Apostrophe has authenticated SSRF in rich-text widget import via @apostrophecms/area/validate-widget

Summary ApostropheCMS contains an authenticated server-side request forgery SSRF in the rich-text widget import flow. An authenticated user who can submit/edit rich-text widget content can cause the server to fetch attacker-controlled URLs during widget validation. For image-compatible responses,...

PT-2026-41154

Summary ApostropheCMS contains an authenticated server-side request forgery SSRF in the rich-text widget import flow. An authenticated user who can submit/edit rich-text widget content can cause the server to fetch attacker-controlled URLs during widget validation. For image-compatible responses,...

AZL-57899 CVE-2024-58012 affecting package kernel 6.6.126.1-1

In the Linux kernel, the following vulnerability has been resolved: ASoC: SOF: Intel: hda-dai: Ensure DAI widget is valid during params Each cpu DAI should associate with a widget. However, the topology might not create the right number of DAI widgets for aggregated amps. And it will cause NULL...

CVE-2024-58012

In the Linux kernel, the following vulnerability has been resolved: ASoC: SOF: Intel: hda-dai: Ensure DAI widget is valid during params Each cpu DAI should associate with a widget. However, the topology might not create the right number of DAI widgets for aggregated amps. And it will cause NULL...

CVE-2024-58012

CVE-2024-58012 affects the Linux kernel ASoC: SOF Intel hda-dai path. The vulnerability arises from topologies not creating the correct number of DAI widgets for aggregated amps, allowing a NULL pointer dereference when associating a CPU DAI with a widget. The fixed code adds a validity check to ...

CVE-2024-58012 ASoC: SOF: Intel: hda-dai: Ensure DAI widget is valid during params

In the Linux kernel, the following vulnerability has been resolved: ASoC: SOF: Intel: hda-dai: Ensure DAI widget is valid during params Each cpu DAI should associate with a widget. However, the topology might not create the right number of DAI widgets for aggregated amps. And it will cause NULL...

CVE-2024-58012 ASoC: SOF: Intel: hda-dai: Ensure DAI widget is valid during params

In the Linux kernel, the following vulnerability has been resolved: ASoC: SOF: Intel: hda-dai: Ensure DAI widget is valid during params Each cpu DAI should associate with a widget. However, the topology might not create the right number of DAI widgets for aggregated amps. And it will cause NULL...

TYPO3 Input Validation Error Vulnerability (CNVD-2020-65162)

TYPO3 is a free and open source content management system framework CMS/CMF of the Swiss TYPO3 Association. TYPO3 suffers from a security vulnerability that stems from insufficient validation of user-supplied XML input in RSS widgets, which can be exploited by a remote user to pass specially...