Security update for bind

This update for bind fixes the following issues: CVE-2024-11187: Fixes CPU exhaustion caused by many records in the additional section bsc1236596 Patch Instructions: To install this SUSE update use the SUSE recommended installation methods like YaST onlineupdate or "zypper patch". Alternatively y...

CVE-2024-29003

The SolarWinds Platform was susceptible to a XSS vulnerability that affects the maps section of the user interface. This vulnerability requires authentication and requires user interaction...

Security update for bind

This update for bind fixes the following issues: CVE-2024-11187: Fixes CPU exhaustion caused by many records in the additional section bsc1236596 Patch Instructions: To install this SUSE update use the SUSE recommended installation methods like YaST onlineupdate or "zypper patch". Alternatively y...

SUSE-SU-2025:0337-1 Security update for bind

This update for bind fixes the following issues: - CVE-2024-11187: Fixes CPU exhaustion caused by many records in the additional section bsc1236596...

Security update for the Linux Kernel

The SUSE Linux Enterprise Micro 6.0 kernel was updated to receive various security bugfixes. The following security bugs were fixed: CVE-2024-41014: xfs: add bounds checking to xlogrecoverprocessdata bsc1228408. CVE-2024-41013: xfs: do not walk off the end of a directory data block bsc1228405...

CVE-2024-13732

The Responsive Blocks – WordPress Gutenberg Blocks plugin for WordPress is vulnerable to Stored Cross-Site Scripting via the ‘sectiontag’ parameter in all versions up to, and including, 1.9.9 due to insufficient input sanitization and output escaping. This makes it possible for authenticated...

CVE-2024-13732 Responsive Blocks – WordPress Gutenberg Blocks <= 1.9.9 - Authenticated (Contributor+) Stored Cross-Site Scripting via section_tag Parameter

The Responsive Blocks – WordPress Gutenberg Blocks plugin for WordPress is vulnerable to Stored Cross-Site Scripting via the ‘sectiontag’ parameter in all versions up to, and including, 1.9.9 due to insufficient input sanitization and output escaping. This makes it possible for authenticated...

WordPress Responsive Blocks plugin <= 1.9.9 - Authenticated (Contributor+) Stored Cross-Site Scripting via section_tag Parameter vulnerability

Authenticated Contributor+ Stored Cross-Site Scripting via sectiontag Parameter vulnerability discovered by zaim in WordPress Plugin Responsive Blocks versions = 1.9.9...

PT-2025-2260 · WordPress · Responsive Blocks

Name of the Vulnerable Software and Affected Versions: Responsive Blocks – WordPress Gutenberg Blocks plugin for WordPress versions up to, and including, 1.9.9 Description: The issue is related to Stored Cross-Site Scripting via the section tag parameter due to insufficient input sanitization and...

ALPINE-CVE-2024-11187

It is possible to construct a zone such that some queries to it will generate responses containing numerous records in the Additional section. An attacker sending many such queries can cause either the authoritative server itself or an independent resolver to use disproportionate resources...

net: sched: use RCU read-side critical section in taprio_dump()

...

GHSA-VQR3-VRRG-F3JH NodeBB Cross-site scripting (XSS) vulnerability

A persistent cross-site scripting XSS vulnerability in NodeBB v3.11.0 allows remote attackers to store arbitrary code in the 'about me' section of their profile...

CVE-2024-57041

A persistent cross-site scripting XSS vulnerability in NodeBB v3.11.0 allows remote attackers to store arbitrary code in the 'about me' section of their profile...

CVE-2024-57041

NodeBB v3.11.0 contains a persistent XSS vulnerability in the user profile’s about me field that can store arbitrary code. Exploitation details are not provided in the connected documents, but the CVSS vector (AV:N/AC:L/PR:L/UI:R/S:U/C:L/I:L/A:N) yields a base score of 4.6 (Medium) with network a...

CVE-2024-57945

In the Linux kernel, the following vulnerability has been resolved: riscv: mm: Fix the out of bound issue of vmemmap address In sparse vmemmap model, the virtual address of vmemmap is calculated as: struct page VMEMMAPSTART - physrambase PAGESHIFT. And the struct page's va can be calculated with ...

AZL-67845 CVE-2024-57945 affecting package kernel 5.15.200.1-1

In the Linux kernel, the following vulnerability has been resolved: riscv: mm: Fix the out of bound issue of vmemmap address In sparse vmemmap model, the virtual address of vmemmap is calculated as: struct page VMEMMAPSTART - physrambase PAGESHIFT. And the struct page's va can be calculated with ...

UBUNTU-CVE-2024-57945

In the Linux kernel, the following vulnerability has been resolved: riscv: mm: Fix the out of bound issue of vmemmap address In sparse vmemmap model, the virtual address of vmemmap is calculated as: struct page VMEMMAPSTART - physrambase PAGESHIFT. And the struct page's va can be calculated with ...

CVE-2024-57945 riscv: mm: Fix the out of bound issue of vmemmap address

In the Linux kernel, the following vulnerability has been resolved: riscv: mm: Fix the out of bound issue of vmemmap address In sparse vmemmap model, the virtual address of vmemmap is calculated as: struct page VMEMMAPSTART - physrambase PAGESHIFT. And the struct page's va can be calculated with ...

CVE-2024-57945 riscv: mm: Fix the out of bound issue of vmemmap address

In the Linux kernel, the following vulnerability has been resolved: riscv: mm: Fix the out of bound issue of vmemmap address In sparse vmemmap model, the virtual address of vmemmap is calculated as: struct page VMEMMAPSTART - physrambase PAGESHIFT. And the struct page's va can be calculated with ...

CVE-2024-57945

CVE-2024-57945 (Linux kernel, riscv): In the sparse vmemmap model, an out-of-bounds virtual address could be computed for struct page if the first page in the phys_ram_base section does not have the expected PFN, causing VA to fall below VMEMMAP_START (and PCI_IO_END) during page initialization. ...