WordPress Plugin VK All in One Expansion Unit 安全漏洞

WordPress and WordPress plugin are products of the WordPress Foundation, a blogging platform developed in PHP. WordPress is a blogging platform developed in the PHP language, which supports personal blogs on PHP and MySQL servers. A security vulnerability exists in WordPress Plugin VK All in One...

SUSE CVE-2024-26675

In the Linux kernel, the following vulnerability has been resolved: pppasync: limit MRU to 64K syzbot triggered a warning 1 in allocpages: WARNONONCEGFPorder MAXPAGEORDER, gfp Willem fixed a similar issue in commit c0a2a1b0d631 "ppp: limit MRU to 64K" Adopt the same sanity check for...

SUSE CVE-2024-26667

In the Linux kernel, the following vulnerability has been resolved: drm/msm/dpu: check for valid hwpp in dpuencoderhelperphyscleanup The commit 8b45a26f2ba9 "drm/msm/dpu: reserve cdm blocks for writeback in case of YUV output" introduced a smatch warning about another conditional block in...

CVE-2024-26796 drivers: perf: ctr_get_width function for legacy is not defined

In the Linux kernel, the following vulnerability has been resolved: drivers: perf: ctrgetwidth function for legacy is not defined With parameters CONFIGRISCVPMULEGACY=y and CONFIGRISCVPMUSBI=n linux kernel crashes when you try perf record: $ perf record ls 46.749286 Unable to handle kernel NULL...

CVE-2024-26796

In the Linux kernel, the following vulnerability has been resolved: drivers: perf: ctrgetwidth function for legacy is not defined With parameters CONFIGRISCVPMULEGACY=y and CONFIGRISCVPMUSBI=n linux kernel crashes when you try perf record: $ perf record ls 46.749286 Unable to handle kernel NULL...

OESA-2024-1356 kernel security update

The Linux Kernel, the operating system core itself. Security Fixes: In the Linux kernel, the following vulnerability has been resolved: KVM: x86/mmu: Don't advance iterator after restart due to yielding After dropping mmulock in the TDP MMU, restart the iterator during tdpiternext and do not...

OESA-2024-1355 kernel security update

The Linux Kernel, the operating system core itself. Security Fixes: In the Linux kernel, the following vulnerability has been resolved: KVM: x86/mmu: Don't advance iterator after restart due to yielding After dropping mmulock in the TDP MMU, restart the iterator during tdpiternext and do not...

UBUNTU-CVE-2024-26675

In the Linux kernel, the following vulnerability has been resolved: pppasync: limit MRU to 64K syzbot triggered a warning 1 in allocpages: WARNONONCEGFPorder MAXPAGEORDER, gfp Willem fixed a similar issue in commit c0a2a1b0d631 "ppp: limit MRU to 64K" Adopt the same sanity check for...

Qualcomm Chipsets 安全漏洞

Qualcomm Chipsets are a family of chipsets from Qualcomm Incorporated USA. A security vulnerability exists in Qualcomm Chipsets that originates from a memory corruption that occurs when an unmap operation fails in the GPU...

PT-2024-18893 · Kernel · Kernel

Name of the Vulnerable Software and Affected Versions: Kernel affected versions not specified Description: The issue is related to memory corruption in the Kernel while handling GPU operations. Recommendations: At the moment, there is no information about a newer version that contains a fix for...

PT-2024-3005 · Google +4 · Google Chrome +4

Name of the Vulnerable Software and Affected Versions: Google Chrome versions prior to 123.0.6312.122 Description: The issue is related to out of bounds memory access in Compositing, allowing a remote attacker who has compromised the GPU process to potentially perform a sandbox escape via specifi...

CVE-2024-2997

A vulnerability was found in Bdtask Multi-Store Inventory Management System up to 20240320. It has been declared as problematic. Affected by this vulnerability is an unknown functionality. The manipulation of the argument Category Name/Model Name/Brand Name/Unit Name leads to cross site scripting...

WordPress VK All in One Expansion Unit Plugin <= 9.95.0.1 is vulnerable to Sensitive Data Exposure

Software VK All in One Expansion Unit Type Plugin Vulnerable versions = 9.95.0.1 Fixed in 9.96.0.0 OWASP Top 10 A3: Sensitive Data Exposure Classification Sensitive Data Exposure CVE CVE-2024-2093 Patch priority Low CVSS severity Low 6.5 Developer Claim ownership PSID d4653e32a362 Credits Krzyszt...

VK All in One Expansion Unit < 9.97.0.0 - Contributor+ Stored XSS

Description The plugin does not validate and escape some of its child page index widget options such as className before outputting them back in a page/post where the block is embed, which could allow users with the contributor role and above to perform Stored Cross-Site Scripting attacks...

VK All in One Expansion Unit < 9.96.0.0 - Unauthenticated Password Protected Content Access

Description The plugin is vulnerable to Sensitive Information Exposure via social meta tags, allowing unauthenticated attackers to view limited password protected content...

WordPress VK All in One Expansion Unit Plugin <= 9.96.0.1 is vulnerable to Cross Site Scripting (XSS)

Software VK All in One Expansion Unit Type Plugin Vulnerable versions = 9.96.0.1 Fixed in 9.97.0.0 OWASP Top 10 A7: Cross-Site Scripting XSS Classification Cross Site Scripting XSS CVE CVE-2024-2170 Patch priority Low CVSS severity Low 6.5 Developer Claim ownership PSID 26bb3cd6172a Credits Ngô...

PT-2024-19018 · WordPress · Vk All In One Expansion Unit

Name of the Vulnerable Software and Affected Versions: VK All in One Expansion Unit plugin for WordPress versions up to, and including, 9.96.0.1 Description: The issue is related to Stored Cross-Site Scripting via the child page index widget due to insufficient input sanitization and output...

ALPINE-CVE-2023-46839

PCI devices can make use of a functionality called phantom functions, that when enabled allows the device to generate requests using the IDs of functions that are otherwise unpopulated. This allows a device to extend the number of outstanding requests. Such phantom functions need an IOMMU context...

kernel: KVM: x86/mmu: race condition in direct_page_fault()

A flaw was found in the Linux kernel in the KVM. A race condition in directpagefault allows guest OS users to cause a denial of service host OS crash or host OS memory corruption when nested virtualization and the TDP MMU are enabled...

SUSE CVE-2021-47094

In the Linux kernel, the following vulnerability has been resolved: KVM: x86/mmu: Don't advance iterator after restart due to yielding After dropping mmulock in the TDP MMU, restart the iterator during tdpiternext and do not advance the iterator. Advancing the iterator results in skipping the...