CVE-2023-0937

The CVE-2023-0937 entry concerns the VK All in One Expansion Unit WordPress plugin prior to 9.87.1.0. The root cause is failure to escape the $_SERVER[REQUEST_URI] value before echoing it into an attribute, enabling Reflected Cross-Site Scripting. Affected component is the WordPress plugin code h...

WordPress Plugin VK All in One Expansion Unit 跨站脚本漏洞

WordPress and WordPress plugin are both products of the WordPress Foundation.WordPress is a blogging platform developed using the PHP language. WordPress is a blogging platform developed in the PHP language that supports personal blogs on PHP and MySQL servers.WordPress plugin is an application...

Namespace: Fusing will only result in namespaces containing font class 0, irrelevant of fused tiles

Lines of code Vulnerability details H-02 Namespace: Fusing will only result in namespaces containing font class 0, irrelevant of fused tiles After minting trays, a user can fuse tiles from multiple trays into a namespace. A tray tile specifies a character font class, the character's index and the...

CVE-2023-28116 Buffer overflow in L2CAP due to misconfigured MTU

Contiki-NG is an open-source, cross-platform operating system for internet of things IoT devices. In versions 4.8 and prior, an out-of-bounds write can occur in the BLE L2CAP module of the Contiki-NG operating system. The network stack of Contiki-NG uses a global buffer packetbuf for processing o...

SUSE CVE-2022-22075

Information Disclosure in Graphics during GPU context switch...

In the Linux kernel before 5.19 drivers/gpu/drm/arm/malidp_planes.c misinterprets the get_sg_table return value (expects it to be NULL in the error case whereas it is actually an error pointer).

...

ABB SMU615 Improper Initialization (CVE-2021-22283)

Improper Initialization vulnerability in ABB Relion protection relays - 611 series, ABB Relion protection relays - 615 series IEC 4.0 FP1, ABB Relion protection relays - 615 series CN 4.0 FP1, ABB Relion protection relays - 615 series IEC 5.0, ABB Relion protection relays - 615 series IEC 5.0 FP1...

CVE-2023-20651

In apu, there is a possible out of bounds read due to a missing bounds check. This could lead to local information disclosure with System execution privileges needed. User interaction is not needed for exploitation. Patch ID: ALPS07629576; Issue ID: ALPS07629576...

Rittal CMC III PU 安全漏洞

The Rittal CMC III PU is a Supervisory Control Processing Unit from Rittal for IT, building and industrial applications. A security vulnerability exists in the CMC III, CMC compact, which can be exploited by an attacker to open a control cabinet protected with a Rittal lock...

UBUNTU-CVE-2022-36021

Redis is an in-memory database that persists on disk. Authenticated users can use string matching commands like SCAN or KEYS with a specially crafted pattern to trigger a denial-of-service attack on Redis, causing it to hang and consume 100% CPU time. The problem is fixed in Redis versions 6.0.18...

The vulnerability of AMD Secure Processor’s microprogrammed software, including the System Management Unit (SMU), arises from the possibility of writing operations outside of the buffer in memory, allowing an attacker to compromise the integrity of the protected information.

The vulnerability of AMD Secure Processor ASP and System Management Unit SMU microprogramming software lies in the execution of operations outside the buffer in memory. Exploiting this vulnerability can allow a malicious actor to compromise the integrity of the protected information...

The vulnerabilities of AMD Secure Processor (ASP), System Management Unit (SMU), and Secure Encrypted Virtualization (SEV) related to initialization errors allow attackers to disclose protected information.

The vulnerabilities of AMD Secure Processor ASP, System Management Unit SMU, and Secure Encrypted Virtualization SEV related to initialization errors allow attackers to expose protected information...

CVE-2021-22283

Improper Initialization vulnerability in ABB Relion protection relays - 611 series, ABB Relion protection relays - 615 series IEC 4.0 FP1, ABB Relion protection relays - 615 series CN 4.0 FP1, ABB Relion protection relays - 615 series IEC 5.0, ABB Relion protection relays - 615 series IEC 5.0 FP1...

WordPress VK All in One Expansion Unit Plugin < 9.86.0.0 is vulnerable to Cross Site Scripting (XSS)

Software VK All in One Expansion Unit Type Plugin Vulnerable versions 9.86.0.0 Fixed in 9.86.0.0 OWASP Top 10 A7: Cross-Site Scripting XSS Classification Cross Site Scripting XSS CVE CVE-2023-0230 Patch priority Medium CVSS severity Medium 6.5 Developer Claim ownership PSID ada9adbd1470 Credits...

Cross site scripting

The VK All in One Expansion Unit WordPress plugin before 9.86.0.0 does not validate and escape some of its block options before outputting them back in a page/post where the block is embed, which could allow users with the contributor role and above to perform Stored Cross-Site Scripting attacks...

CVE-2023-0230 VK All in One Expansion Unit < 9.86.0.0 - Contributor+ Stored XSS

The VK All in One Expansion Unit WordPress plugin before 9.86.0.0 does not validate and escape some of its block options before outputting them back in a page/post where the block is embed, which could allow users with the contributor role and above to perform Stored Cross-Site Scripting attacks...

CVE-2023-0230

The CVE-2023-0230 entry pertains to the VK All in One Expansion Unit WordPress plugin prior to version 9.86.0.0, which does not validate or escape certain block options when output in an embedded block, enabling Stored XSS for users with the contributor role or higher. Information from multiple c...

The vulnerability of the System Management Unit (SMU) component of AMD processors allows a hacker to trigger a service failure.

The vulnerability of the System Management Unit SMU component of AMD processors exists due to insufficient testing of input data. Exploiting this vulnerability can allow a malicious actor to cause service failures remotely...

Zephyr 安全漏洞

Zephyr is an extensible real-time operating system RTOS open-sourced by the Zephyr Project. A security vulnerability exists in Zephyr version v2.4.0, which stems from invalid ACLMTU packets not being handled correctly during hci host stack initialization, and which can be exploited by an attacker...

WordPress VK All in One Expansion Unit Plugin <= 9.87.0.1 is vulnerable to Cross Site Scripting (XSS)

Software VK All in One Expansion Unit Type Plugin Vulnerable versions = 9.87.0.1 Fixed in 9.87.1.0 OWASP Top 10 A7: Cross-Site Scripting XSS Classification Cross Site Scripting XSS CVE N/A Patch priority High CVSS severity High 7.1 Developer Claim ownership PSID c3722e6e8342 Credits WordFence...