WordPress Button Generator <2.3.3 - Remote File Inclusion

WordPress Button Generator before 2.3.3 within the wow-company admin menu page allows arbitrary file inclusion with PHP extensions as well as with data:// or http:// protocols, thus leading to cross-site request forgery and remote code execution. id: CVE-2021-25052 info: name: WordPress Button...

rapidscan

This is a Python-based web vulnerability scanner called RapidScan. It is designed to automate the process of security scanning by using a multitude of available Linux security tools and some custom scripts. The tool is still under development and currently supports around 80 vulnerability tests...

CVE-2021-24472

The OnAir2 WordPress theme before 3.9.9.2 and QT KenthaRadio WordPress plugin before 2.0.2 have exposed proxy functionality to unauthenticated users, sending requests to this proxy functionality will have the web server fetch and display the content from any URI, this would allow for SSRF Server...

kernel: wifi: iwlwifi: mvm: rfi: fix potential response leaks

In the Linux kernel, the following vulnerability has been resolved: wifi: iwlwifi: mvm: rfi: fix potential response leaks The Linux kernel CVE team has assigned CVE-2024-35912 to this issue. Upstream advisory: https://lore.kernel.org/linux-cve-announce/2024051956-CVE-2024-35912-b093@gregkh/T...

kernel: wifi: iwlwifi: mvm: rfi: fix potential response leaks

In the Linux kernel, the following vulnerability has been resolved: wifi: iwlwifi: mvm: rfi: fix potential response leaks The Linux kernel CVE team has assigned CVE-2024-35912 to this issue. Upstream advisory: https://lore.kernel.org/linux-cve-announce/2024051956-CVE-2024-35912-b093@gregkh/T...

CVE-2024-4498 Path Traversal and RFI Vulnerability in parisneo/lollms-webui

A Path Traversal and Remote File Inclusion RFI vulnerability exists in the parisneo/lollms-webui application, affecting versions v9.7 to the latest. The vulnerability arises from insufficient input validation in the /applysettings function, allowing an attacker to manipulate the discussiondbname...

CVE-2024-4498 Path Traversal and RFI Vulnerability in parisneo/lollms-webui

A Path Traversal and Remote File Inclusion RFI vulnerability exists in the parisneo/lollms-webui application, affecting versions v9.7 to the latest. The vulnerability arises from insufficient input validation in the /applysettings function, allowing an attacker to manipulate the discussiondbname...

CVE-2024-20405

A vulnerability in the web-based management interface of Cisco Finesse could allow an unauthenticated, remote attacker to conduct a stored XSS attack by exploiting an RFI vulnerability. This vulnerability is due to insufficient validation of user-supplied input for specific HTTP requests that are...

CVE-2024-20405

A vulnerability in the web-based management interface of Cisco Finesse could allow an unauthenticated, remote attacker to conduct a stored XSS attack by exploiting an RFI vulnerability. This vulnerability is due to insufficient validation of user-supplied input for specific HTTP requests that are...

CVE-2024-20405

A vulnerability in the web-based management interface of Cisco Finesse could allow an unauthenticated, remote attacker to conduct a stored XSS attack by exploiting an RFI vulnerability. This vulnerability is due to insufficient validation of user-supplied input for specific HTTP requests that are...

CVE-2024-20405

CVE-2024-20405 affects Cisco Finesse, specifically the web-based management interface. The flaw arises from insufficient input validation for HTTP requests, enabling an unauthenticated, remote attacker to perform a stored XSS by exploiting a remote file inclusion (RFI) vulnerability. A crafted li...

wifi: iwlwifi: mvm: rfi: fix potential response leaks

...

CVE-2023-52740

In the Linux kernel, the following vulnerability has been resolved: powerpc/64s/interrupt: Fix interrupt exit race with security mitigation switch The RFI and STF security mitigation options can flip the interruptexitnotreentrant static branch condition concurrently with the interrupt exit code...

CVE-2023-52740

The CVE-2023-52740 issue affects the Linux kernel on powerpc64s where a race occurs during interrupt exit with security mitigations (RFI/STF). The root cause is that the interrupt_exit_not_reentrant condition can be flipped concurrently with the interrupt exit tests that set MSR[EE|RI], and then ...

SUSE CVE-2024-35912

In the Linux kernel, the following vulnerability has been resolved: wifi: iwlwifi: mvm: rfi: fix potential response leaks If the rx payload length check fails, or if kmemdup fails, we still need to free the command response. Fix that...

CVE-2024-35912

In the Linux kernel, the following vulnerability has been resolved: wifi: iwlwifi: mvm: rfi: fix potential response leaks If the rx payload length check fails, or if kmemdup fails, we still need to free the command response. Fix that...

UBUNTU-CVE-2024-35912

In the Linux kernel, the following vulnerability has been resolved: wifi: iwlwifi: mvm: rfi: fix potential response leaks If the rx payload length check fails, or if kmemdup fails, we still need to free the command response. Fix that...

CVE-2024-35912 wifi: iwlwifi: mvm: rfi: fix potential response leaks

In the Linux kernel, the following vulnerability has been resolved: wifi: iwlwifi: mvm: rfi: fix potential response leaks If the rx payload length check fails, or if kmemdup fails, we still need to free the command response. Fix that...

CVE-2024-35912

Technical details about CVE-2024-35912 are not provided in the connected documents. No information on affected products/versions/vulnerability specifics is available here; monitor for updates from vendor/security advisories.

CVE-2024-35912 wifi: iwlwifi: mvm: rfi: fix potential response leaks

In the Linux kernel, the following vulnerability has been resolved: wifi: iwlwifi: mvm: rfi: fix potential response leaks If the rx payload length check fails, or if kmemdup fails, we still need to free the command response. Fix that...