14 matches found
CVE-2025-67479 Magic word replacement in legacy parser allows using reserved data attributes through wikitext
Vulnerability in Wikimedia Foundation MediaWiki, Wikimedia Foundation Cite. This vulnerability is associated with program files includes/Parser/CoreParserFunctions.Php, includes/Parser/Sanitizer.Php. This issue affects MediaWiki: from before 1.39.14, 1.43.4, 1.44.1; Cite: from before 1.39.14,...
CVE-2025-67479 Magic word replacement in legacy parser allows using reserved data attributes through wikitext
Vulnerability in Wikimedia Foundation MediaWiki, Wikimedia Foundation Cite. This vulnerability is associated with program files includes/Parser/CoreParserFunctions.Php, includes/Parser/Sanitizer.Php. This issue affects MediaWiki: from before 1.39.14, 1.43.4, 1.44.1; Cite: from before 1.39.14,...
CVE-2025-67479
CVE-2025-67479 is a MediaWiki vulnerability (Cite context) involving magic word replacement in the legacy parser that allows using reserved data attributes via wikitext. Affected are MediaWiki releases before 1.39.14, 1.43.4, and 1.44.1; Cite module is also listed as affected. Debian LTS advisory...
CVE-2025-62659
The CVE-2025-62659 issue affects the MediaWiki CookieConsent extension for Cookie consent management. It is a Cross-Site Scripting (XSS) vulnerability caused by improper handling of reserved data attributes in the Sanitizer::validateAttributes() function, enabling arbitrary scripts to run in a us...
CVE-2025-62659 The CookieConsent extension does not properly use reserved data attributes, thus introducing potential XSS vectors
Improper Neutralization of Input During Web Page Generation XSS or 'Cross-site Scripting' vulnerability in The Wikimedia Foundation MediaWiki CookieConsent extension allows Cross-Site Scripting XSS.This issue affects MediaWiki CookieConsent extension: from v0.1.0 before v2.0.0...
CVE-2025-62659 The CookieConsent extension does not properly use reserved data attributes, thus introducing potential XSS vectors
Improper Neutralization of Input During Web Page Generation XSS or 'Cross-site Scripting' vulnerability in The Wikimedia Foundation MediaWiki CookieConsent extension allows Cross-Site Scripting XSS.This issue affects MediaWiki CookieConsent extension: from v0.1.0 before v2.0.0...
CVE-2025-59839
Summary (CVE-2025-59839): The Star Citizen Wiki EmbedVideo Extension (MediaWiki) versions 4.0.0 and earlier allowed adding arbitrary HTML attributes via wikitext, enabling stored XSS through non-reserved data attributes (e.g., data-iframeconfig). Evidence from multiple sources notes this XSS clas...
SUSE CVE-2022-49880
In the Linux kernel, the following vulnerability has been resolved: ext4: fix warning in 'ext4dareleasespace' Syzkaller report issue as follows: EXT4-fs loop0: Free/Dirty block details EXT4-fs loop0: freeblocks=0 EXT4-fs loop0: dirtyblocks=0 EXT4-fs loop0: Block reservation details EXT4-fs loop0:...
DEBIAN-CVE-2022-49880
In the Linux kernel, the following vulnerability has been resolved: ext4: fix warning in 'ext4dareleasespace' Syzkaller report issue as follows: EXT4-fs loop0: Free/Dirty block details EXT4-fs loop0: freeblocks=0 EXT4-fs loop0: dirtyblocks=0 EXT4-fs loop0: Block reservation details EXT4-fs loop0:...
CVE-2022-49880 ext4: fix warning in 'ext4_da_release_space'
In the Linux kernel, the following vulnerability has been resolved: ext4: fix warning in 'ext4dareleasespace' Syzkaller report issue as follows: EXT4-fs loop0: Free/Dirty block details EXT4-fs loop0: freeblocks=0 EXT4-fs loop0: dirtyblocks=0 EXT4-fs loop0: Block reservation details EXT4-fs loop0:...
Infinera hiT 7300 安全漏洞
The Infinera hiT 7300 is a software-defined networking SDN-ready coherent packet-optical transport system from Infinera USA. A security vulnerability exists in the Infinera hiT 7300 version 5.60.50, which stems from a hidden feature in the web interface that allows a remote, authenticated attacke...
SUSE CVE-2024-44972
This CVE ID has been rejected or withdrawn by its CVE Numbering Authority...
DEBIAN-CVE-2024-44972
In the Linux kernel, the following vulnerability has been resolved: btrfs: do not clear page dirty inside extentwritelockedrange BUG For subpage + zoned case, the following workload can lead to rsv data leak at unmount time: mkfs.btrfs -f -s 4k $dev mount $dev $mnt fsstress -w -n 8 -d $mnt -s...
gtk-vnc security, bug fix, and enhancement update
0.7.0-2 - Fix reserved data size rhbz 1416783 - Fix inverted args in tests rhbz 1416783 - Avoid sign extension problems rhbz 1416783 - Fix crash with opening via GSocketAddress rhbz 1416783 - Fix crash & error reporting during connection timeout rhbz 1441120 - Fix incompatibility with libvncserve...