PT-2024-16648 · WordPress · Change Memory Limit

Name of the Vulnerable Software and Affected Versions: Change Memory Limit plugin for WordPress versions up to, and including, 1.0 Description: The issue is related to unauthorized modification of data due to a missing capability check on the admin logic function hooked via admin init. This allow...

WordPress Plugin Change Memory Limit Security Vulnerability

WordPress and WordPress plugin are both products of the WordPress Foundation.WordPress is a blogging platform developed using the PHP language. WordPress is a blogging platform developed in the PHP language that supports personal blogs on PHP and MySQL servers.WordPress plugin is an application...

Change Memory Limit <= 1.0 - Missing Authorization via admin_logic()

Description The Change Memory Limit plugin for WordPress is vulnerable to unauthorized modification of data due to a missing capability check on the adminlogic function hooked via admininit in all versions up to, and including, 1.0. This makes it possible for unauthenticated attackers to update t...

EulerOS 2.0 SP10 : bind (EulerOS-SA-2023-2802)

According to the versions of the bind packages installed, the EulerOS installation on the remote host is affected by the following vulnerabilities : - Every named instance configured to run as a recursive resolver maintains a cache database holding the responses to the queries it has recently sen...

EulerOS 2.0 SP10 : dhcp (EulerOS-SA-2023-3204)

According to the versions of the dhcp package installed, the EulerOS installation on the remote host is affected by the following vulnerabilities : - Every named instance configured to run as a recursive resolver maintains a cache database holding the responses to the queries it has recently sent...

golang: regexp/syntax: limit memory used by parsing regexps

A flaw was found in the golang package, where programs that compile regular expressions from untrusted sources are vulnerable to memory exhaustion or a denial of service. The parsed regexp representation is linear in the input size. Still, in some cases, the constant factor can be as high as...

Huawei EulerOS: Security Advisory for bind (EulerOS-SA-2023-3113)

The remote host is missing an update for the Huawei EulerOS SPDX-FileCopyrightText: 2023 Greenbone AG Some text descriptions might be excerpted from a referenced sources, and are Copyright C by the respective right holders. SPDX-License-Identifier: GPL-2.0-only ifdescription...

Rocky Linux 8 : php:7.3 (RLSA-2020:3662)

The remote Rocky Linux 8 host has packages installed that are affected by multiple vulnerabilities as referenced in the RLSA-2020:3662 advisory. - Function iconvmimedecodeheaders in PHP versions 7.1.x below 7.1.30, 7.2.x below 7.2.19 and 7.3.x below 7.3.6 may perform out-of-buffer read due to...

CVE-2023-4668

The Ad Inserter for WordPress is vulnerable to Sensitive Information Exposure in versions up to, and including, 2.7.30 via the ai-debug-processing-fe URL parameter. This can allow unauthenticated attackers to extract sensitive data including installed plugins present and active, active theme,...

Design/Logic Flaw

When curl retrieves an HTTP response, it stores the incoming headers so that they can be accessed later via the libcurl headers API. However, curl did not have a limit in how many or how large headers it would accept in a response, allowing a malicious server to stream an endless series of header...

CURL-CVE-2023-38039 HTTP headers eat all memory

When curl retrieves an HTTP response, it stores the incoming headers so that they can be accessed later via the libcurl headers API. However, curl did not have a limit on the size or quantity of headers it would accept in a response, allowing a malicious server to stream an endless series of...

CLSA-2023-1691576076 Fix CVE(s): CVE-2023-2828

SECURITY UPDATE: cache size limit exceeding may cause Denial of Service - debian/patches/CVE-2023-2828.patch: prevents the cache going over the configured memory limit max-cache-size - CVE-2023-2828...

golang: regexp/syntax: limit memory used by parsing regexps

A flaw was found in the golang package, where programs that compile regular expressions from untrusted sources are vulnerable to memory exhaustion or a denial of service. The parsed regexp representation is linear in the input size. Still, in some cases, the constant factor can be as high as...

SUSE SLES15 / openSUSE 15 Security Update : bind (SUSE-SU-2023:2794-1)

The remote SUSE Linux SLES15 / SLESSAP15 / openSUSE 15 host has packages installed that are affected by a vulnerability as referenced in the SUSE-SU-2023:2794-1 advisory. - Every named instance configured to run as a recursive resolver maintains a cache database holding the responses to the queri...

golang: regexp/syntax: limit memory used by parsing regexps

A flaw was found in the golang package, where programs that compile regular expressions from untrusted sources are vulnerable to memory exhaustion or a denial of service. The parsed regexp representation is linear in the input size. Still, in some cases, the constant factor can be as high as...

SUSE CVE-2023-2828

Every named instance configured to run as a recursive resolver maintains a cache database holding the responses to the queries it has recently sent to authoritative servers. The size limit for that cache database can be configured using the max-cache-size statement in the configuration file; it...

DEBIAN-CVE-2023-2828

Every named instance configured to run as a recursive resolver maintains a cache database holding the responses to the queries it has recently sent to authoritative servers. The size limit for that cache database can be configured using the max-cache-size statement in the configuration file; it...

AZL-27203 CVE-2023-2828 affecting package dhcp for versions less than 4.4.2-5

Every named instance configured to run as a recursive resolver maintains a cache database holding the responses to the queries it has recently sent to authoritative servers. The size limit for that cache database can be configured using the max-cache-size statement in the configuration file; it...

CVE-2023-2828

Every named instance configured to run as a recursive resolver maintains a cache database holding the responses to the queries it has recently sent to authoritative servers. The size limit for that cache database can be configured using the max-cache-size statement in the configuration file; it...

golang: regexp/syntax: limit memory used by parsing regexps

A flaw was found in the golang package, where programs that compile regular expressions from untrusted sources are vulnerable to memory exhaustion or a denial of service. The parsed regexp representation is linear in the input size. Still, in some cases, the constant factor can be as high as...