EulerOS 2.0 SP9 : c-ares (EulerOS-SA-2023-2575)

According to the versions of the c-ares package installed, the EulerOS installation on the remote host is affected by the following vulnerabilities : - c-ares is an asynchronous resolver library. When cross-compiling c-ares and using the autotools build system, CARESRANDOMFILE will not be set, as...

EulerOS 2.0 SP9 : c-ares (EulerOS-SA-2023-2605)

According to the versions of the c-ares package installed, the EulerOS installation on the remote host is affected by the following vulnerabilities : - c-ares is an asynchronous resolver library. When cross-compiling c-ares and using the autotools build system, CARESRANDOMFILE will not be set, as...

Prestashop SQL Injection Vulnerability

PrestaShop is an open source e-commerce solution from PrestaShop, Inc. in the United States. The solution provides a variety of payment methods, short message alerts and product image scaling and other features. A security vulnerability exists in Prestashop aioptimizedcombinations versions prior ...

Huawei EulerOS: Security Advisory for c-ares (EulerOS-SA-2023-2536)

The remote host is missing an update for the Huawei EulerOS SPDX-FileCopyrightText: 2023 Greenbone AG Some text descriptions might be excerpted from a referenced sources, and are Copyright C by the respective right holders. SPDX-License-Identifier: GPL-2.0-only ifdescription...

MTE As Implemented, Part 2: Mitigation Case Studies

By Mark Brand, Project Zero Background In 2018, in the v8.5a version of the ARM architecture, ARM proposed a hardware implementation of tagged memory, referred to as MTE Memory Tagging Extensions. In Part 1 we discussed testing the technical and implementation limitations of MTE on the hardware...

Armeria 安全漏洞

Armeria is an open source library for building asynchronous microservers that use HTTP/2 as the session layer protocol. A security vulnerability exists in versions of Armeria prior to 1.24.3, which stems from a vulnerability that allows the use of JettyService paths containing matrix variables to...

Oracle Linux 8 : nodejs:16 (ELSA-2023-4034)

The remote Oracle Linux 8 host has packages installed that are affected by multiple vulnerabilities as referenced in the ELSA-2023-4034 advisory. nodejs 1:16.19.1-2 - Update bundled c-ares to 1.19.1 Resolves: CVE-2023-31124 CVE-2023-31130 CVE-2023-31147 CVE-2023-32067 Tenable has extracted the...

Oracle Linux 8 : nodejs:18 (ELSA-2023-4035)

The remote Oracle Linux 8 host has packages installed that are affected by multiple vulnerabilities as referenced in the ELSA-2023-4035 advisory. nodejs 1:18.14.2-3 - Update bundled c-ares to 1.19.1 Resolves: CVE-2022-4904 Resolves: CVE-2023-31124 CVE-2023-31130 CVE-2023-31147 CVE-2023-32067...

EulerOS 2.0 SP10 : c-ares (EulerOS-SA-2023-2374)

According to the versions of the c-ares package installed, the EulerOS installation on the remote host is affected by the following vulnerabilities : - c-ares is an asynchronous resolver library. c-ares is vulnerable to denial of service. If a target resolver sends a query, the attacker forges a...

CentOS 8 : nodejs:18 (CESA-2023:4035)

The remote CentOS Linux 8 host has packages installed that are affected by multiple vulnerabilities as referenced in the CESA-2023:4035 advisory. - A flaw was found in the c-ares package. The aressetsortlist is missing checks about the validity of the input string, which allows a possible arbitra...

BugChecker - SoftICE-like Kernel Debugger For Windows 11

Introduction BugChecker is a SoftICE-like kernel and user debugger for Windows 11 and Windows XP as well: it supports Windows versions from XP to 11, both x86 and x64. BugChecker doesn't require a second machine to be connected to the system being debugged, like in the case of WinDbg and KD. This...

WordPress Plugin Event Espresso 4 Decaf 跨站请求伪造漏洞

WordPress and WordPress plugin are both products of the WordPress Foundation.WordPress is a blogging platform developed using the PHP language. The platform supports personal blog sites on servers with PHP and MySQL.WordPress plugin is an application plugin. A cross-site request forgery...

PT-2023-20579 · WordPress · Kivicare

Name of the Vulnerable Software and Affected Versions: KiviCare WordPress plugin versions prior to 3.2.1 Description: The issue concerns improper CSRF and authorization checks in various AJAX actions within the KiviCare WordPress plugin. This allows any authenticated user, including those with...

Debian: Security Advisory (DLA-3471-1)

The remote host is missing an update for the Debian SPDX-FileCopyrightText: 2023 Greenbone AG Some text descriptions might be excerpted from a referenced sources, and are Copyright C by the respective right holders. SPDX-License-Identifier: GPL-2.0-only ifdescription...

Debian dla-3471 : libc-ares-dev - security update

The remote Debian 10 host has packages installed that are affected by multiple vulnerabilities as referenced in the dla-3471 advisory. - ------------------------------------------------------------------------- Debian LTS Advisory DLA-3471-1 [email protected]...

[SECURITY] [DLA 3471-1] c-ares security update

------------------------------------------------------------------------- Debian LTS Advisory DLA-3471-1 [email protected] https://www.debian.org/lts/security/ Anton Gladky June 26, 2023 https://wiki.debian.org/LTS -...

Rocky Linux 9 : nodejs:18 (RLSA-2023:3577)

The remote Rocky Linux 9 host has packages installed that are affected by multiple vulnerabilities as referenced in the RLSA-2023:3577 advisory. - c-ares is an asynchronous resolver library. When cross-compiling c-ares and using the autotools build system, CARESRANDOMFILE will not be set, as seen...

RLSA-2023:3584 Important: c-ares security update

The c-ares C library defines asynchronous DNS Domain Name System requests and provides name resolving API. Security Fixes: c-ares: 0-byte UDP payload Denial of Service CVE-2023-32067 For more details about the security issues, including the impact, a CVSS score, acknowledgments, and other related...

Oracle Linux 7 : c-ares (ELSA-2023-3741)

The remote Oracle Linux 7 host has packages installed that are affected by a vulnerability as referenced in the ELSA-2023-3741 advisory. 1.10.0-3.1 - Resolves: rhbz2209503 - CVE-2023-32067 c-ares: 0-byte UDP payload Denial of Service rhel-7.9.z Tenable has extracted the preceding description bloc...

Important: Red Hat Security Advisory: c-ares security update

An update for c-ares is now available for Red Hat Enterprise Linux 8.4 Advanced Mission Critical Update Support, Red Hat Enterprise Linux 8.4 Telecommunications Update Service, and Red Hat Enterprise Linux 8.4 Update Services for SAP Solutions. Red Hat Product Security has rated this update as...