4658 matches found
CVE-2024-34375 WordPress Sheets to WP Table Live Sync plugin <= 3.7.0 - Cross Site Scripting (XSS) vulnerability
Improper Neutralization of Input During Web Page Generation 'Cross-site Scripting' vulnerability in WPPOOL Sheets To WP Table Live Sync allows Stored XSS.This issue affects Sheets To WP Table Live Sync: from n/a through 3.7.0...
Azure File Sync Agent v18.0 Release – May 2024 (KB5023057)
Update for Azure File Sync agent version 18.0.0.0. For more details, see the associated Microsoft Knowledge Base article...
Azure File Sync Agent v18.0 Release – May 2024 (KB5023057)
Update for Azure File Sync agent version 18.0.0.0. For more details, see the associated Microsoft Knowledge Base article...
Azure File Sync Agent v18.0 Release – May 2024 (KB5023057)
Update for Azure File Sync agent version 18.0.0.0. For more details, see the associated Microsoft Knowledge Base article...
WordPress plugin Sheets To WP Table Live Sync 跨站脚本漏洞
WordPress and WordPress plugin are both products of the WordPress Foundation.WordPress is a blogging platform developed in the PHP language. WordPress plugin is an application plugin that supports personal blog sites on PHP and MySQL servers. A cross-site scripting vulnerability exists in WordPre...
WordPress Sheets to WP Table Live Sync plugin <= 3.7.0 - Cross Site Scripting (XSS) vulnerability
Cross Site Scripting XSS vulnerability discovered by Manab Jyoti Dowarah Patchstack Alliance in WordPress Plugin FlexTable versions = 3.7.0...
WordPress Sheets To WP Table Live Sync Plugin <= 3.7.0 is vulnerable to Cross Site Scripting (XSS)
Software Sheets To WP Table Live Sync Type Plugin Vulnerable versions = 3.7.0 Fixed in 3.7.1 OWASP Top 10 A3: Injection Classification Cross Site Scripting XSS CVE CVE-2024-34375 Patch priority Low CVSS severity Low 5.9 Developer Claim ownership PSID 592f4fe7fc70 Credits Manab Jyoti Dowarah...
DEBIAN-CVE-2024-27052
In the Linux kernel, the following vulnerability has been resolved: wifi: rtl8xxxu: add cancelworksync for c2hcmdwork The workqueue might still be running, when the driver is stopped. To avoid a use-after-free, call cancelworksync in rtl8xxxustop...
UBUNTU-CVE-2024-27052
In the Linux kernel, the following vulnerability has been resolved: wifi: rtl8xxxu: add cancelworksync for c2hcmdwork The workqueue might still be running, when the driver is stopped. To avoid a use-after-free, call cancelworksync in rtl8xxxustop...
[SECURITY] Fedora 38 Update: nextcloud-28.0.4-2.fc38
NextCloud gives you universal access to your files through a web interface or WebDAV. It also provides a platform to easily view & sync your contacts, calendars and bookmarks across all your devices and enables basic editing rig ht on the web. NextCloud is extendable via a simple but powerful API...
xorg-x11-server: reattaching to different master device may lead to out-of-bounds memory access
An out-of-bounds memory access flaw was found in the X.Org server. This issue can be triggered when a device frozen by a sync grab is reattached to a different master device. This issue may lead to an application crash, local privilege escalation if the server runs with extended privileges, or...
kernel: drm/i915: mark requests for GuC virtual engines to avoid use-after-free
A use-after-free vulnerability was found in the Linux kernel Intel i915 graphics driver's GuC virtual engine request handling. A local user with access to GPU rendering can create requests on GuC virtual engines and trap references via syncfile or dmabuf, causing fence release operations to acces...
kernel: Bluetooth: hci_conn: Fix crash on hci_create_cis_sync
In the Linux kernel, the following vulnerability has been resolved: Bluetooth: hciconn: Fix crash on hcicreatecissync When attempting to connect multiple ISO sockets without using DEFERSETUP may result in the following crash: BUG: KASAN: null-ptr-deref in hcicreatecissync+0x18b/0x2b0 Read of size...
kernel: Bluetooth: Fix race condition in hci_cmd_sync_clear
In the Linux kernel, the following vulnerability has been resolved: Bluetooth: Fix race condition in hcicmdsyncclear There is a potential race condition in hcicmdsyncwork and hcicmdsyncclear, and could lead to use-after-free. For instance, hcicmdsyncwork is added to the 'reqworkqueue' after...
Privilege Escalation
couchbase is vulnerable to Privilege Escalation. The vulnerability is due to improper verification of admin credentials when Sync Gateway is configured to authenticate with Couchbase Server using X.509 client certificates, which could result in privilege escalation for unauthenticated users...
PT-2024-9916 · Linux +2 · Linux Kernel +2
Name of the Vulnerable Software and Affected Versions: Linux kernel affected versions not specified Description: The issue is related to the pm runtime get sync function in the mtk-cmdq component of the Linux kernel. The problem arises from the lack of return value checking of this function. When...
CVE-2024-32644
Evmos is a scalable, high-throughput Proof-of-Stake EVM blockchain that is fully compatible and interoperable with Ethereum. Prior to 17.0.0, there is a way to mint arbitrary tokens due to the possibility to have two different states not in sync during the execution of a transaction. The exploit ...
SUSE CVE-2024-26846
In the Linux kernel, the following vulnerability has been resolved: nvme-fc: do not wait in vain when unloading module The module exit path has race between deleting all controllers and freeing 'left over IDs'. To prevent double free a synchronization between nvmedeletectrl and idadestroy has bee...
The vulnerability in the embedded Jetty server of the CData Sync integration and replication tool allows a perpetrator to gain unauthorized access to protected information and perform arbitrary actions within the system.
The vulnerability in the embedded Jetty server of the CData Sync integration and replication tool is related to errors in processing the relative path to the directory. Exploiting this vulnerability could allow a malicious actor, operating remotely, to gain unauthorized access to protected...
The vulnerability of the NTPSyncWithHost function in TOTOLINK EX200 router microprogramming software allows a hacker to execute arbitrary code.
The vulnerability of the NTPSyncWithHost function in TOTOLINK EX200 router microprogramming software is related to deficiencies in the authentication process. Exploiting this vulnerability allows a malicious actor to execute arbitrary code using the hostTime parameter...