WordPress Genealogical Tree – WordPress Family Tree plugin <= 2.1.4 - Sensitive Information Disclosure vulnerability

Sensitive Information Disclosure vulnerability discovered in WordPress Genealogical Tree – WordPress Family Tree plugin versions = 2.1.4. Solution Update the WordPress Genealogical Tree – WordPress Family Tree plugin to the latest available version at least 2.1.5...

GSD-2022-1000425 arm64: dts: meson-sm1-odroid: use correct enable-gpio pin for tf-io regulator

arm64: dts: meson-sm1-odroid: use correct enable-gpio pin for tf-io regulator This is an automated ID intended to aid in discovery of potential security vulnerabilities. The actual impact and attack plausibility have not yet been proven. This ID is fixed in Linux Kernel version v5.15.24 by commit...

Fedora: Security Advisory for nodejs-bash-language-server (FEDORA-2022-7cca5b6d38)

The remote host is missing an update for the Copyright C 2022 Greenbone Networks GmbH Some text descriptions might be excerpted from a referenced sources, and are Copyright C by the respective right holders. SPDX-License-Identifier: GPL-2.0-or-later This program is free software; you can...

[SECURITY] Fedora 35 Update: nodejs-bash-language-server-2.0.0-2.fc35

Bash language server implementation based on Tree Sitter and its grammar for Bash with explainshell integration...

DRUPAL-CONTRIB-2022-026

This module provides an entity relationship hierarchy tree widget for an entity reference field. The module doesn't sufficiently filter on output, leading to a Cross Site Scripting vulnerability. This vulnerability is mitigated by the fact that an attacker must have a role with the permission to...

Dive - A Tool For Exploring Each Layer In A Docker Image

A tool for exploring a docker image, layer contents, and discovering ways to shrink the size of your Docker/OCI image. To analyze a Docker image simply run dive with an image tag/id/digest: dive or if you want to build your image then jump straight into analyzing it: dive build -t . Building on...

Design/Logic Flaw

OPA is an open source, general-purpose policy engine. Under certain conditions, pretty-printing an abstract syntax tree AST that contains synthetic nodes could change the logic of some statements by reordering array literals. Example of policies impacted are those that parse and compare web paths...

Open Policy Agent 安全漏洞

Open Policy Agent is an open source general-purpose policy engine that enables uniform, context-aware policy enforcement across the stack. Open Policy Agent suffers from a security vulnerability that stems from the fact that under certain conditions, pretty-printing an Abstract Syntax Tree AST...

AlmaLinux 8 : kernel (ALSA-2021:4647)

The remote AlmaLinux 8 host has packages installed that are affected by multiple vulnerabilities as referenced in the ALSA-2021:4647 advisory. - A flaw was found in the Linux kernel. A corrupted timer tree caused the task wakeup to be missing in the timerqueueadd function in lib/timerqueue.c. Thi...

CVE-2021-46495

Jsish v3.5.0 was discovered to contain a heap-use-after-free via DeleteTreeValue in src/jsiObj.c. This vulnerability can lead to a Denial of Service DoS...

CVE-2021-31854

A command Injection Vulnerability in McAfee Agent MA for Windows prior to 5.7.5 allows local users to inject arbitrary shell code into the file cleanup.exe. The malicious clean.exe file is placed into the relevant folder and executed by running the McAfee Agent deployment feature located in the...

Command injection

A command Injection Vulnerability in McAfee Agent MA for Windows prior to 5.7.5 allows local users to inject arbitrary shell code into the file cleanup.exe. The malicious clean.exe file is placed into the relevant folder and executed by running the McAfee Agent deployment feature located in the...

Important: Red Hat Security Advisory: kernel-rt security and bug fix update

An update for kernel-rt is now available for Red Hat Enterprise Linux 8. Red Hat Product Security has rated this update as having a security impact of Important. A Common Vulnerability Scoring System CVSS base score, which gives a detailed severity rating, is available for each vulnerability from...

CVE-2022-22172

A Missing Release of Memory after Effective Lifetime vulnerability in the Layer-2 control protocols daemon l2cpd of Juniper Networks Junos OS and Junos OS Evolved allows an unauthenticated adjacent attacker to cause a memory leak. Continued exploitation can lead to memory exhaustion and thereby a...

PT-2022-1429 · Mcafee · Mcafee Agent

Name of the Vulnerable Software and Affected Versions: McAfee Agent for Windows versions prior to 5.7.5 Description: A command injection issue allows local users to inject arbitrary shell code into the file cleanup.exe. The malicious clean.exe file is placed into the relevant folder and executed ...

Iptable_Evil - An Evil Bit Backdoor For Iptables

iptableevil is a very specific backdoor for iptables that allows all packets with the evil bit set, no matter the firewall rules. The initial implementation is in iptableevil.c, which adds a table to iptables and requires modifying a kernel header to insert a spot for it. The second implementatio...

Moderate: Red Hat Security Advisory: kernel-rt security and bug fix update

An update for kernel-rt is now available for Red Hat Enterprise Linux 7. Red Hat Product Security has rated this update as having a security impact of Moderate. A Common Vulnerability Scoring System CVSS base score, which gives a detailed severity rating, is available for each vulnerability from...

Exploit for Uncontrolled Resource Consumption in Siemens 6Bk1602-0Aa12-0Tp0_Firmware

log4j Spring vulnerable POC This is a POC for a simple spring...

Oracle Linux 8 : kernel (ELSA-2021-5227)

The remote Oracle Linux 8 host has packages installed that are affected by a vulnerability as referenced in the ELSA-2021-5227 advisory. 4.18.0-348.7.15.OL8 - Update Oracle Linux certificates Kevin Lyons - Disable signing for aarch64 Ilya Okomin - Oracle Linux RHCK Module Signing Key was added to...

Debian DLA-2843-1 : linux - LTS security update

The remote Debian 9 host has packages installed that are affected by multiple vulnerabilities as referenced in the dla-2843 advisory. - Use-after-free vulnerability in the Linux kernel exploitable by a local attacker due to reuse of a DCCP socket with an attached dccpshctxccid object as a listene...