30465 matches found
CKEditor4 low-risk cross-site scripting (XSS) vulnerability linked to potential domain takeover
Affected Packages The issue impacts only editor instances with enabled version notifications. Please note that this feature is disabled by default in all CKEditor 4 LTS versions. Therefore, if you use CKEditor 4 LTS, it is highly unlikely that you are affected by this vulnerability. If you are...
Code Snippet GeSHi plugin in CKEditor 4 has reflected cross-site scripting (XSS) vulnerability
Affected packages The vulnerability has been discovered in Code Snippet GeSHi plugin. All integrators that use GeSHi syntax highlighter on the backend side can be affected. Impact A potential vulnerability has been discovered in CKEditor 4 Code Snippet GeSHi plugin. The vulnerability allowed a...
CVE-2024-8003 Go-Tribe gotribe-admin Log routes.go InitRoutes deserialization
A vulnerability was found in Go-Tribe gotribe-admin 1.0 and classified as problematic. Affected by this issue is the function InitRoutes of the file internal/app/routes/routes.go of the component Log Handler. The manipulation leads to deserialization. The patch is identified as...
LSN-0106-1 Kernel Live Patch Security Notice
In the Linux kernel, the following vulnerability has been resolved: netfilter: nftables: disallow timeout for anonymous sets Never used from userspace, disallow these parameters.CVE-2023-52620 In the Linux kernel, the following vulnerability has been resolved: tls: fix race between tx work...
CVE-2023-42363 affecting package busybox for versions less than 1.35.0-11
CVE-2023-42363 affecting package busybox for versions less than 1.35.0-11. A patched version of the package is available...
CVE-2024-43851 soc: xilinx: rename cpu_number1 to dummy_cpu_number
In the Linux kernel, the following vulnerability has been resolved: soc: xilinx: rename cpunumber1 to dummycpunumber The per cpu variable cpunumber1 is passed to xlnxeventhandler as argument "devid", but it is not used in this function. So drop the initialization of this variable and rename it to...
Medium: php8.2
Issue Overview: The opensslprivatedecrypt function in PHP, when using PKCS1 padding OPENSSLPKCS1PADDING, which is the default, is vulnerable to the Marvin Attack unless it is used with an OpenSSL version that includes the changes from this pull request: https://github.com/openssl/openssl/pull/138...
Medium: nodejs
Issue Overview: NOTE: https://nodejs.org/en/blog/vulnerability/april-2024-security-releases/ CVE-2024-27982 Undici is an HTTP/1.1 client, written from scratch for Node.js. Undici cleared Authorization and Proxy-Authorization headers for fetch, but did not clear them for undici.request. This...
CVE-2024-0684 affecting package coreutils for versions less than 9.4-5
CVE-2024-0684 affecting package coreutils for versions less than 9.4-5. A patched version of the package is available...
CVE-2024-42071 affecting package kernel for versions less than 6.6.43.1-7
CVE-2024-42071 affecting package kernel for versions less than 6.6.43.1-7. A patched version of the package is available...
CVE-2023-46838 affecting package kernel for versions less than 6.6.35.1-4
CVE-2023-46838 affecting package kernel for versions less than 6.6.35.1-4. A patched version of the package is available...
CVE-2024-24857 affecting package kernel for versions less than 6.6.35.1-4
CVE-2024-24857 affecting package kernel for versions less than 6.6.35.1-4. A patched version of the package is available...
Command Injection in sequenceserver
Impact Several HTTP endpoints did not properly sanitize user input and/or query parameters. This could be exploited to inject and run unwanted shell commands Patches Fixed in 3.1.2 Workarounds No known workarounds...
CVE-2024-21634
A vulnerability was found in Amazon Ion, an implementation of Ion data notation. Ion-java may be affected by denial of service DoS due to issues while deserializing encoded data into IonValue. A maliciously crafted Ion data structure may be processed and cause a StackOverflowError, leaving the...
Command Injection in sequenceserver gem
Impact Several HTTP endpoints did not properly sanitize user input and/or query parameters. This could be exploited to inject and run unwanted shell commands Patches Fixed in 3.1.2 Workarounds No known workarounds...
orc security update
0.4.28-4 - Add patch for CVE-2024-40897 - Resolves: RHEL-50710...
PT-2024-5695 · Microsoft · Kernel Streaming Wow Thunk Service Driver +1
Name of the Vulnerable Software and Affected Versions: Windows Kernel Streaming WOW Thunk Service Driver versions prior to the fixed version Description: The issue is related to a buffer overflow in the dynamic memory of the Kernel Streaming WOW Thunk Service Driver, which can be exploited to...
CVE-2024-42485 Filament Excel Vulnerable to Path Traversal Attack on Export Download Endpoint
Filament Excel enables excel export for Filament admin resources. The export download route /filament-excel/path allowed downloading any file without login when the webserver allows ../ in the URL. Patched with Version v2.3.3...
CVE-2024-42467
openHAB, a provider of open-source home automation software, has add-ons including the visualization add-on CometVisu. Prior to version 4.2.1, the proxy endpoint of openHAB's CometVisu add-on can be accessed without authentication. This proxy-feature can be exploited as Server-Side Request Forger...
PT-2024-38485 · Gila Cms · Gila Cms
Name of the Vulnerable Software and Affected Versions: Gila CMS version 1.10.9 Description: A problematic issue was found in Gila CMS, affecting an unknown part of the file /cm/update rows/page?id=2 within the HTTP POST Request Handler component. The manipulation of the content argument leads to...