kernel: ext4: Fix function prototype mismatch for ext4_feat_ktype

In the Linux kernel, the following vulnerability has been resolved: ext4: Fix function prototype mismatch for ext4featktype With clang's kernel control flow integrity kCFI, CONFIGCFICLANG, indirect call targets are validated against the expected function pointer prototype to make sure the call...

DEBIAN-CVE-2021-47253

In the Linux kernel, the following vulnerability has been resolved: drm/amd/display: Fix potential memory leak in DMUB hwinit Why On resume we perform DMUB hwinit which allocates memory: dmresume-dmdmubhwinit-dcdmubsrvcreate-kzalloc That results in memory leak in suspend/resume scenarios. How...

CVE-2021-47253

In the Linux kernel, the following vulnerability has been resolved: drm/amd/display: Fix potential memory leak in DMUB hwinit Why On resume we perform DMUB hwinit which allocates memory: dmresume-dmdmubhwinit-dcdmubsrvcreate-kzalloc That results in memory leak in suspend/resume scenarios. How...

UBUNTU-CVE-2021-47253

In the Linux kernel, the following vulnerability has been resolved: drm/amd/display: Fix potential memory leak in DMUB hwinit Why On resume we perform DMUB hwinit which allocates memory: dmresume-dmdmubhwinit-dcdmubsrvcreate-kzalloc That results in memory leak in suspend/resume scenarios. How...

SUSE CVE-2024-34997

joblib v1.4.2 was discovered to contain a deserialization vulnerability via the component joblib.numpypickle::NumpyArrayWrapper.readarray. NOTE: this is disputed by the supplier because NumpyArrayWrapper is only used during caching of trusted content...

CVE-2024-35802

A flaw was found in the Linux kernel. Incorrect position-dependent variable references in the startup code may lead to a crash...

PT-2024-26286

Name of the Vulnerable Software and Affected Versions joblib version 1.4.2 Description A deserialization issue was found in the joblib.numpy pickle::NumpyArrayWrapper.read array component. This issue is disputed by the supplier, who claims that NumpyArrayWrapper is only used during caching of...

GHSA-PQJM-XCP8-WGMM Ez Platform and Legacy are prone to an insecure interpretation of PHP/PHAR uploads

The eZ Platform and Legacy are affected by an issue related to how uploaded PHP and PHAR files are handled, and consists of two parts: 1. Web server configuration, and 2. Disabling the PHAR stream wrapper. 1. WEB SERVER CONFIGURATION The sample web server configuration in our documentation can in...

Ez Platform and Legacy are prone to an insecure interpretation of PHP/PHAR uploads

The eZ Platform and Legacy are affected by an issue related to how uploaded PHP and PHAR files are handled, and consists of two parts: 1. Web server configuration, and 2. Disabling the PHAR stream wrapper. 1. WEB SERVER CONFIGURATION The sample web server configuration in our documentation can in...

PT-2024-40768 · Oracle · Java.Base

Name of the Vulnerable Software and Affected Versions: com.github.javaparser affected versions not specified Description: The issue is related to a security exception. Technical details about the crash include the insertComments function in com.github.javaparser.CommentsInserter, as well as the...

CVE-2024-1572

The WP ULike plugin for WordPress is vulnerable to Stored Cross-Site Scripting via the plugin's 'wpulike' shortcode in all versions up to, and including, 4.6.9 due to insufficient input sanitization and output escaping on the user supplied 'wrapperclass' attribute. This makes it possible for...

WordPress plugin WP ULike 安全漏洞

WordPress and WordPress plugin are both products of the WordPress Foundation.WordPress is a set of blogging platforms developed using the PHP language. The platform supports setting up personal blog sites on servers with PHP and MySQL.WordPress plugin is an application plugin. A security...

CVE-2024-26953

In the Linux kernel, the following vulnerability has been resolved: net: esp: fix bad handling of pages from pagepool When the skb is reorganized during espoutput !esp-inline, the pages coming from the original skb fragments are supposed to be released back to the system through putpage. But if t...

traceroute: improper command line parsing

A vulnerability was found in traceroute. This security issue is caused by wrapper scripts that do not properly parse command lines...

PT-2024-23469 · WordPress · Wpvivid Backup & Migration Plugin

Name of the Vulnerable Software and Affected Versions: WPvivid Backup & Migration Plugin for WordPress versions up to, and including, 0.9.99 Description: The issue arises from insufficient path validation on the tree nodenodeid parameter, allowing authenticated attackers with admin-level access a...

Premium Addons for Elementor < 4.10.17 - Contributor+ Stored Cross-Site Scripting via Wrapper Link Widget

Description The plugin is vulnerable to Stored Cross-Site Scripting via the plugin's Wrapper Link Widget in all versions up to, and including, 4.10.16 due to insufficient input sanitization and output escaping on user supplied URLs. This makes it possible for authenticated attackers with...

CVE-2024-0376

The Premium Addons for Elementor plugin for WordPress is vulnerable to Stored Cross-Site Scripting via the plugin's Wrapper Link Widget in all versions up to, and including, 4.10.16 due to insufficient input sanitization and output escaping on user supplied URLs. This makes it possible for...

WordPress Plugin Premium Addons for Elementor 安全漏洞

WordPress and WordPress plugin are both products of the WordPress Foundation.WordPress is a blogging platform developed using the PHP language. The platform supports personal blog sites on servers running PHP and MySQL.WordPress plugin is an application plugin. A security vulnerability exists in...

PT-2024-15510 · WordPress · Premium Addons For Elementor

Name of the Vulnerable Software and Affected Versions: Premium Addons for Elementor plugin for WordPress versions up to, and including, 4.10.16 Description: The issue is related to Stored Cross-Site Scripting via the plugin's Wrapper Link Widget due to insufficient input sanitization and output...

CVE-2024-1428

The Element Pack Elementor Addons Header Footer, Free Template Library, Grid, Carousel, Table, Parallax Animation, Register Form, Twitter Grid plugin for WordPress is vulnerable to Stored Cross-Site Scripting via the ‘elementpackwrapperlink’ attribute of the Trailer Box widget in all versions up...