Deserialization of Untrusted Data vulnerability in Rajnish Arora Recently Viewed Products.This issue affects Recently Viewed Products: from n/a through 1.0.0...
Deserialization of untrusted data
Deserialization of Untrusted Data vulnerability in Rajnish Arora Recently Viewed Products.This issue affects Recently Viewed Products: from n/a through 1.0.0...
CVE-2023-34027
CVE-2023-34027: WordPress Recently Viewed Products plugin ≤1.0.0 is reported vulnerable to unauthenticated PHP object injection (deserialization of untrusted data). Public sources in the connected documents identify the affected software and version range, with the vulnerability title/description...