CVE-2020-12077

The mappress-google-maps-for-wordpress plugin before 2.53.9 for WordPress does not correctly implement AJAX functions with nonces or capability checks, leading to remote code execution...

CVE-2020-12076

The data-tables-generator-by-supsystic plugin before 1.9.92 for WordPress lacks CSRF nonce checks for AJAX actions. One consequence of this is stored XSS...

WordPress Permission Check Bypass Vulnerability

WordPress is a blogging platform developed by the WordPress Foundation using the PHP language. The platform supports personal blog sites on PHP and MySQL servers. data-tables-generator-by-supsystic is a data table generator plugin used in it. A security vulnerability exists in the WordPress...

Security Bulletin: IBM QRadar SIEM is vulnerable to side channel attack with Intel CPUs (CVE-2019-11135)

Summary IBM QRadar SIEM when using Intel CPUs could allow a local authenticated attacker to obtain sensitive information Vulnerability Details CVEID: CVE-2019-11135 DESCRIPTION: Multiple Intel CPUs could allow a local authenticated attacker to obtain sensitive information, caused by a TSX...

Kernel: KVM: export MSR_IA32_TSX_CTRL to guest - incomplete fix for TAA (CVE-2019-11135)

A flaw was found in the fix for CVE-2019-11135, the way Intel CPUs handle speculative execution of instructions when a TSX Asynchronous Abort TAA error occurs. When a guest is running on a host CPU affected by the TAA flaw TAANO=0, but is not affected by the MDS issue MDSNO=1, the guest was to...

Important: Red Hat Security Advisory: Red Hat AMQ Broker 7.4.3 release and security update

Red Hat AMQ Broker 7.4.3 is now available from the Red Hat Customer Portal. Red Hat Product Security has rated this update as having a security impact of Important. A Common Vulnerability Scoring System CVSS base score, which gives a detailed severity rating, is available for each vulnerability...

Information Disclosure

kernel is vulnerable to information disclosure. A missing upper bound integer check was found in the sysiosubmit function in the Linux kernel asynchronous I/O implementation. A local, unprivileged user could use this flaw to cause an information leak...

Denial Of Service (DoS)

The kernel-rt package is vulnerable to denial of service DoS. A deficiency in the fasynchelper implementation allows a local, unprivileged user to leverage a use-after-free of locked, asynchronous file descriptors to cause a denial of service or privilege escalation...

Use-after-Free

The kernel package is vulnerable to Use-after-Free. A deficiency in the fasynchelper implementation allows a local, unprivileged user to leverage a use-after-free of locked, asynchronous file descriptors to cause a denial of service or privilege escalation...

CVE-2020-11512

Stored XSS in the IMPress for IDX Broker WordPress plugin before 2.6.2 allows authenticated attackers with minimal subscriber-level permissions to save arbitrary JavaScript in the plugin's settings panel via the idxupdaterecaptchakey AJAX action and a crafted idxrecaptchasitekey parameter, which...

pornl.com Cross Site Scripting vulnerability

Open Bug Bounty ID: OBB-1133996 Security Researcher Hchabik Helped patch 2358 vulnerabilities Received 5 Coordinated Disclosure badges Received 2 recommendations , a holder of 5 badges for responsible and coordinated disclosure, found a security vulnerability affecting pornl.com website and its...

Huawei EulerOS: Security Advisory for kernel (EulerOS-SA-2020-1342)

The remote host is missing an update for the Huawei EulerOS SPDX-FileCopyrightText: 2020 Greenbone AG Some text descriptions might be excerpted from a referenced sources, and are Copyright C by the respective right holders. SPDX-License-Identifier: GPL-2.0-only ifdescription...

CVE-2020-1712

A heap use-after-free vulnerability was found in systemd before version v245-rc1, where asynchronous Polkit queries are performed while handling dbus messages. A local unprivileged attacker can abuse this flaw to crash systemd services or potentially execute code and elevate their privileges, by...

js-jquery: XSS in responses from cross-origin ajax requests

REJECTED CVE This CVE has been rejected. This candidate is a duplicate of CVE-2015-9251. Note: All CVE users should reference CVE-2015-9251 instead of this candidate...

NewStart CGSL MAIN 4.05 : kernel Multiple Vulnerabilities (NS-SA-2020-0021)

The remote NewStart CGSL host, running version MAIN 4.05, has kernel packages installed that are affected by multiple vulnerabilities: - The Salsa20 encryption algorithm in the Linux kernel before 4.14.8 does not correctly handle zero-length inputs, allowing a local attacker able to use the...

Intel SGX and Processor Side Channel Data Leakage Vulnerabilities - Lenovo Support US

No description provided...

Moderate: Red Hat Security Advisory: qemu-kvm security and enhancement update

An update for qemu-kvm is now available for Red Hat Enterprise Linux 7.6 Extended Update Support. Red Hat Product Security has rated this update as having a security impact of Moderate. A Common Vulnerability Scoring System CVSS base score, which gives a detailed severity rating, is available for...

hw: TSX Transaction Asynchronous Abort (TAA)

A flaw was found in the way Intel CPUs handle speculative execution of instructions when the TSX Asynchronous Abort TAA error occurs. A local authenticated attacker with the ability to monitor execution times could infer the TSX memory state by comparing abort execution times. This could allow...

VulnCheck KEV: CVE-2020-9459

Multiple Stored Cross-site scripting XSS vulnerabilities in the Webnus Modern Events Calendar Lite plugin through 5.1.6 for WordPress allows remote authenticated users with minimal permissions to inject arbitrary JavaScript, HTML, or CSS via Ajax actions. This affects mecsavenotifications...

Arbitrary Code Execution

systemd is vulnerable to arbitrary code execution. A use-after-free occurs when asynchronous polkit queries are performed...