WordPress plugin Accept Stripe Payments 安全漏洞

WordPress and WordPress plugin are both products of the WordPress Foundation.WordPress is a blogging platform developed using the PHP language. The platform supports personal blog sites on servers with PHP and MySQL.WordPress plugin is an application plugin. A security vulnerability exists in...

CVE-2024-23352

CVE-2024-23352 concerns a transient DoS in Qualcomm closed‑source components due to a loop in the Multi Mode Call Processor. The issue manifests when NAS receives ODAC criteria of length 1 and type 1 during registration (OTA). Public documents consistently cite the description, but no concrete pa...

CVE-2024-23352 Loop with Unreachable Exit Condition (`Infinite Loop`) in Multi Mode Call Processor

Transient DOS when NAS receives ODAC criteria of length 1 and type 1 in registration accept OTA...

CVE-2024-23352 Loop with Unreachable Exit Condition (`Infinite Loop`) in Multi Mode Call Processor

Transient DOS when NAS receives ODAC criteria of length 1 and type 1 in registration accept OTA...

PT-2024-19831 · Qualcomm · 315 5G Iot Modem Firmware +98

Name of the Vulnerable Software and Affected Versions: No specific software or versions are mentioned. Description: The issue occurs when a NAS receives ODAC criteria of length 1 and type 1 in registration accept OTA, resulting in a transient DOS. Recommendations: At the moment, there is no...

DEBIAN-CVE-2024-35296

Invalid Accept-Encoding header can cause Apache Traffic Server to fail cache lookup and force forwarding requests. This issue affects Apache Traffic Server: from 8.0.0 through 8.1.10, from 9.0.0 through 9.2.4. Users are recommended to upgrade to version 8.1.11 or 9.2.5, which fixes the issue...

UBUNTU-CVE-2024-35296

Invalid Accept-Encoding header can cause Apache Traffic Server to fail cache lookup and force forwarding requests. This issue affects Apache Traffic Server: from 8.0.0 through 8.1.10, from 9.0.0 through 9.2.4. Users are recommended to upgrade to version 8.1.11 or 9.2.5, which fixes the issue...

CVE-2024-35296 Apache Traffic Server: Invalid Accept-Encoding can force forwarding requests

Invalid Accept-Encoding header can cause Apache Traffic Server to fail cache lookup and force forwarding requests. This issue affects Apache Traffic Server: from 8.0.0 through 8.1.10, from 9.0.0 through 9.2.4. Users are recommended to upgrade to version 8.1.11 or 9.2.5, which fixes the issue...

CVE-2024-35296

Apache Traffic Server (versions 8.0.0–8.1.10 and 9.0.0–9.2.4) is affected by CVE-2024-35296 due to incorrect handling of the Accept-Encoding header, which can cause cache lookups to fail and lead to forwarding requests. The issue is resolved by upgrading to 8.1.11 or 9.2.5. Certified advisories f...

CVE-2024-35296

Invalid Accept-Encoding header can cause Apache Traffic Server to fail cache lookup and force forwarding requests. This issue affects Apache Traffic Server: from 8.0.0 through 8.1.10, from 9.0.0 through 9.2.4. Users are recommended to upgrade to version 8.1.11 or 9.2.5, which fixes the issue...

CVE-2024-35296 Apache Traffic Server: Invalid Accept-Encoding can force forwarding requests

Invalid Accept-Encoding header can cause Apache Traffic Server to fail cache lookup and force forwarding requests. This issue affects Apache Traffic Server: from 8.0.0 through 8.1.10, from 9.0.0 through 9.2.4. Users are recommended to upgrade to version 8.1.11 or 9.2.5, which fixes the issue...

PT-2024-5532 · Apache · Apache Traffic Server

Name of the Vulnerable Software and Affected Versions: Apache Traffic Server versions 8.0.0 through 8.1.10 Apache Traffic Server versions 9.0.0 through 9.2.4 Description: The issue is related to insufficient input validation, allowing a remote attacker to execute arbitrary requests using the HTTP...

freeradius: forgery attack

A vulnerability in the RADIUS Remote Authentication Dial-In User Service protocol allows attackers to forge authentication responses when the Message-Authenticator attribute is not enforced. This issue arises from a cryptographically insecure integrity check using MD5, enabling attackers to spoof...

MAL-2024-7789 Malicious code in sap-accept (npm)

--- -= Per source details. Do not edit below this line.=- Source: ghsa-malware e26fce9c57c312e62687f13f2fc582feb687da57944fca0f47efdadb6f55f8ed Any computer that has this package installed or running should be considered fully compromised. All secrets and keys stored on that computer should be...

Malicious code in sap-accept (npm)

--- -= Per source details. Do not edit below this line.=- Source: ghsa-malware e26fce9c57c312e62687f13f2fc582feb687da57944fca0f47efdadb6f55f8ed Any computer that has this package installed or running should be considered fully compromised. All secrets and keys stored on that computer should be...

openSUSE 15 Security Update : python-Django (SUSE-SU-2024:2545-1)

The remote openSUSE 15 host has a package installed that is affected by multiple vulnerabilities as referenced in the SUSE-SU-2024:2545-1 advisory. - CVE-2024-38875: Fixed potential denial-of-service attack via certain inputs with a very large number of brackets bsc1227590 - CVE-2024-39329: Fixed...

SUSE CVE-2024-40910

In the Linux kernel, the following vulnerability has been resolved: ax25: Fix refcount imbalance on inbound connections When releasing a socket in ax25release, we call netdevput to decrease the refcount on the associated ax.25 device. However, the execution path for accepting an incoming connecti...

DEBIAN-CVE-2024-40910

In the Linux kernel, the following vulnerability has been resolved: ax25: Fix refcount imbalance on inbound connections When releasing a socket in ax25release, we call netdevput to decrease the refcount on the associated ax.25 device. However, the execution path for accepting an incoming connecti...

UBUNTU-CVE-2024-40910

In the Linux kernel, the following vulnerability has been resolved: ax25: Fix refcount imbalance on inbound connections When releasing a socket in ax25release, we call netdevput to decrease the refcount on the associated ax.25 device. However, the execution path for accepting an incoming connecti...

EUVD-2024-32175

RADIUS Protocol under RFC 2865 is susceptible to forgery attacks by a local attacker who can modify any valid Response Access-Accept, Access-Reject, or Access-Challenge to any other response using a chosen-prefix collision attack against MD5 Response Authenticator signature...