CVE-2021-41220

TensorFlow is an open source platform for machine learning. In affected versions the async implementation of CollectiveReduceV2 suffers from a memory leak and a use after free. This occurs due to the asynchronous computation and the fact that objects that have been std::moved from are still...

Google TensorFlow 资源管理错误漏洞

Google TensorFlow is an end-to-end open source platform for machine learning from Google, Inc. A resource management error vulnerability exists in Google TensorFlow due to a memory leak and post-release usage issue in the asynchronous implementation of CollectiveReduceV2. This occurs due to...

CVE-2021-39333

The Hashthemes Demo Importer Plugin = 1.1.1 for WordPress contained several AJAX functions which relied on a nonce which was visible to all logged-in users for access control, allowing them to execute a function that truncated nearly all database tables and removed the contents of...

WordPress 访问控制错误漏洞

WordPress is a set of blogging platforms developed using the PHP language by the WordPress Wordpress Foundation. The platform supports setting up personal blog sites on servers with PHP and MySQL. An access control error vulnerability exists in WordPress Plugins, which stems from The Stylish Pric...

Modern-Async 资源管理错误漏洞

Modern-Async is a modern JavaScript tool library for asynchronous operations using Async/Await and Promise. A resource management error vulnerability exists in modern-async that arises from improper design or implementation during code development for a networked system or product...

PT-2021-22526 · Accesspress · Accesspress-Parallax +6

Name of the Vulnerable Software and Affected Versions: AccessPress Demo Importer versions 1.0.6 and earlier accesspress-basic versions 3.2.1 and earlier accesspress-lite versions 2.92 and earlier accesspress-mag versions 2.6.5 and earlier accesspress-parallax version 4.5 accesspress-root version...

WordPress 代码问题漏洞

WordPress is a blogging platform developed by the WordPress Wordpress Foundation using the PHP language. The platform supports personal blog sites on PHP and MySQL servers. uninstall is one of the plugins used to completely uninstall WordPress. WordPress Plugin A code issue exists due to a missin...

WordPress 插件 SQL注入漏洞

WordPress is the Wordpress Foundation's suite of blogging platforms developed using the PHP language. The platform supports setting up personal blog sites on PHP and MySQL servers. SQL injection vulnerability exists in versions prior to WordPress Poll Maker plugin 3.4.2, which stems from the plug...

Fedora: Security Advisory for python-pycares (FEDORA-2021-a48cf28c13)

The remote host is missing an update for the Copyright C 2021 Greenbone Networks GmbH Some text descriptions might be excerpted from a referenced sources, and are Copyright C by the respective right holders. SPDX-License-Identifier: GPL-2.0-or-later This program is free software; you can...

Moderate: Red Hat Security Advisory: Red Hat AMQ Broker 7.9.0 release and security update

Red Hat AMQ Broker 7.9.0 is now available from the Red Hat Customer Portal. Red Hat Product Security has rated this update as having a security impact of Moderate. A Common Vulnerability Scoring System CVSS base score, which gives a detailed severity rating, is available for each vulnerability fr...

PT-2021-22549 · WordPress · Credova Financial

Name of the Vulnerable Software and Affected Versions: Credova Financial WordPress plugin versions up to, and including, 1.4.8 Description: The Credova Financial WordPress plugin discloses a site's associated Credova API account username and password in plaintext via an AJAX action whenever a sit...

CVE-2021-24652

The PostX – Gutenberg Blocks for Post Grid WordPress plugin before 2.4.10 performs incorrect checks before allowing any logged in user to perform some ajax based requests, allowing any user to modify, delete or add ultpoptions values...

[SECURITY] Fedora 35 Update: python-pycares-4.0.0-5.fc35

pycares is a Python module which provides an interface to c-ares. c-ares is a C library that performs DNS requests and name resolutions asynchronously...

WordPress plugin OMGF 访问控制错误漏洞

WordPress is the Wordpress Foundation's set of blogging platform developed using the PHP language . The platform supports setting up personal blog sites on servers with PHP and MySQL.WordPress Plugin is an open source application plugin for WordPress. A security vulnerability exists in the OMGF...

PT-2021-22031

Name of the Vulnerable Software and Affected Versions Gutenberg Template Library & Redux Framework plugin versions prior to 4.2.11 Description The Gutenberg Template Library & Redux Framework plugin registered several AJAX actions available to unauthenticated users in the includes function in...

[SECURITY] Fedora 33 Update: c-ares-1.17.2-1.fc33

c-ares is a C library that performs DNS requests and name resolves asynchronously. c-ares is a fork of the library named 'ares', written by Greg Hudson at MIT...

The vulnerabilities of the implementations of functions based on the AJAX technology, such as motor_load_more(), motor_gallery_load_more(), motor_quick_view(), and motor_project_quick_view(), in the “Motor – Cars, Parts, Service, Equipments and Accessories” theme. This theme is part of the WooCommerce store and uses the WordPress content management system. These vulnerabilities allow an attacker to execute arbitrary PHP code or gain unauthorized access to protected information.

The vulnerability of implementations based on the AJAX technology—motorloadmore, motorgalleryloadmore, motorquickview, and motorprojectquickview—in the “Motor: Cars, Parts, Service, Equipment, and Accessories” theme. This vulnerability is related to shortcomings in path name restrictions for the...

The vulnerability of the commercial vBulletin web forum exists due to the lack of measures to neutralize special elements, allowing attackers to execute arbitrary commands.

The vulnerability of the commercial forum engine vBulletin exists due to the failure to address the issue of eliminating specific elements. Exploiting this vulnerability allows a malicious actor to execute arbitrary commands using the ajax/render/widgettabbedcontainertabpanel request...

Wordpress Plugin Email Subscriber 跨站脚本漏洞

WordPress is the Wordpress Foundation's set of blogging platform developed using the PHP language . The platform supports setting up personal blog sites on PHP and MySQL servers.WordPress plugin is an open source application plugin for WordPress. A cross-site scripting vulnerability exists in...

[SECURITY] Fedora 34 Update: rust-asyncgit-0.16.3-3.fc34

Allow using git2 in a asynchronous context...