WordPress The Moneytizer plugin <= 9.6.3 - Cross-Site Request Forgery via multiple AJAX actions vulnerability

Cross-Site Request Forgery via multiple AJAX actions vulnerability discovered by Francesco Carlucci in WordPress Plugin The Moneytizer versions = 9.6.3...

WordPress plugin The Moneytizer security vulnerability

WordPress and WordPress plugin are both products of the WordPress Foundation.WordPress is a blogging platform developed using the PHP language. The platform supports setting up personal blog sites on servers with PHP and MySQL.WordPress plugin is an application plugin. A security vulnerability...

ROS-20240606-01

A vulnerability in QEMU's USB EHCI controller emulation is related to the lack of checks if the buffer pointer overlaps with the MMIO register when transmitting USB packets. the buffer pointer overlaps with the MMIO region when transmitting USB packets. Exploitation of the vulnerability could all...

kernel: net/mlx5e: Prevent deadlock while disabling aRFS

A flaw was found in the Linus Kernel. A potential deadlock can occur while disabling aRFS in drivers/net/ethernet/mellanox/mlx5/core/enarfs.c...

PT-2024-15150 · WordPress · The Moneytizer

Name of the Vulnerable Software and Affected Versions: The Moneytizer plugin for WordPress versions up to, and including, 9.5.20 Description: The issue is due to missing or incorrect nonce validation on multiple AJAX functions, making it possible for unauthenticated attackers to update and retrie...

PT-2024-25822 · Envoy · Envoy

Name of the Vulnerable Software and Affected Versions: Envoy affected versions not specified Description: The issue is related to an out-of-memory OOM vector exposed by Envoy, a cloud-native, open source edge and service proxy. This occurs because the async HTTP client buffers the response with a...

Huawei EulerOS: Security Advisory for libuv (EulerOS-SA-2024-1802)

The remote host is missing an update for the Huawei EulerOS SPDX-FileCopyrightText: 2024 Greenbone AG Some text descriptions might be excerpted from a referenced sources, and are Copyright C by the respective right holders. SPDX-License-Identifier: GPL-2.0-only ifdescription...

Huawei EulerOS: Security Advisory for libuv (EulerOS-SA-2024-1790)

The remote host is missing an update for the Huawei EulerOS SPDX-FileCopyrightText: 2024 Greenbone AG Some text descriptions might be excerpted from a referenced sources, and are Copyright C by the respective right holders. SPDX-License-Identifier: GPL-2.0-only ifdescription...

EulerOS 2.0 SP11 : libuv (EulerOS-SA-2024-1790)

According to the versions of the libuv package installed, the EulerOS installation on the remote host is affected by the following vulnerabilities : libuv is a multi-platform support library with a focus on asynchronous I/O. The uvgetaddrinfo function in src/unix/getaddrinfo.c and its windows...

SUSE CVE-2024-36894

In the Linux kernel, the following vulnerability has been resolved: usb: gadget: ffs: Fix race between aiocancel and AIO request complete FFS based applications can utilize the aiocancel callback to dequeue pending USB requests submitted to the UDC. There is a scenario where the FFS application...

Huawei EulerOS: Security Advisory for libuv (EulerOS-SA-2024-1717)

The remote host is missing an update for the Huawei EulerOS SPDX-FileCopyrightText: 2024 Greenbone AG Some text descriptions might be excerpted from a referenced sources, and are Copyright C by the respective right holders. SPDX-License-Identifier: GPL-2.0-only ifdescription...

Huawei EulerOS: Security Advisory for libuv (EulerOS-SA-2024-1766)

The remote host is missing an update for the Huawei EulerOS SPDX-FileCopyrightText: 2024 Greenbone AG Some text descriptions might be excerpted from a referenced sources, and are Copyright C by the respective right holders. SPDX-License-Identifier: GPL-2.0-only ifdescription...

PT-2024-31095 · WordPress · Comparison Slider

Name of the Vulnerable Software and Affected Versions: Comparison Slider plugin for WordPress versions up to, and including, 1.0.5 Description: The issue allows authenticated attackers with subscriber access or above to modify data due to a missing capability check on several AJAX actions. This...

EulerOS 2.0 SP12 : libuv (EulerOS-SA-2024-1743)

According to the versions of the libuv package installed, the EulerOS installation on the remote host is affected by the following vulnerabilities : libuv is a multi-platform support library with a focus on asynchronous I/O. The uvgetaddrinfo function in src/unix/getaddrinfo.c and its windows...

EulerOS Virtualization 2.11.1 : libuv (EulerOS-SA-2024-1717)

According to the versions of the libuv package installed, the EulerOS Virtualization installation on the remote host is affected by the following vulnerabilities : libuv is a multi-platform support library with a focus on asynchronous I/O. The uvgetaddrinfo function in src/unix/getaddrinfo.c and...

Fedora: Security Advisory (FEDORA-2024-9963d77dcb)

The remote host is missing an update for the SPDX-FileCopyrightText: 2024 Greenbone AG Some text descriptions might be excerpted from a referenced sources, and are Copyright C by the respective right holders. SPDX-License-Identifier: GPL-2.0-only ifdescription...

DEBIAN-CVE-2021-47505

In the Linux kernel, the following vulnerability has been resolved: aio: fix use-after-free due to missing POLLFREE handling signalfdpoll and binderpoll are special in that they use a waitqueue whose lifetime is the current task, rather than the struct file as is normally the case. This is okay f...

Linux kernel 安全漏洞

Linux kernel is the kernel used by Linux, the open source operating system of the Linux Foundation in the United States. A security vulnerability exists in the Linux kernel that stems from a post-release reuse issue in the aio module due to a lack of POLLFREE handling...

kernel: use-after-free in net/atm/ioctl.c

A use-after-free flaw was found in the Linux kernel's net/atm/ioctl.c ATM networking technology driver: dovccioctl in net/atm/ioctl.c is vulnerable to use-after-free due to a race condition in vccrecvmsg. This issue can allow an attacker to possibly gain unauthorized access, escalate privileges, ...

kernel: use-after-free in net/atm/ioctl.c

A use-after-free flaw was found in the Linux kernel's net/atm/ioctl.c ATM networking technology driver: dovccioctl in net/atm/ioctl.c is vulnerable to use-after-free due to a race condition in vccrecvmsg. This issue can allow an attacker to possibly gain unauthorized access, escalate privileges, ...