1070 matches found
MapPress < 2.88.17 - Contributor+ Stored XSS via Map Settings
Description The plugin is vulnerable to Stored Cross-Site Scripting via the width and height parameters, allowing with contributor access and above to perform Stored XSS attacks - Go to Plugin’s page /wp-admin/admin.php?page=mappressmaps - Add New Map and search any location you want. - Add XSS...
CVE-2023-7225
The MapPress Maps for WordPress plugin for WordPress is vulnerable to Stored Cross-Site Scripting via the width and height parameters in all versions up to, and including, 2.88.16 due to insufficient input sanitization and output escaping. This makes it possible for authenticated attackers, with...
CVE-2023-7225
The MapPress Maps for WordPress plugin for WordPress is vulnerable to Stored Cross-Site Scripting via the width and height parameters in all versions up to, and including, 2.88.16 due to insufficient input sanitization and output escaping. This makes it possible for authenticated attackers, with...
PT-2024-15236 · WordPress · Mappress Maps
Name of the Vulnerable Software and Affected Versions: MapPress Maps for WordPress versions up to, and including, 2.88.16 Description: The issue is related to Stored Cross-Site Scripting via the width and height parameters due to insufficient input sanitization and output escaping. This allows...
kernel: fbcon: shift-out-of-bounds in fbcon_set_font()
A flaw was found in the Framebuffer Console fbcon in the Linux Kernel. When providing a font-width and font-height greater than 32 to the fbconsetfont, since there are no checks in place, a shift-out-of-bounds occurs, leading to undefined behavior and possible denial of service...
PT-2024-1991 · Linux +5 · Linux Kernel +5
Name of the Vulnerable Software and Affected Versions: Linux kernel affected versions not specified Description: The issue is related to an out-of-bounds access in the of pwm single xlate function of the Linux kernel's PWM Pulse Width Modulation driver. This can potentially allow an attacker to...
CVE-2023-6684
The Ibtana – WordPress Website Builder plugin for WordPress is vulnerable to Stored Cross-Site Scripting via the 'ive' shortcode in versions up to, and including, 1.2.2 due to insufficient input sanitization and output escaping on 'width' and 'height' user supplied attribute. This makes it possib...
PT-2024-15049 · WordPress · Ibtana
Name of the Vulnerable Software and Affected Versions: Ibtana – WordPress Website Builder plugin for WordPress versions up to, and including, 1.2.2 Description: The issue is related to Stored Cross-Site Scripting via the 'ive' shortcode due to insufficient input sanitization and output escaping o...
WordPress Plugin Ibtana Security Vulnerability
WordPress and WordPress plugin are both products of the WordPress Foundation.WordPress is a blogging platform developed using the PHP language. The platform supports setting up personal blog sites on servers with PHP and MySQL.WordPress plugin is an application plugin. A security vulnerability...
CVE-2023-46835
The current setup of the quarantine page tables assumes that the quarantine domain domio has been initialized with an address width of DEFAULTDOMAINADDRESSWIDTH 48 and hence 4 page table levels. However domio being a PV domain gets the AMD-Vi IOMMU page tables levels based on the maximum hot...
CVE-2023-46835
The current setup of the quarantine page tables assumes that the quarantine domain domio has been initialized with an address width of DEFAULTDOMAINADDRESSWIDTH 48 and hence 4 page table levels. However domio being a PV domain gets the AMD-Vi IOMMU page tables levels based on the maximum hot...
CVE-2023-40238
A LogoFAIL issue was discovered in BmpDecoderDxe in Insyde InsydeH2O with kernel 5.2 before 05.28.47, 5.3 before 05.37.47, 5.4 before 05.45.47, 5.5 before 05.53.47, and 5.6 before 05.60.47 for certain Lenovo devices. Image parsing of crafted BMP logo files can copy data to a specific address duri...
kernel: fbcon: shift-out-of-bounds in fbcon_set_font()
A flaw was found in the Framebuffer Console fbcon in the Linux Kernel. When providing a font-width and font-height greater than 32 to the fbconsetfont, since there are no checks in place, a shift-out-of-bounds occurs, leading to undefined behavior and possible denial of service...
kernel: fbcon: shift-out-of-bounds in fbcon_set_font()
A flaw was found in the Framebuffer Console fbcon in the Linux Kernel. When providing a font-width and font-height greater than 32 to the fbconsetfont, since there are no checks in place, a shift-out-of-bounds occurs, leading to undefined behavior and possible denial of service...
OESA-2023-1740 libvpx security update
libvpx provides the VP8/VP9 SDK, which allows you to integrate your applications with the VP8 and VP9 video codecs, high quality, royalty free, open source codecs deployed on millions of computers and devices worldwide. Security Fixes: VP9 in libvpx before 1.13.1 mishandles widths, leading to a...
kernel: fbcon: shift-out-of-bounds in fbcon_set_font()
A flaw was found in the Framebuffer Console fbcon in the Linux Kernel. When providing a font-width and font-height greater than 32 to the fbconsetfont, since there are no checks in place, a shift-out-of-bounds occurs, leading to undefined behavior and possible denial of service...
VP9 in libvpx before 1.13.1 mishandles widths leading to a crash related to encoding.
...
SUSE CVE-2023-44488
VP9 in libvpx before 1.13.1 mishandles widths, leading to a crash related to encoding...
UBUNTU-CVE-2023-44488
VP9 in libvpx before 1.13.1 mishandles widths, leading to a crash related to encoding...
DEBIAN-CVE-2023-44488
VP9 in libvpx before 1.13.1 mishandles widths, leading to a crash related to encoding...