WordPress plugin ProfileGrid security vulnerability

WordPress and WordPress plugin are both products of the WordPress Foundation.WordPress is a blogging platform developed using the PHP language. The platform supports setting up personal blog sites on servers with PHP and MySQL.WordPress plugin is an application plugin. A security vulnerability...

Exploit for Improper Privilege Management in Progress Whatsup_Gold

CVE-2024-5009 : WhatsUp Gold SetAdminPassword Privilege Escala...

WordPress Just Custom Fields plugin <= 3.3.2 - Cross-Site Request Forgery via AJAX actions vulnerability

Cross-Site Request Forgery via AJAX actions vulnerability discovered by Francesco Carlucci in WordPress Plugin Just Custom Fields versions = 3.3.2...

WordPress plugin Just Custom Fields security vulnerability

WordPress and WordPress plugin are both products of the WordPress Foundation.WordPress is a blogging platform developed using the PHP language. The platform supports setting up personal blog sites on servers with PHP and MySQL.WordPress plugin is an application plugin. A security vulnerability...

PT-2024-37195 · WordPress · Comment Images Reloaded

Name of the Vulnerable Software and Affected Versions: Comment Images Reloaded plugin for WordPress versions up to, and including, 2.2.1 Description: The issue is related to a missing capability check on the cir delete image AJAX action. This allows authenticated attackers with Subscriber-level...

PT-2024-29200 · WordPress · Pricing Table

Name of the Vulnerable Software and Affected Versions: Pricing Table plugin for WordPress versions up to, and including, 2.0.1 Description: The issue is related to Cross-Site Request Forgery due to missing or incorrect nonce validation on the ajax function. This allows unauthenticated attackers t...

WordPress plugin Just Custom Fields security vulnerability

WordPress and WordPress plugin are both products of the WordPress Foundation.WordPress is a blogging platform developed using the PHP language. The platform supports setting up personal blog sites on servers with PHP and MySQL.WordPress plugin is an application plugin. A security vulnerability...

kernel: crypto: qat - resolve race condition during AER recovery

A race condition was found in drivers/crypto/intel/qat/qatcommon/adfaer.c in the Linux kernel during AER recovery...

ROS-20240704-07

A vulnerability in the parseQuery function of the Webpack loader-utilss package is related to improperly controlled modification of object characteristic attributes. Exploitation of the vulnerability could allow an attacker, acting remotely, to execute arbitrary JavaScript code Ansi-regex ANSI...

Exploit for Race Condition in Openbsd Openssh

CVE-2024-6387 Proof of Concept PoC Description This rep...

CBL Mariner 2.0 Security Update: c-ares / fluent-bit / grpc / nodejs (CVE-2023-31147)

The version of c-ares / fluent-bit / grpc / nodejs installed on the remote CBL Mariner 2.0 host is prior to tested version. It is, therefore, affected by a vulnerability as referenced in the CVE-2023-31147 advisory. - c-ares is an asynchronous resolver library. When /dev/urandom or RtlGenRandom a...

Moderate: Red Hat Security Advisory: libuv security update

An update for libuv is now available for Red Hat Enterprise Linux 8. Red Hat Product Security has rated this update as having a security impact of Moderate. A Common Vulnerability Scoring System CVSS base score, which gives a detailed severity rating, is available for each vulnerability from the...

Low: Red Hat Security Advisory: c-ares security update

An update for c-ares is now available for Red Hat Enterprise Linux 8. Red Hat Product Security has rated this update as having a security impact of Low. A Common Vulnerability Scoring System CVSS base score, which gives a detailed severity rating, is available for each vulnerability from the CVE...

kernel: tls: race between async notify and socket close

A race condition vulnerability was found in the tls subsystem of the Linux kernel. The submitting thread that calls recvmsg/sendmsg may exit as soon as the async crypto handler calls complete; any code past that point risks touching already freed data. This could lead to a use-after-free issue an...

Exploit for CVE-2024-27292

CVE-2024-27292 : Docassemble V1.4.96 Unauthenticated Path Trav...

net: tls: fix use-after-free with partial reads and async decrypt

...

SUSE CVE-2024-39371

In the Linux kernel, the following vulnerability has been resolved: iouring: check for non-NULL file pointer in iofilecanpoll In earlier kernels, it was possible to trigger a NULL pointer dereference off the forced async preparation path, if no file had been assigned. The trace leading to that...

SUSE CVE-2024-39464

In the Linux kernel, the following vulnerability has been resolved: media: v4l: async: Fix notifier list entry init struct v4l2asyncnotifier has several listhead members, but only waitinglist and donelist are initialized. notifierentry was kept 'zeroed' leading to an uninitialized listhead. This...

Moderate: Red Hat Security Advisory: VolSync 0.9.2 for RHEL 9

VolSync v0.9.2 general availability release images provide the following: enhancements, security fixes, and updated container images. Red Hat Product Security has rated this update as having a security impact of Moderate. A Common Vulnerability Scoring System CVSS base score, which gives a detail...

DEBIAN-CVE-2024-39464

In the Linux kernel, the following vulnerability has been resolved: media: v4l: async: Fix notifier list entry init struct v4l2asyncnotifier has several listhead members, but only waitinglist and donelist are initialized. notifierentry was kept 'zeroed' leading to an uninitialized listhead. This...