UBUNTU-CVE-2023-52832

In the Linux kernel, the following vulnerability has been resolved: wifi: mac80211: don't return unset power in ieee80211gettxpower We can get a UBSAN warning if ieee80211gettxpower returns the INTMIN value mac80211 internally uses for "unset power level". UBSAN: signed-integer-overflow in...

kernel: wifi: mac80211: don't return unset power in ieee80211_get_tx_power()

In the Linux kernel, the following vulnerability has been resolved: wifi: mac80211: don't return unset power in ieee80211gettxpower We can get a UBSAN warning if ieee80211gettxpower returns the INTMIN value mac80211 internally uses for "unset power level". UBSAN: signed-integer-overflow in...

Linux kernel 安全漏洞

Linux kernel is the kernel used by the Linux Foundation's open source operating system Linux. A security vulnerability exists in the Linux kernel that stems from an out-of-bounds error due to an unset skb-macheader...

CVE-2024-0433

The Gestpay for WooCommerce plugin for WordPress is vulnerable to Cross-Site Request Forgery in all versions up to, and including, 20221130. This is due to missing or incorrect nonce validation on the 'ajaxunsetdefaultcard' function. This makes it possible for unauthenticated attackers to remove...

PT-2024-15557 · WordPress · Gestpay For Woocommerce

Name of the Vulnerable Software and Affected Versions: Gestpay for WooCommerce plugin for WordPress versions up to, and including, 20221130 Description: The issue is related to Cross-Site Request Forgery due to missing or incorrect nonce validation on the ajax unset default card function. This...

WordPress Plugin Gestpay for WooCommerce Security Vulnerability

WordPress and WordPress plugin are both products of the WordPress Foundation.WordPress is a blogging platform developed using the PHP language. The platform supports setting up personal blog sites on servers with PHP and MySQL.WordPress plugin is an application plugin. A security vulnerability...

React Dashboard Security Vulnerability

React Dashboard is a template. A security vulnerability exists in React Dashboard version 1.4.0, which stems from unset httpOnly and is vulnerable to cross-site scripting attacks...

PT-2023-29647 · Unknown +1 · Stb Vorbis +1

Name of the Vulnerable Software and Affected Versions: stb vorbis affected versions not specified Description: The issue is related to a memory allocation failure in the start decoder function when processing a crafted ogg vorbis file. This failure causes the function to return early, setting...

CVE-2023-23451

The Flexi Classic and Flexi Soft Gateways SICK UE410-EN3 FLEXI ETHERNET GATEW. with serial number =2311xxxx all Firmware versions, SICK UE410-EN1 FLEXI ETHERNET GATEW. with serial number =2311xxxx all Firmware versions, SICK UE410-EN3S04 FLEXI ETHERNET GATEW. with serial number =2311xxxx all...

SUSE CVE-2006-3017

zendhashdelkeyorindex in zendhash.c in PHP before 4.4.3 and 5.x before 5.1.3 can cause zendhashdel to delete the wrong element, which prevents a variable from being unset even when the PHP unset function is called, which might cause the variable's value to be used in security-relevant operations...

SUSE CVE-2006-5116

Multiple cross-site request forgery CSRF vulnerabilities in phpMyAdmin before 2.9.1-rc1 allow remote attackers to perform unauthorized actions as another user by 1 directly setting a token in the URL though dynamic variable evaluation and 2 unsetting arbitrary variables via the REQUEST array,...

SUSE CVE-2008-1142

rxvt 2.6.4 opens a terminal window on :0 if the DISPLAY environment variable is not set, which might allow local users to hijack X11 connections. NOTE: it was later reported that rxvt-unicode, mrxvt, aterm, multi-aterm, and wterm are also affected. NOTE: realistic attack scenarios require that th...

SUSE CVE-2008-1270

moduserdir in lighttpd 1.4.18 and earlier, when userdir.path is not set, uses a default of $HOME, which might allow remote attackers to read arbitrary files, as demonstrated by accessing the nobody directory...

SUSE CVE-2013-5704

The modheaders module in the Apache HTTP Server 2.2.22 allows remote attackers to bypass "RequestHeader unset" directives by placing a header in the trailer portion of data sent with chunked transfer coding. NOTE: the vendor states "this is not a security issue in httpd as such."...

SUSE CVE-2015-2787

Use-after-free vulnerability in the processnesteddata function in ext/standard/varunserializer.re in PHP before 5.4.39, 5.5.x before 5.5.23, and 5.6.x before 5.6.7 allows remote attackers to execute arbitrary code via a crafted unserialize call that leverages use of the unset function within an...

SUSE CVE-2016-9310

The control mode mode 6 functionality in ntpd in NTP before 4.2.8p9 allows remote attackers to set or unset traps via a crafted control mode packet...

SUSE CVE-2017-18205

In builtin.c in zsh before 5.4, when sh compatibility mode is used, there is a NULL pointer dereference during processing of the cd command with no argument if HOME is not set...

SUSE CVE-2018-11646

webkitFaviconDatabaseSetIconForPageURL and webkitFaviconDatabaseSetIconURLForPageURL in UIProcess/API/glib/WebKitFaviconDatabase.cpp in WebKit, as used in WebKitGTK+ through 2.21.3, mishandle an unset pageURL, leading to an application crash...

PT-2022-27772 · Airtable · Airtable.Js

Name of the Vulnerable Software and Affected Versions: Airtable.js versions prior to 0.11.6 Description: The issue arises from a misconfigured build script in the Airtable.js source package, which bundles environment variables into the build target of a transpiled bundle. Specifically, the AIRTAB...

GSD-2022-1006613 ipvlan: Fix out-of-bound bugs caused by unset skb->mac_header

ipvlan: Fix out-of-bound bugs caused by unset skb-macheader This is an automated ID intended to aid in discovery of potential security vulnerabilities. The actual impact and attack plausibility have not yet been proven. This ID is fixed in Linux Kernel version v4.9.330 by commit...