PYSEC-2021-50

An issue was discovered in through SaltStack Salt before 3002.5. salt-api does not honor eauth credentials for the wheelasync client. Thus, an attacker can remotely run any wheel modules on the master...

Fedora: Security Advisory for mingw-c-ares (FEDORA-2021-ee913722db)

The remote host is missing an update for the Copyright C 2021 Greenbone Networks GmbH Some text descriptions might be excerpted from a referenced sources, and are Copyright C by the respective right holders. SPDX-License-Identifier: GPL-2.0-or-later This program is free software; you can...

[SECURITY] Fedora 32 Update: mingw-c-ares-1.17.1-1.fc32

c-ares is a C library that performs DNS requests and name resolves asynchronously. c-ares is a fork of the library named 'ares', written by Greg Hudson at MIT...

[SECURITY] Fedora 33 Update: mingw-c-ares-1.17.1-1.fc33

c-ares is a C library that performs DNS requests and name resolves asynchronously. c-ares is a fork of the library named 'ares', written by Greg Hudson at MIT...

Blackcat Cms 跨站脚本漏洞

BlackCat CMS is a PHP5, HTML5 content management system. A stored cross-site scripting vulnerability exists in BlackCat CMS 1.3.6. The vulnerability can be exploited to conduct a cross-site scripting attack via the Display Name field in backend/preferences/ajaxsave.php...

Edge Redirector Cloudlet Gets Faster

Written by Maksym Novoseltsev - Senior Software Engineer, and Jeffrey Costa - Senior Product Manager, Web Performance Cloudlets Policy Manager often takes a long time to load, which is a by-product of its original design where every policy activation is an individual file. These files must be...

Fedora: Security Advisory for zeromq (FEDORA-2021-8b3202b783)

The remote host is missing an update for the SPDX-FileCopyrightText: 2021 Greenbone AG Some text descriptions might be excerpted from a referenced sources, and are Copyright C by the respective right holders. SPDX-License-Identifier: GPL-2.0-only ifdescription...

CVE-2021-21293

CVE-2021-21293 concerns blaze-core prior to 0.14.15, where unbounded acceptance of new connections on a dedicated thread pool can exhaust file handles and degrade services. Affected component is blaze-core (used by http4s-blaze-server) with unbounded queues after accept. The fix in 0.14.15 adds a...

CentOS 8 : systemd (CESA-2020:0575)

The remote CentOS Linux 8 host has packages installed that are affected by a vulnerability as referenced in the CESA-2020:0575 advisory. - systemd: use-after-free when asynchronous polkit queries are performed CVE-2020-1712 Note that Nessus has not tested for this issue but has instead relied onl...

Qualcomm Dsp Service Resource Management Error Vulnerability

Qualcomm Dsp Service is a digital signal processor from Qualcomm Incorporated that meets the needs of mobile platforms for multimedia and modem functionality, deep embedded processing. A security vulnerability exists in Qualcomm Dsp Service that arises from the fastrpc ctx being free during an...

CentOS 8 : virt:rhel (CESA-2020:0279)

The remote CentOS Linux 8 host has packages installed that are affected by a vulnerability as referenced in the CESA-2020:0279 advisory. - hw: TSX Transaction Asynchronous Abort TAA CVE-2019-11135 Note that Nessus has not tested for this issue but has instead relied only on the application's...

KLog Command Injection Vulnerability

KLog is ZhaoKaiQiang KLog individual developers of a logging tool for Android development . The tool's main functions are to print line numbers, function calls, Json parsing, XML parsing, click to jump, Log information saved and other functions. A command injection vulnerability exists in KLog...

Elasticsearch Information Disclosure Vulnerability (CNVD-2021-03548)

Elasticsearch is a search engine based on the Lucene library. An information disclosure vulnerability exists in the asynchronous search API in Elasticsearch 7.7.0 - 7.10.1. The vulnerability stems from the fact that users performing asynchronous searches will incorrectly store HTTP headers. An...

Elastic 资源管理错误漏洞

Elasticsearch is a search engine based on the Lucene library. An information disclosure vulnerability exists in the asynchronous search API in Elasticsearch 7.7.0 - 7.10.1. The vulnerability stems from the fact that users performing asynchronous searches will incorrectly store HTTP headers. An...

CVE-2021-23928

OX App Suite through 7.10.3 allows XSS via the ajax/apps/manifests query string...

Pidrila - Python Interactive Deepweb-oriented Rapid Intelligent Link Analyzer

PIDRILA : P ython I nteractive D eepweb-oriented R apid I ntelligent L ink A nalyzer is really fast async web path scanner prototype developed by BrightSearch team for all ethical netstalkers. Installation & Usage git clone https://github.com/enemy-submarine/pidrila.git cd pidrila python3...

WordPress Newsletter plugin cross-site scripting vulnerability

WordPress is a set of blogging platforms developed using the PHP language by the WordPress Wordpress Foundation. The platform supports setting up personal blog sites on servers with PHP and MySQL. A cross-site scripting vulnerability in WordPress Newsletter plugin versions prior to 6.8.2 allows...

CVE-2020-35933

A Reflected Authenticated Cross-Site Scripting XSS vulnerability in the Newsletter plugin before 6.8.2 for WordPress allows remote attackers to trick a victim into submitting a tnpcrender AJAX request containing either JavaScript in an options parameter, or a base64-encoded JSON string containing...

UBUNTU-CVE-2020-11947

iscsiaioioctlcb in block/iscsi.c in QEMU 4.1.0 has a heap-based buffer over-read that may disclose unrelated information from process memory to an attacker...

WordPress 授权问题漏洞

WordPress is a set of blogging platforms developed using the PHP language by the WordPress Wordpress Foundation. The platform supports setting up personal blog sites on servers with PHP and MySQL. A security vulnerability exists in WordPress PageLayer plugin versions prior to 1.1.2 that stems fro...