PT-2023-16292 · WordPress · Auto Featured Image

Name of the Vulnerable Software and Affected Versions: Auto Featured Image Auto Post Thumbnail WordPress plugin versions prior to 3.9.16 Description: The issue is caused by incorrect file extension validation, allowing any user with at least Author privileges to upload arbitrary files, such as PH...

[SECURITY] Fedora 36 Update: c-ares-1.19.0-1.fc36

c-ares is a C library that performs DNS requests and name resolves asynchronously. c-ares is a fork of the library named 'ares', written by Greg Hudson at MIT...

WordPress plugin NEX-Forms 安全漏洞

WordPress and WordPress plugin are both products of the WordPress Foundation.WordPress is a blogging platform developed using the PHP language. The platform supports setting up personal blog sites on servers with PHP and MySQL.WordPress plugin is an application plugin. A security vulnerability...

USN-5907-1: c-ares vulnerability

It was discovered that c-ares incorrectly handled certain sortlist strings. A remote attacker could use this issue to cause c-ares to crash, resulting in a denial of service, or possibly execute arbitrary code...

XWiki Platform 安全漏洞

XWiki Platform is a suite of wiki platforms for creating web collaboration applications from the French company XWiki. A security vulnerability exists in XWiki Platform, which stems from the fact that any user with commenting privileges can use an asynchronous macro that allows them to execute an...

Web applications and Project Loom

Introduction Project Loom aims to bring "easy-to-use, high-throughput, lightweight concurrency" to the JRE. One feature introduced by Project Loom is virtual threads. In this blog post, we'll be exploring what virtual threads mean for web applications using some simple web applications deployed o...

Fedora: Security Advisory for c-ares (FEDORA-2023-b121bd62a9)

The remote host is missing an update for the Copyright C 2023 Greenbone Networks GmbH Some text descriptions might be excerpted from a referenced sources, and are Copyright C by the respective right holders. SPDX-License-Identifier: GPL-2.0-or-later This program is free software; you can...

[SECURITY] Fedora 37 Update: c-ares-1.19.0-1.fc37

c-ares is a C library that performs DNS requests and name resolves asynchronously. c-ares is a fork of the library named 'ares', written by Greg Hudson at MIT...

K24465120: iControl REST vulnerability CVE-2017-6167

Security Advisory Description Race conditions in iControl REST may lead to commands executed with different privilege levels than expected. CVE-2017-6167 Impact Sending asynchronous tasks using the iControl REST API may be processed as the wrong user and result in an error. Security Advisory Stat...

K02912734: Intel CPU vulnerability CVE-2019-11135

Security Advisory Description TSX Asynchronous Abort condition on some CPUs utilizing speculative execution may allow an authenticated user to potentially enable information disclosure via a side channel with local access. CVE-2019-11135 Impact There is no impact; F5 products are not affected by...

WordPress Plugin Intuitive Custom Post Order 安全漏洞

WordPress and WordPress plugin are both products of the WordPress Foundation.WordPress is a blogging platform developed using the PHP language. The platform supports personal blog sites on PHP and MySQL servers.WordPress plugin is an application plugin. A security vulnerability exists in WordPres...

SUSE CVE-2007-0046

Double free vulnerability in the Adobe Acrobat Reader Plugin before 8.0.0, as used in Mozilla Firefox 1.5.0.7, allows remote attackers to execute arbitrary code by causing an error via a javascript: URI call to document.write in the 1 FDF, 2 XML, or 3 XFDF AJAX request parameters...

SUSE CVE-2009-4141

Use-after-free vulnerability in the fasynchelper function in fs/fcntl.c in the Linux kernel before 2.6.33-rc4-git1 allows local users to gain privileges via vectors that include enabling OASYNC aka FASYNC or FIOASYNC on a locked file, and then closing this file...

SUSE CVE-2011-0447

Ruby on Rails 2.1.x, 2.2.x, and 2.3.x before 2.3.11, and 3.x before 3.0.4, does not properly validate HTTP requests that contain an X-Requested-With header, which makes it easier for remote attackers to conduct cross-site request forgery CSRF attacks via forged 1 AJAX or 2 API requests that...

SUSE CVE-2012-0058

The kiocbbatchfree function in fs/aio.c in the Linux kernel before 3.2.2 allows local users to cause a denial of service OOPS via vectors that trigger incorrect iocb management...

SUSE CVE-2014-8172

The filesystem implementation in the Linux kernel before 3.13 performs certain operations on lists of files with an inappropriate locking approach, which allows local users to cause a denial of service soft lockup or system crash via unspecified use of Asynchronous I/O AIO operations...

SUSE CVE-2016-9815

Xen through 4.7.x allows local ARM guest OS users to cause a denial of service host panic by sending an asynchronous abort...

SUSE CVE-2016-9818

Xen through 4.7.x allows local ARM guest OS users to cause a denial of service host crash via vectors involving an asynchronous abort while at HYP...

SUSE CVE-2018-6097

Incorrect handling of asynchronous methods in Fullscreen in Google Chrome on macOS prior to 66.0.3359.117 allowed a remote attacker to enter full screen without showing a warning via a crafted HTML page...

SUSE CVE-2019-11135

TSX Asynchronous Abort condition on some CPUs utilizing speculative execution may allow an authenticated user to potentially enable information disclosure via a side channel with local access...