The vulnerability of the amu_fie_setup() function in the Linux operating system allows a attacker to compromise the confidentiality, integrity, and accessibility of the protected information.

The vulnerability of the amufiesetup function in the arch/arm64/kernel/topology.c module of the Linux operating system is related to access to memory beyond the allocated buffer. Exploiting this vulnerability could allow an attacker to compromise the confidentiality, integrity, and accessibility ...

SUSE CVE-2023-52809

In the Linux kernel, the following vulnerability has been resolved: scsi: libfc: Fix potential NULL pointer dereference in fclportptpsetup fclportptpsetup did not check the return value of fcrportcreate which can return NULL and would cause a NULL pointer dereference. Address this issue by checki...

CVE-2024-3937

The Playlist for Youtube WordPress plugin through 1.32 does not sanitise and escape some of its settings, which could allow high privilege users such as admin to perform Stored Cross-Site Scripting attacks even when the unfilteredhtml capability is disallowed for example in multisite setup...

CVE-2024-3937 Playlist for Youtube <= 1.32 - Editor+ Stored XSS

The Playlist for Youtube WordPress plugin through 1.32 does not sanitise and escape some of its settings, which could allow high privilege users such as admin to perform Stored Cross-Site Scripting attacks even when the unfilteredhtml capability is disallowed for example in multisite setup...

SUSE CVE-2021-47521

In the Linux kernel, the following vulnerability has been resolved: can: sja1000: fix use after free in emspcmciaaddcard If the last channel is not available then "dev" is freed. Fortunately, we can just use "pdev-irq" instead. Also we should check if at least one channel was set up...

SUSE CVE-2021-47399

In the Linux kernel, the following vulnerability has been resolved: ixgbe: Fix NULL pointer dereference in ixgbexdpsetup The ixgbe driver currently generates a NULL pointer dereference with some machine online cpus ringfeatureRINGFFDIR.limit = count; It becomes 63. When user use xdp,...

SUSE CVE-2021-47513

In the Linux kernel, the following vulnerability has been resolved: net: dsa: felix: Fix memory leak in felixsetupmmiofiltering Avoid a memory leak if there is not a CPU port defined. Addresses-Coverity-ID: 1492897 "Resource leak" Addresses-Coverity-ID: 1492899 "Resource leak"...

Cross Site Scripting (XSS)

silverstripe/framework is vulnerable to Cross Site Scripting. The vulnerability is due to a lack of adminusername and adminpassword sanitation within the setup form...

DEBIAN-CVE-2021-47521

In the Linux kernel, the following vulnerability has been resolved: can: sja1000: fix use after free in emspcmciaaddcard If the last channel is not available then "dev" is freed. Fortunately, we can just use "pdev-irq" instead. Also we should check if at least one channel was set up...

DEBIAN-CVE-2021-47513

In the Linux kernel, the following vulnerability has been resolved: net: dsa: felix: Fix memory leak in felixsetupmmiofiltering Avoid a memory leak if there is not a CPU port defined. Addresses-Coverity-ID: 1492897 "Resource leak" Addresses-Coverity-ID: 1492899 "Resource leak"...

UBUNTU-CVE-2021-47513

In the Linux kernel, the following vulnerability has been resolved: net: dsa: felix: Fix memory leak in felixsetupmmiofiltering Avoid a memory leak if there is not a CPU port defined. Addresses-Coverity-ID: 1492897 "Resource leak" Addresses-Coverity-ID: 1492899 "Resource leak"...

UBUNTU-CVE-2021-47521

In the Linux kernel, the following vulnerability has been resolved: can: sja1000: fix use after free in emspcmciaaddcard If the last channel is not available then "dev" is freed. Fortunately, we can just use "pdev-irq" instead. Also we should check if at least one channel was set up...

CVE-2021-47521 can: sja1000: fix use after free in ems_pcmcia_add_card()

In the Linux kernel, the following vulnerability has been resolved: can: sja1000: fix use after free in emspcmciaaddcard If the last channel is not available then "dev" is freed. Fortunately, we can just use "pdev-irq" instead. Also we should check if at least one channel was set up...

CVE-2023-49575

A vulnerability has been discovered in VX Search Enterprise affecting version 10.2.14, in Sync Breeze Enterprise Server 10.4.18 version, and in Disk Pulse Enterprise 10.4.18 version, that could allow an attacker to execute persistent XSS through /setupsmtp in smtpserver, smtpuser, smtppassword an...

CVE-2023-49572

A vulnerability has been discovered in VX Search Enterprise affecting version 10.2.14, and in Disk Pulse Enterprise 10.4.18 version, that could allow an attacker to execute persistent XSS through /setupodbc in odbcdatasource, odbcuser and odbcpassword parameters. This vulnerability could allow an...

CVE-2023-49575 XSS vulnerability in VX Search Enterprise

A vulnerability has been discovered in VX Search Enterprise affecting version 10.2.14, in Sync Breeze Enterprise Server 10.4.18 version, and in Disk Pulse Enterprise 10.4.18 version, that could allow an attacker to execute persistent XSS through /setupsmtp in smtpserver, smtpuser, smtppassword an...

OESA-2024-1648 kernel security update

The Linux Kernel, the operating system core itself. Security Fixes: In the Linux kernel, the following vulnerability has been resolved: mm/slub: fix to return errno if kmalloc fails In createuniqueid, kmalloc, GFPKERNEL can fail due to out-of-memory, if it fails, return errno correctly rather tha...

PT-2024-13754 · Unknown · Vx Search Enterprise

Name of the Vulnerable Software and Affected Versions: VX Search Enterprise version 10.2.14 Description: A vulnerability has been discovered that could allow an attacker to execute persistent XSS through the "/setup smtp" API endpoint in the smtp server, smtp user, smtp password, and smtp email...

GHSA-MQF5-275H-GF6R Silverstripe framework is vulnerable to XSS in install.php

During installation, certain parameters adminusername and adminpassword are not escaped in the setup form. This issue is resolved in 3.1.14 stable, although existing users are advised to remove this file prior to deploying to a production server...

Silverstripe framework is vulnerable to XSS in install.php

During installation, certain parameters adminusername and adminpassword are not escaped in the setup form. This issue is resolved in 3.1.14 stable, although existing users are advised to remove this file prior to deploying to a production server...