Low: Red Hat Security Advisory: c-ares security update

An update for c-ares is now available for Red Hat Enterprise Linux 8. Red Hat Product Security has rated this update as having a security impact of Low. A Common Vulnerability Scoring System CVSS base score, which gives a detailed severity rating, is available for each vulnerability from the CVE...

kernel: tls: race between async notify and socket close

A race condition vulnerability was found in the tls subsystem of the Linux kernel. The submitting thread that calls recvmsg/sendmsg may exit as soon as the async crypto handler calls complete; any code past that point risks touching already freed data. This could lead to a use-after-free issue an...

Exploit for CVE-2024-27292

CVE-2024-27292 : Docassemble V1.4.96 Unauthenticated Path Trav...

net: tls: fix use-after-free with partial reads and async decrypt

...

SUSE CVE-2024-39371

In the Linux kernel, the following vulnerability has been resolved: iouring: check for non-NULL file pointer in iofilecanpoll In earlier kernels, it was possible to trigger a NULL pointer dereference off the forced async preparation path, if no file had been assigned. The trace leading to that...

SUSE CVE-2024-39464

In the Linux kernel, the following vulnerability has been resolved: media: v4l: async: Fix notifier list entry init struct v4l2asyncnotifier has several listhead members, but only waitinglist and donelist are initialized. notifierentry was kept 'zeroed' leading to an uninitialized listhead. This...

Moderate: Red Hat Security Advisory: VolSync 0.9.2 for RHEL 9

VolSync v0.9.2 general availability release images provide the following: enhancements, security fixes, and updated container images. Red Hat Product Security has rated this update as having a security impact of Moderate. A Common Vulnerability Scoring System CVSS base score, which gives a detail...

DEBIAN-CVE-2024-39464

In the Linux kernel, the following vulnerability has been resolved: media: v4l: async: Fix notifier list entry init struct v4l2asyncnotifier has several listhead members, but only waitinglist and donelist are initialized. notifierentry was kept 'zeroed' leading to an uninitialized listhead. This...

Exploit for OS Command Injection in Zyxel Nas326_Firmware

CVE-2024-29973 Exploiter a Vulnerability detection and Exploit...

CLSA-2024-1718950178 Fix of 22 CVEs

CVE-url: https://ubuntu.com/security/CVE-2024-26764 - aio: remove an outdated BUGON and comment in aiocomplete - aio: remove the extra getfile/fput pair in iosubmitone - aio: refactor read/write iocb setup - fs/aio: Restrict kiocbsetcancelfn to I/O submitted via libaio CVE-url:...

Linux kernel security vulnerabilities

Linux kernel is the kernel used by Linux, the open source operating system of the Linux Foundation in the United States. A security vulnerability exists in the Linux kernel that stems from the ceph module correctly placing a cephstring reference after an asynchronous creation attempt...

UBUNTU-CVE-2024-38591

In the Linux kernel, the following vulnerability has been resolved: RDMA/hns: Fix deadlock on SRQ async events. xalock for SRQ table may be required in AEQ. Use xastoreirq/ xaeraseirq to avoid deadlock...

WordPress Wheel of Life: Coaching and Assessment Tool for Life Coach plugin <= 1.1.7 - Missing Authorization on Several AJAX Endpoints vulnerability

Missing Authorization on Several AJAX Endpoints vulnerability discovered by Lucio Sá in WordPress Plugin Wheel of Life versions = 1.1.7...

Linux kernel security vulnerabilities

Linux kernel is the kernel used by Linux, the open source operating system of the Linux Foundation in the United States. A security vulnerability exists in the Linux kernel that stems from a deadlock issue on SRQ asynchronous events...

CVE-2024-5860

The Tickera – WordPress Event Ticketing plugin for WordPress is vulnerable to unauthorized loss of data due to a missing capability check on the tcdldeletetickets AJAX action in all versions up to, and including, 3.5.2.8. This makes it possible for authenticated attackers, with Subscriber-level...

The vulnerability of the wpDataTables plugin (Premium) in the WordPress content management system allows a hacker to execute arbitrary SQL queries.

The vulnerability of the wpDataTables plugin Premium in the WordPress content management system is related to the lack of protective measures for the SQL query structure. Exploiting this vulnerability allows a malicious actor to execute arbitrary SQL queries through the idkey parameter in the...

Unspecified vulnerability in Linux kernel (CNVD-2024-28365)

Linux kernel is the kernel used by Linux, the open source operating system of the Linux Foundation in the United States. A security vulnerability exists in the Linux kernel that stems from the net module calling asynchronous callbacks twice under certain circumstances. No details of the...

CVE-2024-2544

The Popup Builder plugin for WordPress is vulnerable to unauthorized modification of data and loss of data due to a missing capability check on all AJAX actions. This makes it possible for authenticated attackers, with subscriber-level access and above, to perform multiple unauthorized actions,...

WordPress plugin Popup Builder security vulnerability

WordPress and WordPress plugin are both products of the WordPress Foundation.WordPress is a blogging platform developed using the PHP language. WordPress plugin is an application plugin that supports personal blog sites on servers running PHP and MySQL. A security vulnerability exists in the...

WordPress Popup Builder plugin <= 4.3.0 - Missing Authorization in Multiple AJAX Actions vulnerability

Missing Authorization in Multiple AJAX Actions vulnerability discovered by Alex Thomas in WordPress Plugin Popup Builder versions = 4.3.0...