Tagged: Cybersecurity Alert

An integer overflow in eProsima Fast-DDS v3.3 allows attackers to cause a Denial of Service (DoS) via a crafted input. More information : http://eprosima.com

eProsima Fast-DDS v3.3 was discovered to contain improper validation for ticket revocation, resulting in insecure communications and connections. More information : http://eprosima.com

In the Linux kernel, the following vulnerability has been resolved: atm/fore200e: Fix possible data race in fore200e_open() Protect access to fore200e->available_cell_rate with rate_mtx lock in the error handling path of fore200e_open() to prevent a...

In the Linux kernel, the following vulnerability has been resolved: team: Move team device type change at the end of team_port_add Attempting to add a port device that is already up will expectedly fail,...

In the Linux kernel, the following vulnerability has been resolved: veth: reduce XDP no_direct return section to fix race As explain in commit fa349e396e48 (“veth: Fix race with AF_XDP exposing old or uninitialized descriptors”)...

In the Linux kernel, the following vulnerability has been resolved: can: gs_usb: gs_usb_receive_bulk_callback(): check actual_length before accessing data The URB received in gs_usb_receive_bulk_callback() contains a struct gs_host_frame. The length of the data after the...

In the Linux kernel, the following vulnerability has been resolved: can: gs_usb: gs_usb_receive_bulk_callback(): check actual_length before accessing header The driver expects to receive a struct gs_host_frame in gs_usb_receive_bulk_callback(). Use struct_group to describe the header...

A reflected Cross-Site Scripting (XSS) vulnerability has been identified in TechStore version 1.0. The user_name endpoint reflects the id query parameter directly into the HTML response without output encoding or sanitization, allowing execution of...

In the Linux kernel, the following vulnerability has been resolved: net: dsa: microchip: Don’t free uninitialized ksz_irq If something goes wrong at setup, ksz_irq_free() can be called on uninitialized ksz_irq (for example when ksz_ptp_irq_setup()...

Improper Neutralization of Input During Web Page Generation (XSS or ‘Cross-site Scripting’) vulnerability in Hotech Software Inc. Otello allows Stored XSS.This issue affects Otello: from 2.4.0 before 2.4.4. More information : https://www.usom.gov.tr/bildirim/tr-25-0476

Missing Authorization vulnerability in VillaTheme HAPPY allows Exploiting Incorrectly Configured Access Control Security Levels.This issue affects HAPPY: from n/a through 1.0.9. More information : https://vdp.patchstack.com/database/wordpress/plugin/happy-helpdesk-support-ticket-system/vulnerability/wordpress-happy-plugin-1-0-9-broken-access-control-vulnerability?_s_id=cve

Missing Authorization vulnerability in Vikas Ratudi Chakra test allows Exploiting Incorrectly Configured Access Control Security Levels.This issue affects Chakra test: from n/a through 1.0.1. More information : https://vdp.patchstack.com/database/wordpress/plugin/chakra-test/vulnerability/wordpress-chakra-test-plugin-1-0-1-broken-access-control-vulnerability?_s_id=cve

Improper Neutralization of Input During Web Page Generation (‘Cross-site Scripting’) vulnerability in CodexThemes TheGem Theme Elements (for Elementor).This issue affects TheGem Theme Elements (for Elementor): from n/a through 5.10.5.1. More information : https://vdp.patchstack.com/database/wordpress/plugin/thegem-elements-elementor/vulnerability/wordpress-thegem-theme-elements-for-elementor-plugin-5-10-5-1-cross-site-scripting-xss-vulnerability?_s_id=cve

Improper Control of Filename for Include/Require Statement in PHP Program (‘PHP Remote File Inclusion’) vulnerability in CodexThemes TheGem Theme Elements (for Elementor).This issue affects TheGem Theme Elements (for Elementor): from n/a through 5.10.5.1. More...