2420 matches found
PT-2023-11871 · WordPress · 2J-Slideshow Plugin
Name of the Vulnerable Software and Affected Versions: 2J-SlideShow Plugin for WordPress versions up to, and including, 1.3.31 Description: The issue is related to authorization bypass due to a missing capability check on the twoj slideshow setup function. This function is called via the "wp ajax...
WordPress Plugin JobSearch WP Job Board 安全漏洞
WordPress and WordPress plugin are both products of the WordPress Foundation.WordPress is a blogging platform developed using the PHP language. The platform supports personal blog sites on PHP and MySQL servers.WordPress plugin is an application plugin. A security vulnerability exists in the...
WordPress Plugin uListing 安全漏洞
WordPress and WordPress plugin are both products of the WordPress Foundation.WordPress is a blogging platform developed using the PHP language. The platform supports personal blog sites on PHP and MySQL servers.WordPress plugin is an application plugin. A security vulnerability exists in WordPres...
PT-2023-22343 · Prestashop · Prestashop Jmspagebuilder
Name of the Vulnerable Software and Affected Versions: PrestaShop jmspagebuilder version 3.x Description: The issue is related to SQL Injection via the ajax jmspagebuilder.php file. Recommendations: For PrestaShop jmspagebuilder version 3.x, consider restricting access to the ajax...
[SECURITY] Fedora 37 Update: c-ares-1.19.1-1.fc37
c-ares is a C library that performs DNS requests and name resolves asynchronously. c-ares is a fork of the library named 'ares', written by Greg Hudson at MIT...
Fedora: Security Advisory for c-ares (FEDORA-2023-520848815b)
The remote host is missing an update for the SPDX-FileCopyrightText: 2023 Greenbone AG Some text descriptions might be excerpted from a referenced sources, and are Copyright C by the respective right holders. SPDX-License-Identifier: GPL-2.0-only ifdescription...
[SECURITY] Fedora 38 Update: c-ares-1.19.1-1.fc38
c-ares is a C library that performs DNS requests and name resolves asynchronously. c-ares is a fork of the library named 'ares', written by Greg Hudson at MIT...
CVE-2023-32067
c-ares is an asynchronous resolver library. c-ares is vulnerable to denial of service. If a target resolver sends a query, the attacker forges a malformed UDP packet with a length of 0 and returns them to the target resolver. The target resolver erroneously interprets the 0 length as a graceful...
CVE-2023-32067
c-ares is an asynchronous resolver library. c-ares is vulnerable to denial of service. If a target resolver sends a query, the attacker forges a malformed UDP packet with a length of 0 and returns them to the target resolver. The target resolver erroneously interprets the 0 length as a graceful...
CVE-2023-32067 0-byte UDP payload DoS in c-ares
c-ares is an asynchronous resolver library. c-ares is vulnerable to denial of service. If a target resolver sends a query, the attacker forges a malformed UDP packet with a length of 0 and returns them to the target resolver. The target resolver erroneously interprets the 0 length as a graceful...
CVE-2023-32067
c-ares is an asynchronous resolver library. c-ares is vulnerable to denial of service. If a target resolver sends a query, the attacker forges a malformed UDP packet with a length of 0 and returns them to the target resolver. The target resolver erroneously interprets the 0 length as a graceful...
CVE-2023-31124
c-ares is an asynchronous resolver library. When cross-compiling c-ares and using the autotools build system, CARESRANDOMFILE will not be set, as seen when cross compiling aarch64 android. This will downgrade to using rand as a fallback which could allow an attacker to take advantage of the lack ...
CVE-2023-31124
c-ares is an asynchronous resolver library. When cross-compiling c-ares and using the autotools build system, CARESRANDOMFILE will not be set, as seen when cross compiling aarch64 android. This will downgrade to using rand as a fallback which could allow an attacker to take advantage of the lack ...
UBUNTU-CVE-2023-31130
c-ares is an asynchronous resolver library. aresinetnetpton is vulnerable to a buffer underflow for certain ipv6 addresses, in particular "0::00:00:00/2" was found to cause an issue. C-ares only uses this function internally for configuration purposes which would require an administrator to...
Cross site scripting
c-ares is an asynchronous resolver library. When cross-compiling c-ares and using the autotools build system, CARESRANDOMFILE will not be set, as seen when cross compiling aarch64 android. This will downgrade to using rand as a fallback which could allow an attacker to take advantage of the lack ...
Design/Logic Flaw
c-ares is an asynchronous resolver library. When /dev/urandom or RtlGenRandom are unavailable, c-ares uses rand to generate random numbers used for DNS query ids. This is not a CSPRNG, and it is also not seeded by srand so will generate predictable output. Input from the random number generator i...
CVE-2023-31147
CVE-2023-31147 affects the c-ares library. When /dev/urandom or RtlGenRandom() are unavailable, c-ares used rand() to generate DNS query IDs, which is not a CSPRNG and was not seeded by srand(), leading to predictable values. The RNG input fed into a non-compliant RC4 implementation could weaken ...
CVE-2023-31130 Buffer Underwrite in ares_inet_net_pton()
c-ares is an asynchronous resolver library. aresinetnetpton is vulnerable to a buffer underflow for certain ipv6 addresses, in particular "0::00:00:00/2" was found to cause an issue. C-ares only uses this function internally for configuration purposes which would require an administrator to...
CVE-2023-31130
CVE-2023-31130 affects the c-ares asynchronous DNS library. The vulnerability is a buffer underflow/underwrite in ares_inet_net_pton() for IPv6 addresses such as 0::00:00:00/2. Affected versions are prior to the fix, with the issue addressed in c-ares 1.19.1. Multiple advisories reference upgrade...
CVE-2023-31124 AutoTools does not set CARES_RANDOM_FILE during cross compilation
c-ares is an asynchronous resolver library. When cross-compiling c-ares and using the autotools build system, CARESRANDOMFILE will not be set, as seen when cross compiling aarch64 android. This will downgrade to using rand as a fallback which could allow an attacker to take advantage of the lack ...