K000139353: aiohttp vulnerability CVE-2024-23334

Security Advisory Description aiohttp is an asynchronous HTTP client/server framework for asyncio and Python. When using aiohttp as a web server and configuring static routes, it is necessary to specify the root path for static files. Additionally, the option 'followsymlinks' can be used to...

WordPress Plugin Poll Maker 安全漏洞

WordPress and WordPress plugin are both products of the WordPress Foundation.WordPress is a set of blogging platforms developed using the PHP language. The platform supports setting up personal blog sites on servers with PHP and MySQL.WordPress plugin is an application plugin. A security...

CVE-2024-27306

aiohttp is an asynchronous HTTP client/server framework for asyncio and Python. A XSS vulnerability exists on index pages for static file handling. This vulnerability is fixed in 3.9.4. We have always recommended using a reverse proxy server e.g. nginx for serving static files. Users following th...

CVE-2024-27306

CVE-2024-27306 : An XSS vulnerability exists in aiohttp’s index pages for static file handling. Root cause: improper validation of input on index/static file pages. The issue is fixed in aiohttp 3.9.4. Public advisories recommend upgrading to the patched version; for those unable to upgrade, a wo...

CVE-2024-27306 aiohttp vulnerable to XSS on index pages for static file handling

aiohttp is an asynchronous HTTP client/server framework for asyncio and Python. A XSS vulnerability exists on index pages for static file handling. This vulnerability is fixed in 3.9.4. We have always recommended using a reverse proxy server e.g. nginx for serving static files. Users following th...

[SECURITY] Fedora 39 Update: c-ares-1.28.1-1.fc39

c-ares is a C library that performs DNS requests and name resolves asynchronously. c-ares is a fork of the library named 'ares', written by Greg Hudson at MIT...

[SECURITY] Fedora 38 Update: c-ares-1.28.1-1.fc38

c-ares is a C library that performs DNS requests and name resolves asynchronously. c-ares is a fork of the library named 'ares', written by Greg Hudson at MIT...

Fedora 39 : c-ares (2024-835800b552)

The remote Fedora 39 host has a package installed that is affected by a vulnerability as referenced in the FEDORA-2024-835800b552 advisory. 1.28.1 fixes a significant bug in 1.28.0. ---- Update to 1.28.0. Also fixes CVE-2024-25629. Tenable has extracted the preceding description block directly fr...

WordPress Plugin Login With Ajax 跨站请求伪造漏洞

WordPress and WordPress plugin are both products of the WordPress Foundation.WordPress is a blogging platform developed using the PHP language. WordPress is a blogging platform developed using the PHP language, which supports personal blogs on PHP and MySQL servers.WordPress plugin is an...

SUSE CVE-2024-26800

In the Linux kernel, the following vulnerability has been resolved: tls: fix use-after-free on failed backlog decryption When the decrypt request goes to the backlog and cryptoaeaddecrypt returns -EBUSY, tlsdodecryption will wait until all async decryptions have completed. If one of them fails,...

Oracle Linux 9 : bind (ELSA-2024-1789)

The remote Oracle Linux 9 host has packages installed that are affected by multiple vulnerabilities as referenced in the ELSA-2024-1789 advisory. - Add downstream change complementing CVE-2023-50387 - Prevent increased CPU load on large DNS messages CVE-2023-4408 - Prevent assertion failure when...

Moderate: Red Hat Security Advisory: VolSync 0.9.1 security fixes and enhancements

VolSync v0.9.1 general availability release images, which provide enhancements, security fixes, and updated container images. Red Hat Product Security has rated this update as having a security impact of Moderate. A Common Vulnerability Scoring System CVSS base score, which gives a detailed...

CVE-2021-47189 btrfs: fix memory ordering between normal and ordered work functions

In the Linux kernel, the following vulnerability has been resolved: btrfs: fix memory ordering between normal and ordered work functions Ordered work functions aren't guaranteed to be handled by the same thread which executed the normal work functions. The only way execution between normal/ordere...

PT-2024-7852

Name of the Vulnerable Software and Affected Versions Linux kernel affected versions not specified Description The vulnerability is related to the serial component of the Linux kernel and involves a NULL pointer dereference in the uart tty port shutdown function. This can lead to a denial of...

SUSE SLED15 / SLES15 / openSUSE 15 Security Update : c-ares (SUSE-SU-2024:1136-1)

The remote SUSE Linux SLED15 / SLEDSAP15 / SLES15 / SLESSAP15 / openSUSE 15 host has packages installed that are affected by a vulnerability as referenced in the SUSE-SU-2024:1136-1 advisory. - c-ares is a C library for asynchronous DNS requests. aresreadline is used to parse local configuration...

WordPress Plugin AI Post Generator | AutoWriter 安全漏洞

WordPress and WordPress plugin are both products of the WordPress Foundation.WordPress is a blogging platform developed using the PHP language. The platform supports setting up personal blog sites on servers with PHP and MySQL.WordPress plugin is an application plugin. A security vulnerability...

WordPress Plugin Video Conferencing with Zoom 安全漏洞

WordPress and WordPress plugin are both products of the WordPress Foundation.WordPress is a blogging platform developed using the PHP language. The platform supports personal blog sites on servers running PHP and MySQL.WordPress plugin is an application plugin. A security vulnerability exists in...

WordPress Plugin 360 Javascript Viewer 安全漏洞

WordPress and WordPress plugin are both products of the WordPress Foundation.WordPress is a blogging platform developed using the PHP language. The platform supports setting up personal blog sites on servers with PHP and MySQL. WordPress plugin is an application plugin. A security vulnerability...

WordPress Plugin Advanced Classifieds & Directory Pro 安全漏洞

WordPress and WordPress plugin are both products of the WordPress Foundation.WordPress is a blogging platform developed using the PHP language. The platform supports personal blog sites on PHP and MySQL servers.WordPress plugin is an application plugin. A security vulnerability exists in WordPres...

SUSE CVE-2024-26675

In the Linux kernel, the following vulnerability has been resolved: pppasync: limit MRU to 64K syzbot triggered a warning 1 in allocpages: WARNONONCEGFPorder MAXPAGEORDER, gfp Willem fixed a similar issue in commit c0a2a1b0d631 "ppp: limit MRU to 64K" Adopt the same sanity check for...