CVE-2025-0370

The WP Shortcodes Plugin — Shortcodes Ultimate plugin for WordPress is vulnerable to Stored Cross-Site Scripting via the ‘src’ parameter in all versions up to, and including, 7.3.3 due to insufficient input sanitization and output escaping. This makes it possible for authenticated attackers, with...

Pichome 路径遍历漏洞

Pichome is zyx0814 individual developer of a powerful open source web site program for image and media file management. A path traversal vulnerability exists in Pichome version 2.1.0, which stems from the parameter src in the file /index.php?mod=textviewer, which can lead to path traversal...

Security update for buildah

This update for buildah fixes the following issues: Update to version 1.35.5 CVE-2024-11218: Fix TOCTOU error when bind and cache mounts use "src" values. bsc1236272 Patch Instructions: To install this SUSE update use the SUSE recommended installation methods like YaST onlineupdate or "zypper...

DEBIAN-CVE-2024-56717

In the Linux kernel, the following vulnerability has been resolved: net: mscc: ocelot: fix incorrect IFH SRCPORT field in ocelotifhsetbasic Packets injected by the CPU should have a SRCPORT field equal to the CPU port module index in the Analyzer block ocelot-numphysports. The blamed commit copie...

CVE-2024-56717

In the Linux kernel, the following vulnerability has been resolved: net: mscc: ocelot: fix incorrect IFH SRCPORT field in ocelotifhsetbasic Packets injected by the CPU should have a SRCPORT field equal to the CPU port module index in the Analyzer block ocelot-numphysports. The blamed commit copie...

Linux kernel 安全漏洞

Linux kernel is the kernel used by Linux, the open source operating system of the Linux Foundation in the United States. A security vulnerability exists in the Linux kernel that stems from improper handling of the SRCPORT field in the ocelotifhsetbasic function in the net:mscc module, which could...

iptraf-ng 1.2.1 has a stack-based buffer overflow. In src/ifaces.c, the strcpy function consistently fails to control the size, and it is consequently possible to overflow memory on the stack.

...

Medium: firefox

Issue Overview: Enhanced Tracking Protection's Strict mode may have inadvertently allowed a CSP frame-src bypass and DOM-based XSS through the Google SafeFrame shim in the Web Compatibility extension. This issue could have exposed users to malicious frames masquerading as legitimate content. This...

DEBIAN-CVE-2024-52949

iptraf-ng 1.2.1 has a stack-based buffer overflow. In src/ifaces.c, the strcpy function consistently fails to control the size, and it is consequently possible to overflow memory on the stack...

WordPress plugin Primer MyData for Woocommerce 跨站脚本漏洞

WordPress and WordPress plugin are both products of the WordPress Foundation.WordPress is a blogging platform developed using the PHP language. The platform supports personal blog sites on PHP and MySQL servers.WordPress plugin is an application plugin. A cross-site scripting vulnerability exists...

PT-2024-37029

Name of the Vulnerable Software and Affected Versions Linux kernel versions prior to 6.6.74 Description The issue is related to the net: mscc: ocelot: fix incorrect IFH SRC PORT field in ocelot ifh set basic function. Packets injected by the CPU should have a SRC PORT field equal to the CPU port...

firefox: thunderbird: CSP Bypass and XSS Exposure via Web Compatibility Shims

The Mozilla Foundation's Security Advisory: Enhanced Tracking Protection's Strict mode may inadvertently allow a CSP frame-src bypass and DOM-based cross-site scripting XSS through the Google SafeFrame shim in the Web Compatibility extension. This issue could expose users to malicious frames...

firefox: thunderbird: CSP Bypass and XSS Exposure via Web Compatibility Shims

The Mozilla Foundation's Security Advisory: Enhanced Tracking Protection's Strict mode may inadvertently allow a CSP frame-src bypass and DOM-based cross-site scripting XSS through the Google SafeFrame shim in the Web Compatibility extension. This issue could expose users to malicious frames...

firefox: thunderbird: CSP Bypass and XSS Exposure via Web Compatibility Shims

The Mozilla Foundation's Security Advisory: Enhanced Tracking Protection's Strict mode may inadvertently allow a CSP frame-src bypass and DOM-based cross-site scripting XSS through the Google SafeFrame shim in the Web Compatibility extension. This issue could expose users to malicious frames...

CVE-2024-48406

Buffer Overflow vulnerability in SunBK201 umicat through v.0.3.2 and fixed in v.0.3.3 allows an attacker to execute arbitrary code via the poweructintt x, uctintt n in src/uctupstream.c...

CVE-2024-48406

CVE-2024-48406 affects SunBK201 umicat up to v0.3.2 with a buffer overflow in the power(uct_int_t x, uct_int_t n) function in src/uct_upstream.c, fixed in v0.3.3. Public disclosures across Red Hat, NVD, OSV, and CVE lists confirm an arbitrary code execution vulnerability. Impact is tied to remote...

CVE-2024-48406

Buffer Overflow vulnerability in SunBK201 umicat through v.0.3.2 and fixed in v.0.3.3 allows an attacker to execute arbitrary code via the poweructintt x, uctintt n in src/uctupstream.c...

Mageia: Security Advisory (MGASA-2024-0376)

The remote host is missing an update for the SPDX-FileCopyrightText: 2024 Greenbone AG Some text descriptions might be excerpted from a referenced sources, and are Copyright C by the respective right holders. SPDX-License-Identifier: GPL-2.0-only ifdescription...

CVE-2024-42331

In the src/libs/zbxembed/browser.c file, the esbrowserctor method retrieves a heap pointer from the Duktape JavaScript engine. This heap pointer is subsequently utilized by the browserpusherror method in the src/libs/zbxembed/browsererror.c file. A use-after-free bug can occur at this stage if th...

CVE-2024-42331

In the src/libs/zbxembed/browser.c file, the esbrowserctor method retrieves a heap pointer from the Duktape JavaScript engine. This heap pointer is subsequently utilized by the browserpusherror method in the src/libs/zbxembed/browsererror.c file. A use-after-free bug can occur at this stage if th...