Advisory ROSA-SA-2023-2284

software: c-ares 1.18.1 OS: ROSA-CHROME packageevrstring: c-ares-1.18.1-2.src.rpm CVE-ID: CVE-2022-4904 BDU-ID: 2023-01258 CVE-Crit: HIGH CVE-DESC.: A vulnerability in the aressetsortlist function of the c-ares asynchronous DNS query library is related to a lack of input string validation, allowi...

Huawei EulerOS: Security Advisory for c-ares (EulerOS-SA-2023-3049)

The remote host is missing an update for the Huawei EulerOS SPDX-FileCopyrightText: 2023 Greenbone AG Some text descriptions might be excerpted from a referenced sources, and are Copyright C by the respective right holders. SPDX-License-Identifier: GPL-2.0-only ifdescription...

PT-2023-30746 · WordPress · Wp Meta/Date Remover

Name of the Vulnerable Software and Affected Versions: WP Meta and Date Remover WordPress plugin versions prior to 2.2.0 Description: The issue concerns an AJAX endpoint for configuring plugin settings that lacks capability checks and fails to sanitize user input. This input is later output...

VulnCheck KEV: CVE-2023-5559

The 10Web Booster WordPress plugin before 2.24.18 does not validate the option name given to some AJAX actions, allowing unauthenticated users to delete arbitrary options from the database, leading to denial of service...

WordPress plugin Post Meta Data Manager security vulnerability

WordPress and WordPress plugin are both products of the WordPress Foundation.WordPress is a blogging platform developed using the PHP language. The platform supports personal blog sites on PHP and MySQL servers.WordPress plugin is an application plugin. A security vulnerability exists in the...

CVE-2023-46137

Twisted is an event-based framework for internet applications. Prior to version 23.10.0rc1, when sending multiple HTTP requests in one TCP packet, twisted.web will process the requests asynchronously without guaranteeing the response order. If one of the endpoints is controlled by an attacker, th...

HTTP Request Smuggling

twisted is vulnerable to HTTP Request Smuggling. The vulnerability exists because it processes requests in an asynchronous manner without ensuring the sequence of the responses, allowing an attacker to smuggle HTTP requests...

twisted.web has disordered HTTP pipeline response

Twisted is an event-based framework for internet applications. Prior to version 23.10.0rc1, when sending multiple HTTP requests in one TCP packet, twisted.web will process the requests asynchronously without guaranteeing the response order. If one of the endpoints is controlled by an attacker, th...

Design/Logic Flaw

Twisted is an event-based framework for internet applications. Prior to version 23.10.0rc1, when sending multiple HTTP requests in one TCP packet, twisted.web will process the requests asynchronously without guaranteeing the response order. If one of the endpoints is controlled by an attacker, th...

CVE-2023-46137

Twisted is an event-based framework for internet applications. Prior to version 23.10.0rc1, when sending multiple HTTP requests in one TCP packet, twisted.web will process the requests asynchronously without guaranteeing the response order. If one of the endpoints is controlled by an attacker, th...

CVE-2023-46137 twisted.web has disordered HTTP pipeline response

Twisted is an event-based framework for internet applications. Prior to version 23.10.0rc1, when sending multiple HTTP requests in one TCP packet, twisted.web will process the requests asynchronously without guaranteeing the response order. If one of the endpoints is controlled by an attacker, th...

[SECURITY] Fedora 38 Update: fbthrift-2023.10.16.00-1.fc38

Thrift is a serialization and RPC framework for service communication. Thrift enables these features in all major languages, and there is strong support for C++, Python, Hack, and Java. Most services at Facebook are written using Thri ft for RPC, and some storage systems use Thrift for serializin...

[SECURITY] Fedora 37 Update: fbthrift-2023.10.16.00-1.fc37

Thrift is a serialization and RPC framework for service communication. Thrift enables these features in all major languages, and there is strong support for C++, Python, Hack, and Java. Most services at Facebook are written using Thri ft for RPC, and some storage systems use Thrift for serializin...

[SECURITY] Fedora 37 Update: python-asgiref-3.5.2-1.fc37

ASGI is a standard for Python asynchronous web apps and servers to communicate with each other, and positioned as an asynchronous successor to WSGI. This package includes ASGI base libraries, such as: Sync-to-async and async-to-sync function wrappers, asgiref.sync Server base classes,...

CVE-2023-5533

The AI ChatBot plugin for WordPress is vulnerable to unauthorized use of AJAX actions due to missing capability checks on the corresponding functions in versions up to, and including, 4.8.9 as well as 4.9.2. This makes it possible for unauthenticated attackers to perform some of those actions tha...

CVE-2023-5602

The Social Media Share Buttons & Social Sharing Icons plugin for WordPress is vulnerable to Cross-Site Request Forgery in all versions up to, and including, 2.8.5. This is due to missing or incorrect nonce validation on several functions corresponding to AJAX actions. This makes it possible for...

CVE-2020-36714

The Brizy plugin for WordPress is vulnerable to authorization bypass due to a incorrect capability check on the isadministrator function in versions up to, and including, 1.0.125. This makes it possible for authenticated attackers to access and interact with available AJAX functions...

PT-2023-11856 · WordPress · Brizy

Name of the Vulnerable Software and Affected Versions: Brizy plugin for WordPress versions up to, and including, 1.0.125 Description: The issue is related to an incorrect capability check on the is administrator function, which allows authenticated attackers to bypass authorization and access...

WordPress Plugin WooCommerce EAN Payment Gateway Security Vulnerability

WordPress and WordPress plugin are both products of the WordPress Foundation.WordPress is a blogging platform developed using the PHP language. The platform supports personal blog sites on PHP and MySQL servers.WordPress plugin is an application plugin. A security vulnerability exists in WordPres...

WordPress Plugin Fancy Product Designer Security Vulnerability

WordPress and WordPress plugin are both products of the WordPress Foundation.WordPress is a blogging platform developed using the PHP language. WordPress is a blogging platform developed in the PHP language that supports personal blogs on PHP and MySQL servers.WordPress plugin is an application...