CVE-2024-11266 Geocache Stat Bar Widget <= 0.911 - Admin+ Stored XSS

The Geocache Stat Bar Widget WordPress plugin through 0.911 does not sanitise and escape some of its settings, which could allow high privilege users such as admin to perform Stored Cross-Site Scripting attacks even when the unfilteredhtml capability is disallowed for example in multisite setup...

CVE-2024-11266

CVE-2024-11266 concerns the Geocache Stat Bar Widget WordPress plugin, up to version 0.911, which does not sufficiently sanitize/escape certain settings. This can let high-privilege users (e.g., admins) perform Stored Cross-Site Scripting even when unfiltered_html is disallowed, particularly in m...

CVE-2024-11266 Geocache Stat Bar Widget <= 0.911 - Admin+ Stored XSS

The Geocache Stat Bar Widget WordPress plugin through 0.911 does not sanitise and escape some of its settings, which could allow high privilege users such as admin to perform Stored Cross-Site Scripting attacks even when the unfilteredhtml capability is disallowed for example in multisite setup...

PT-2025-21417 · WordPress · Geocache Stat Bar Widget

Name of the Vulnerable Software and Affected Versions: Geocache Stat Bar Widget WordPress plugin versions 0.911 and earlier Description: The issue concerns the Geocache Stat Bar Widget WordPress plugin, which does not properly sanitise and escape some of its settings. This could allow...

WordPress plugin Geocache Stat Bar Widget 安全漏洞

WordPress and WordPress plugin are both products of the WordPress Foundation.WordPress is a blogging platform developed using the PHP language. The platform supports setting up personal blog sites on servers with PHP and MySQL.WordPress plugin is an application plugin. A security vulnerability...

AZL-60354 CVE-2025-21898 affecting package kernel for versions less than 5.15.180.1-1

In the Linux kernel, the following vulnerability has been resolved: ftrace: Avoid potential division by zero in functionstatshow Check whether denominator expression x x - 1 1000 mod 2^32, 2^64 produce zero and skip stddev computation in that case. For now don't care about rec-counter rec-counter...

CVE-2025-21898

CVE-2025-21898 (Linux kernel) : The vulnerability centers on ftrace calculation in function_stat_show(), where division-by-zero could occur during stddev computation. The fix introduces a check on the denominator expression x * (x - 1) * 1000, ensuring it does not produce zero before performing t...

CVE-2025-21898 ftrace: Avoid potential division by zero in function_stat_show()

In the Linux kernel, the following vulnerability has been resolved: ftrace: Avoid potential division by zero in functionstatshow Check whether denominator expression x x - 1 1000 mod 2^32, 2^64 produce zero and skip stddev computation in that case. For now don't care about rec-counter rec-counter...

CVE-2025-21898 ftrace: Avoid potential division by zero in function_stat_show()

In the Linux kernel, the following vulnerability has been resolved: ftrace: Avoid potential division by zero in functionstatshow Check whether denominator expression x x - 1 1000 mod 2^32, 2^64 produce zero and skip stddev computation in that case. For now don't care about rec-counter rec-counter...

PT-2025-16666

Name of the Vulnerable Software and Affected Versions Linux kernel affected versions not specified Description A vulnerability in the Linux kernel has been resolved. The issue is related to the nfsd proc stat init function ignoring the return value of svc proc register. If the procfile creation...

SUSE CVE-2022-49199

In the Linux kernel, the following vulnerability has been resolved: RDMA/nldev: Prevent underflow in nldevstatsetcounterdynamicdoit This code checks "index" for an upper bound but it does not check for negatives. Change the type to unsigned to prevent underflows...

SUSE CVE-2022-49353

In the Linux kernel, the following vulnerability has been resolved: powerpc/paprscm: don't requests stats with '0' sized stats buffer Sachin reported 1 that on a POWER-10 lpar he is seeing a kernel panic being reported with vPMEM when paprscm probe is being called. The panic is of the form below...

DEBIAN-CVE-2022-49688

In the Linux kernel, the following vulnerability has been resolved: afs: Fix dynamic root getattr The recent patch to make afsgetattr consult the server didn't account for the pseudo-inodes employed by the dynamic root-type afs superblock not having a volume or a server to access, and thus an oop...

DEBIAN-CVE-2022-49436

In the Linux kernel, the following vulnerability has been resolved: powerpc/paprscm: Fix leaking nvdimmeventsmap elements Right now 'char ' elements allocated for individual 'statid' in 'paprscmpriv.nvdimmeventsmap' during paprscmpmucheckevents, get leaked in paprscmremove and paprscmpmuregister,...

UBUNTU-CVE-2022-49688

In the Linux kernel, the following vulnerability has been resolved: afs: Fix dynamic root getattr The recent patch to make afsgetattr consult the server didn't account for the pseudo-inodes employed by the dynamic root-type afs superblock not having a volume or a server to access, and thus an oop...

UBUNTU-CVE-2022-49353

In the Linux kernel, the following vulnerability has been resolved: powerpc/paprscm: don't requests stats with '0' sized stats buffer Sachin reported 1 that on a POWER-10 lpar he is seeing a kernel panic being reported with vPMEM when paprscm probe is being called. The panic is of the form below...

CVE-2022-49688 afs: Fix dynamic root getattr

In the Linux kernel, the following vulnerability has been resolved: afs: Fix dynamic root getattr The recent patch to make afsgetattr consult the server didn't account for the pseudo-inodes employed by the dynamic root-type afs superblock not having a volume or a server to access, and thus an oop...

CVE-2022-49436 powerpc/papr_scm: Fix leaking nvdimm_events_map elements

In the Linux kernel, the following vulnerability has been resolved: powerpc/paprscm: Fix leaking nvdimmeventsmap elements Right now 'char ' elements allocated for individual 'statid' in 'paprscmpriv.nvdimmeventsmap' during paprscmpmucheckevents, get leaked in paprscmremove and paprscmpmuregister,...

CVE-2022-49436

In the Linux kernel, the following vulnerability has been resolved: powerpc/paprscm: Fix leaking nvdimmeventsmap elements Right now 'char ' elements allocated for individual 'statid' in 'paprscmpriv.nvdimmeventsmap' during paprscmpmucheckevents, get leaked in paprscmremove and paprscmpmuregister,...

CVE-2022-49436

CVE-2022-49436 affects the Linux kernel (powerpc/papr_scm) due to leaking nvdimm_events_map elements and mismatched stat_id handling (NULL termination vs 8-byte identifiers). The fix allocates space for stat_id entries in papr_scm_priv.nvdimm_events_map to prevent leaks and reconcile string sizin...