Medium: c-ares

Issue Overview: c-ares is a C library for asynchronous DNS requests. aresreadline is used to parse local configuration files such as /etc/resolv.conf, /etc/nsswitch.conf, the HOSTALIASES file, and if using a c-ares version prior to 1.27.0, the /etc/hosts file. If any of these configuration files...

tls: fix race between async notify and socket close

...

Cross site scripting

Deno is a JavaScript, TypeScript, and WebAssembly runtime. Starting in version 1.35.1 and prior to version 1.36.3, a vulnerability in Deno's Node.js compatibility runtime allows for cross-session data contamination during simultaneous asynchronous reads from Node.js streams sourced from sockets o...

PrestaShop Security Breach

PrestaShop is an open source e-commerce solution from PrestaShop, Inc. in the United States. The solution provides multiple payment methods, short message alerts, and product image scaling. PrestaShop quickproducttable 1.2.1 and earlier versions have a security vulnerability , the vulnerability...

CVE-2024-0385

The Categorify plugin for WordPress is vulnerable to unauthorized modification of data due to a missing capability check on the categorifyAjaxAddCategory function in all versions up to, and including, 1.0.7.4. This makes it possible for authenticated attackers, with subscriber-level access and...

CVE-2023-4729

The LadiApp plugin for WordPress is vulnerable to Cross-Site Request Forgery due to a missing nonce check on the publishlp function hooked via an AJAX action in versions up to, and including, 4.4. This makes it possible for unauthenticated attackers to change the LadiPage key a key fully controll...

PT-2024-13434 · WordPress · Ladiapp

Name of the Vulnerable Software and Affected Versions: LadiApp plugin for WordPress versions up to, and including, 4.4 Description: The issue arises from a missing capability check on the publish lp function, which is hooked via an AJAX action. This allows authenticated attackers with...

UBUNTU-CVE-2023-52498

In the Linux kernel, the following vulnerability has been resolved: PM: sleep: Fix possible deadlocks in core system-wide PM code It is reported that in low-memory situations the system-wide resume core code deadlocks, because asyncscheduledev executes its argument function synchronously if it...

[SECURITY] Fedora 40 Update: naga-3.0-26.20200930git6f1e95d.fc40

Naga aims to be a very small NIO library that provides a handful of java classes to wrap the usual Socket and ServerSocket with asynchronous NIO counterparts similar to NIO2 planned for Java 1.7. All of this is driven from a single thread, making it useful for both client e.g. allowing I/O to be...

SUSE CVE-2023-52508

In the Linux kernel, the following vulnerability has been resolved: nvme-fc: Prevent null pointer dereference in nvmefciogetuuid The nvmefcfcpop structure describing an AEN operation is initialized with a null request structure pointer. An FC LLDD may make a call to nvmefciogetuuid passing a...

PT-2024-28505 · Linux +4 · Linux Kernel +4

Name of the Vulnerable Software and Affected Versions: Linux kernel affected versions not specified Description: The issue is related to the Linux kernel, where the struct v4l2 async notifier has several list head members, but only waiting list and done list are initialized. The notifier entry is...

USN-6681-1: Linux kernel vulnerabilities

Wenqing Liu discovered that the f2fs file system implementation in the Linux kernel did not properly validate inode types while performing garbage collection. An attacker could use this to construct a malicious f2fs image that, when mounted and operated on, could cause a denial of service system...

CVE-2024-27935 Deno's Node.js Compatibility Runtime has Cross-Session Data Contamination

Deno is a JavaScript, TypeScript, and WebAssembly runtime. Starting in version 1.35.1 and prior to version 1.36.3, a vulnerability in Deno's Node.js compatibility runtime allows for cross-session data contamination during simultaneous asynchronous reads from Node.js streams sourced from sockets o...

CVE-2023-52600 jfs: fix uaf in jfs_evict_inode

In the Linux kernel, the following vulnerability has been resolved: jfs: fix uaf in jfsevictinode When the execution of diMountipimap fails, the object ipimap that has been released may be accessed in diFreeSpecial. Asynchronous ipimap release occurs when rcucore calls jfsfreenode. Therefore, whe...

Amazon Linux 2023 : libuv, libuv-devel, libuv-static (ALAS2023-2024-540)

It is, therefore, affected by a vulnerability as referenced in the ALAS2023-2024-540 advisory. libuv is a multi-platform support library with a focus on asynchronous I/O. The uvgetaddrinfo function in src/unix/getaddrinfo.c and its windows counterpart src/win/getaddrinfo.c, truncates hostnames to...

Debian dla-3752 : libuv1 - security update

The remote Debian 10 host has packages installed that are affected by a vulnerability as referenced in the dla-3752 advisory. - ------------------------------------------------------------------------- Debian LTS Advisory DLA-3752-1 [email protected] https://www.debian.org/lts/security/...

[SECURITY] [DLA 3752-1] libuv1 security update

------------------------------------------------------------------------- Debian LTS Advisory DLA-3752-1 [email protected] https://www.debian.org/lts/security/ Adrian Bunk March 05, 2024 https://wiki.debian.org/LTS -...

Deno's Node.js Compatibility Runtime has Cross-Session Data Contamination

Summary A vulnerability in Deno's Node.js compatibility runtime allows for cross-session data contamination during simultaneous asynchronous reads from Node.js streams sourced from sockets or files. The issue arises from the re-use of a global buffer BUF in streamwrap.ts used as a performance...

Amazon Linux 2 : libuv (ALAS-2024-2474)

The version of libuv installed on the remote host is prior to 1.39.0-1. It is, therefore, affected by a vulnerability as referenced in the ALAS2-2024-2474 advisory. libuv is a multi-platform support library with a focus on asynchronous I/O. The uvgetaddrinfo function in src/unix/getaddrinfo.c and...

USN-6653-4 linux-gke vulnerabilities

It was discovered that a race condition existed in the ATM Asynchronous Transfer Mode subsystem of the Linux kernel, leading to a use-after-free vulnerability. A local attacker could use this to cause a denial of service system crash or possibly execute arbitrary code. CVE-2023-51780 It was...