Exploit for OS Command Injection in Zyxel Nas326_Firmware

CVE-2024-29973 Exploiter a Vulnerability detection and Exploit...

CLSA-2024-1718950178 Fix of 22 CVEs

CVE-url: https://ubuntu.com/security/CVE-2024-26764 - aio: remove an outdated BUGON and comment in aiocomplete - aio: remove the extra getfile/fput pair in iosubmitone - aio: refactor read/write iocb setup - fs/aio: Restrict kiocbsetcancelfn to I/O submitted via libaio CVE-url:...

Linux kernel security vulnerabilities

Linux kernel is the kernel used by Linux, the open source operating system of the Linux Foundation in the United States. A security vulnerability exists in the Linux kernel that stems from the ceph module correctly placing a cephstring reference after an asynchronous creation attempt...

UBUNTU-CVE-2024-38591

In the Linux kernel, the following vulnerability has been resolved: RDMA/hns: Fix deadlock on SRQ async events. xalock for SRQ table may be required in AEQ. Use xastoreirq/ xaeraseirq to avoid deadlock...

WordPress Wheel of Life: Coaching and Assessment Tool for Life Coach plugin <= 1.1.7 - Missing Authorization on Several AJAX Endpoints vulnerability

Missing Authorization on Several AJAX Endpoints vulnerability discovered by Lucio Sá in WordPress Plugin Wheel of Life versions = 1.1.7...

Linux kernel security vulnerabilities

Linux kernel is the kernel used by Linux, the open source operating system of the Linux Foundation in the United States. A security vulnerability exists in the Linux kernel that stems from a deadlock issue on SRQ asynchronous events...

CVE-2024-5860

The Tickera – WordPress Event Ticketing plugin for WordPress is vulnerable to unauthorized loss of data due to a missing capability check on the tcdldeletetickets AJAX action in all versions up to, and including, 3.5.2.8. This makes it possible for authenticated attackers, with Subscriber-level...

The vulnerability of the wpDataTables plugin (Premium) in the WordPress content management system allows a hacker to execute arbitrary SQL queries.

The vulnerability of the wpDataTables plugin Premium in the WordPress content management system is related to the lack of protective measures for the SQL query structure. Exploiting this vulnerability allows a malicious actor to execute arbitrary SQL queries through the idkey parameter in the...

Unspecified vulnerability in Linux kernel (CNVD-2024-28365)

Linux kernel is the kernel used by Linux, the open source operating system of the Linux Foundation in the United States. A security vulnerability exists in the Linux kernel that stems from the net module calling asynchronous callbacks twice under certain circumstances. No details of the...

CVE-2024-2544

The Popup Builder plugin for WordPress is vulnerable to unauthorized modification of data and loss of data due to a missing capability check on all AJAX actions. This makes it possible for authenticated attackers, with subscriber-level access and above, to perform multiple unauthorized actions,...

WordPress plugin Popup Builder security vulnerability

WordPress and WordPress plugin are both products of the WordPress Foundation.WordPress is a blogging platform developed using the PHP language. WordPress plugin is an application plugin that supports personal blog sites on servers running PHP and MySQL. A security vulnerability exists in the...

WordPress Popup Builder plugin <= 4.3.0 - Missing Authorization in Multiple AJAX Actions vulnerability

Missing Authorization in Multiple AJAX Actions vulnerability discovered by Alex Thomas in WordPress Plugin Popup Builder versions = 4.3.0...

WordPress plugin ARForms security vulnerability

WordPress and WordPress plugin are both products of the WordPress Foundation.WordPress is a set of blogging platforms developed using the PHP language. The platform supports setting up personal blog sites on servers with PHP and MySQL.WordPress plugin is an application plugin. A security...

RHEL 9 : c-ares (RHSA-2024:3842)

The remote Redhat Enterprise Linux 9 host has packages installed that are affected by a vulnerability as referenced in the RHSA-2024:3842 advisory. The c-ares C library defines asynchronous DNS Domain Name System requests and provides name resolving API. Security Fixes: c-ares: Out of bounds read...

Low: Red Hat Security Advisory: c-ares security update

An update for c-ares is now available for Red Hat Enterprise Linux 9. Red Hat Product Security has rated this update as having a security impact of Low. A Common Vulnerability Scoring System CVSS base score, which gives a detailed severity rating, is available for each vulnerability from the CVE...

ROS-20240611-10

Vulnerability of uvgetaddrinfo function src/unix/getaddrinfo.c, src/win/getaddrinfo.c of libuv asynchronous I/O library is related to insufficient checking of incoming requests. libuv asynchronous I/O is due to insufficient checking of incoming requests. Exploitation of the vulnerability could...

ALSA-2024:3842 Low: c-ares security update

The c-ares C library defines asynchronous DNS Domain Name System requests and provides name resolving API. Security Fixes: c-ares: Out of bounds read in aresreadline CVE-2024-25629 For more details about the security issues, including the impact, a CVSS score, acknowledgments, and other related...

CVE-2024-5087

The Minimal Coming Soon – Coming Soon Page plugin for WordPress is vulnerable to unauthorized modification of data due to a missing capability check on the validateajax, deactivateajax, and saveajax functions in all versions up to, and including, 2.38. This makes it possible for authenticated...

PT-2024-32074 · WordPress · Wp Reset

Name of the Vulnerable Software and Affected Versions: WP Reset plugin for WordPress versions up to, and including, 2.02 Description: The issue is related to a missing capability check on the save ajax function, allowing authenticated attackers with subscriber-level access and above to modify the...

The vulnerability of the virtio-net interface in the QEMU hardware emulation software allows a attacker to trigger a service failure.

The vulnerability of the virtio-net emulator’s hardware emulation interface of QEMU is related to the asynchronous nature of the shutdown process, which allows for scenarios of “racing.” Exploiting this vulnerability can enable a perpetrator to cause a service failure...