RHEL 8 : libuv (RHSA-2024:8132)

The remote Redhat Enterprise Linux 8 host has packages installed that are affected by a vulnerability as referenced in the RHSA-2024:8132 advisory. libuv is a multi-platform support library with a focus on asynchronous I/O. Security Fixes: libuv: Improper Domain Lookup that potentially leads to...

OESA-2024-2218 kernel security update

The Linux Kernel, the operating system core itself. Security Fixes: In the Linux kernel, the following vulnerability has been resolved: ALSA: usb-audio: Stop parsing channels bits when all channels are found. If a usb audio device sets more bits than the amount of channels it could write outside ...

[SECURITY] Fedora 39 Update: rust-async-compression-0.4.13-1.fc39

Adaptors between compression crates and Rust's modern asynchronous IO types...

[SECURITY] Fedora 41 Update: rust-async-compression-0.4.13-1.fc41

Adaptors between compression crates and Rust's modern asynchronous IO types...

CVE-2024-42289

...

CentOS 7 : kpatch-patch (RHSA-2020:0028)

The remote CentOS Linux 7 host has packages installed that are affected by multiple vulnerabilities as referenced in the RHSA-2020:0028 advisory. - Improper invalidation for page table updates by a virtual guest operating system for multiple IntelR Processors may allow an authenticated user to...

Huawei EulerOS: Security Advisory for c-ares (EulerOS-SA-2024-2573)

The remote host is missing an update for the Huawei EulerOS SPDX-FileCopyrightText: 2024 Greenbone AG Some text descriptions might be excerpted from a referenced sources, and are Copyright C by the respective right holders. SPDX-License-Identifier: GPL-2.0-only ifdescription...

Huawei EulerOS: Security Advisory for c-ares (EulerOS-SA-2024-2498)

The remote host is missing an update for the Huawei EulerOS SPDX-FileCopyrightText: 2024 Greenbone AG Some text descriptions might be excerpted from a referenced sources, and are Copyright C by the respective right holders. SPDX-License-Identifier: GPL-2.0-only ifdescription...

EulerOS 2.0 SP11 : c-ares (EulerOS-SA-2024-2573)

According to the versions of the c-ares package installed, the EulerOS installation on the remote host is affected by the following vulnerabilities : c-ares is a C library for asynchronous DNS requests. aresreadline is used to parse local configuration files such as /etc/resolv.conf, /etc/...

Huawei EulerOS: Security Advisory for c-ares (EulerOS-SA-2024-2547)

The remote host is missing an update for the Huawei EulerOS SPDX-FileCopyrightText: 2024 Greenbone AG Some text descriptions might be excerpted from a referenced sources, and are Copyright C by the respective right holders. SPDX-License-Identifier: GPL-2.0-only ifdescription...

Huawei EulerOS: Security Advisory for c-ares (EulerOS-SA-2024-2522)

The remote host is missing an update for the Huawei EulerOS SPDX-FileCopyrightText: 2024 Greenbone AG Some text descriptions might be excerpted from a referenced sources, and are Copyright C by the respective right holders. SPDX-License-Identifier: GPL-2.0-only ifdescription...

WordPress plugin Photo Gallery, Images, Slider in Rbs Image Gallery 安全漏洞

WordPress and WordPress plugin are both products of the WordPress Foundation.WordPress is a blogging platform developed in the PHP language. The platform supports personal blog sites on PHP and MySQL servers.WordPress plugin is an application plugin. A security vulnerability exists in WordPress...

The vulnerability of the WordPress Infinite Scroll plugin – the Ajax Load More feature of the WordPress content management system – relates to the lack of security measures for website structures. This allows attackers to carry out cross-site scripting attacks.

The vulnerability of the WordPress Infinite Scroll plugin – the Ajax Load More feature of the WordPress content management system – is related to the lack of protective measures for the website’s structure. Exploiting this vulnerability allows a remote attacker to perform cross-site scripting...

CVE-2024-8437

The WP Easy Gallery – WordPress Gallery Plugin plugin for WordPress is vulnerable to unauthorized access due to a missing capability check on several functions hooked via AJAX like wpegsettings and wpegaddgallery in all versions up to, and including, 4.8.5. This makes it possible for authenticate...

kernel: gfs2: Fix potential glock use-after-free on unmount

A vulnerability was found in the Linux kernel within the gfs2 component, where potential use-after-free issues could occur on unmount. When DLM lockspaces are released with remaining locks, callbacks for asynchronous lock contention may access freed objects, causing unexpected behavior...

kernel: usb: atm: cxacru: fix endpoint checking in cxacru_bind()

In the Linux kernel, the following vulnerability has been resolved: usb: atm: cxacru: fix endpoint checking in cxacrubind Syzbot is still reporting quite an old issue 1 that occurs due to incomplete checking of present usb endpoints. As such, wrong endpoints types may be used at urb sumbitting...

kernel: gfs2: Fix potential glock use-after-free on unmount

A vulnerability was found in the Linux kernel within the gfs2 component, where potential use-after-free issues could occur on unmount. When DLM lockspaces are released with remaining locks, callbacks for asynchronous lock contention may access freed objects, causing unexpected behavior...

CVE-2024-45810

Envoy is a cloud-native high-performance edge/middle/service proxy. Envoy will crash when the http async client is handling sendLocalReply under some circumstance, e.g., websocket upgrade, and requests mirroring. The http async client will crash during the sendLocalReply in http async client, one...

VulnCheck KEV: CVE-2022-0885

The Member Hero WordPress plugin through 1.0.9 lacks authorization checks, and does not validate the a request parameter in an AJAX action, allowing unauthenticated users to call arbitrary PHP functions with no arguments...

CVE-2024-46765

In the Linux kernel, the following vulnerability has been resolved: ice: protect XDP configuration with a mutex The main threat to data consistency in icexdp is a possible asynchronous PF reset. It can be triggered by a user or by TX timeout handler. XDP setup and PF reset code access the same...