CVE-2024-53140 netlink: terminate outstanding dump on socket close

In the Linux kernel, the following vulnerability has been resolved: netlink: terminate outstanding dump on socket close Netlink supports iterative dumping of data. It provides the families the following ops: - start - optional kicks off the dumping process - dump - actual dump helper, keeps getti...

PT-2024-16660 · WordPress · Authors List

Name of the Vulnerable Software and Affected Versions: The Authors List plugin for WordPress versions up to, and including, 2.0.4 Description: The issue allows unauthenticated attackers to execute arbitrary shortcodes due to the software permitting users to execute an action that does not properl...

The vulnerability of the aio kernel component in the Linux operating system allows attackers to increase their privileges within the system.

The vulnerability of the aio kernel component in the Linux operating system is related to memory management errors after deallocation. Exploiting this vulnerability can allow an attacker to gain elevated privileges within the system...

DEBIAN-CVE-2024-53990

The AsyncHttpClient AHC library allows Java applications to easily execute HTTP requests and asynchronously process HTTP responses. When making any HTTP request, the automatically enabled and self-managed CookieStore aka cookie jar will silently replace explicitly defined Cookies with any that ha...

Important: Red Hat Security Advisory: python-tornado security update

An update for python-tornado is now available for Red Hat Enterprise Linux 9. Red Hat Product Security has rated this update as having a security impact of Important. A Common Vulnerability Scoring System CVSS base score, which gives a detailed severity rating, is available for each vulnerability...

ALSA-2024:10590 Important: python-tornado security update

Tornado is a Python web framework and asynchronous networking library that provides an open source version of scalable, non-blocking web server and tools. Security Fixes: python-tornado: Tornado has HTTP cookie parsing DoS vulnerability CVE-2024-52804 For more details about the security issues,...

Race Condition

Overview minio is a MinIO Python SDK for Amazon S3 Compatible Cloud Storage Affected versions of this package are vulnerable to Race Condition due to improper handling of shared resources in worker threads via the helpers.py function. An attacker can exploit this by initiating multiple asynchrono...

[SECURITY] Fedora 40 Update: libsoup3-3.4.4-5.fc40

Libsoup is an HTTP library implementation in C. It was originally part of a SOAP Simple Object Access Protocol implementation called Soup, but the SOAP and non-SOAP parts have now been split into separate packages. libsoup uses the Glib main loop and is designed to work well with GTK applications...

PT-2024-17345 · WordPress · Image Alt Text

Name of the Vulnerable Software and Affected Versions: Image Alt Text plugin for WordPress versions up to and including 2.0.0 Description: The issue allows authenticated attackers with subscriber-level access and above to update the alt text on arbitrary images due to a missing capability check o...

[SECURITY] Fedora 39 Update: libsoup3-3.4.4-3.fc39

Libsoup is an HTTP library implementation in C. It was originally part of a SOAP Simple Object Access Protocol implementation called Soup, but the SOAP and non-SOAP parts have now been split into separate packages. libsoup uses the Glib main loop and is designed to work well with GTK applications...

PYSEC-2024-310

Sentry is an error tracking and performance monitoring platform. Version 24.11.0, and only version 24.11.0, is vulnerable to a scenario where a specific error message generated by the Sentry platform could include a plaintext Client ID and Client Secret for an application integration. The Client ...

CVE-2024-52804

Tornado is a Python web framework and asynchronous networking library. The algorithm used for parsing HTTP cookies in Tornado versions prior to 6.4.2 sometimes has quadratic complexity, leading to excessive CPU consumption when parsing maliciously-crafted cookie headers. This parsing occurs in th...

WordPress plugin Ultimate Member 安全漏洞

WordPress and WordPress plugin are both products of the WordPress Foundation.WordPress is a blogging platform developed using the PHP language. The platform supports personal blog sites on PHP and MySQL servers.WordPress plugin is an application plugin. A security vulnerability exists in WordPres...

UBUNTU-CVE-2024-53073

In the Linux kernel, the following vulnerability has been resolved: NFSD: Never decrement pendingasynccopies on error The error flow in nfsd4copy calls cleanupasynccopy, which already decrements nn-pendingasynccopies...

CVE-2024-52303 aiohttp memory leak when middleware is enabled when requesting a resource with a non-allowed method

aiohttp is an asynchronous HTTP client/server framework for asyncio and Python. In versions starting with 3.10.6 and prior to 3.10.11, a memory leak can occur when a request produces a MatchInfoError. This was caused by adding an entry to a cache on each request, due to the building of each...

WordPress plugin WP Log Viewer 安全漏洞

WordPress and WordPress plugin are both products of the WordPress Foundation.WordPress is a set of blogging platforms developed using the PHP language. The platform supports setting up personal blog sites on servers with PHP and MySQL.WordPress plugin is an application plugin. A security...

WordPress plugin WP Chat App 安全漏洞

WordPress and WordPress plugin are both products of the WordPress Foundation.WordPress is a blogging platform developed using the PHP language. The platform supports setting up personal blog sites on servers with PHP and MySQL.WordPress plugin is an application plugin. A security vulnerability...

CVE-2024-47535

A flaw was found in Netty. An unsafe reading of the environment file could potentially cause a denial of service. When loaded on a Windows application, Netty attempts to load a file that does not exist. If an attacker creates a large file, the Netty application crashes...

Orchid Platform has Method Exposure Vulnerability in Modals

Impact This vulnerability is a method exposure issue CWE-749: Exposed Dangerous Method or Function in the Orchid Platform’s asynchronous modal functionality, affecting users of Orchid Platform version 8 through 14.42.x. Attackers could exploit this vulnerability to call arbitrary methods within t...

CVE-2024-47535

Netty is an asynchronous event-driven network application framework for rapid development of maintainable high performance protocol servers & clients. An unsafe reading of environment file could potentially cause a denial of service in Netty. When loaded on an Windows application, Netty attempts ...