Security feature bypass

aiohttp is an asynchronous HTTP client/server framework for asyncio and Python. Security-sensitive parts of the Python HTTP parser retained minor differences in allowable character sets, that must trigger error handling to robustly match frame boundaries of proxies in order to protect against...

CVE-2024-23829 aiohttp's HTTP parser (the python one, not llhttp) still overly lenient about separators

aiohttp is an asynchronous HTTP client/server framework for asyncio and Python. Security-sensitive parts of the Python HTTP parser retained minor differences in allowable character sets, that must trigger error handling to robustly match frame boundaries of proxies in order to protect against...

aiohttp Environment Issue Vulnerability

aiohttp is an open source asynchronous HTTP client/server framework for asyncio and Python. A vulnerability exists in aiohttp versions prior to 3.9.2, which stems from the HTTP parser's overly lax treatment of delimiters, which can help with request smuggling...

Moderate: Red Hat Security Advisory: c-ares security update

An update for c-ares is now available for Red Hat Enterprise Linux 8.6 Extended Update Support. Red Hat Product Security has rated this update as having a security impact of Moderate. A Common Vulnerability Scoring System CVSS base score, which gives a detailed severity rating, is available for...

Amazon Linux 2 : c-ares (ALAS-2024-2429)

The version of c-ares installed on the remote host is prior to 1.10.0-3. It is, therefore, affected by a vulnerability as referenced in the ALAS2-2024-2429 advisory. When cross-compiling c-ares and using the autotools build system, CARESRANDOMFILE will not be set, as seen when cross compiling...

VulnCheck KEV: CVE-2022-2376

The Directorist WordPress plugin before 7.3.1 discloses the email address of all users in an AJAX action available to both unauthenticated and any authenticated users...

VulnCheck KEV: CVE-2021-24285

The requestlistrequest AJAX call of the Car Seller - Auto Classifieds Script WordPress plugin through 2.1.0, available to both authenticated and unauthenticated users, does not sanitise, validate or escape the orderid POST parameter before using it in a SQL statement, leading to a SQL...

OESA-2024-1087 kernel security update

The Linux Kernel, the operating system core itself. Security Fixes: A flaw was found in the Bluetooth subsystem of the Linux kernel. A race condition between the btsockrecvmsg and btsockioctl functions could lead to a use-after-free on a socket buffer "skb". This flaw allows a local user to cause...

Moderate: Red Hat Security Advisory: Red Hat AMQ Broker 7.11.5 release and security update

Red Hat AMQ Broker 7.11.5 is now available from the Red Hat Customer Portal. Red Hat Product Security has rated this update as having a security impact of Moderate. A Common Vulnerability Scoring System CVSS base score, which gives a detailed severity rating, is available for each vulnerability...

CVE-2024-0238

The EventON Premium WordPress plugin before 4.5.6, EventON WordPress plugin before 2.2.8 do not have authorisation in an AJAX action, and does not ensure that the post to be updated belong to the plugin, allowing unauthenticated users to update arbitrary post metadata...

CVE-2024-0236

The EventON WordPress plugin before 4.5.5, EventON WordPress plugin before 2.2.7 do not have authorisation in an AJAX action, allowing unauthenticated users to retrieve the settings of arbitrary virtual events, including any meeting password set for example for Zoom...

CVE-2023-5922

The Royal Elementor Addons and Templates WordPress plugin before 1.3.81 does not ensure that users accessing posts via an AJAX action and REST endpoint, currently disabled in the plugin have the right to do so, allowing unauthenticated users to access arbitrary draft, private and password protect...

WordPress plugin EventON security vulnerability

WordPress and WordPress plugin are both products of the WordPress Foundation.WordPress is a blogging platform developed using the PHP language. WordPress is a blogging platform developed in the PHP language that supports personal blogs on PHP and MySQL servers.WordPress plugin is an application...

WordPress plugin EventON security vulnerability

WordPress and WordPress plugin are both products of the WordPress Foundation.WordPress is a blogging platform developed using the PHP language. WordPress is a blogging platform developed in the PHP language that supports personal blogs on PHP and MySQL servers.WordPress plugin is an application...

EulerOS 2.0 SP11 : c-ares (EulerOS-SA-2023-2676)

According to the versions of the c-ares package installed, the EulerOS installation on the remote host is affected by the following vulnerabilities : - c-ares is an asynchronous resolver library. aresinetnetpton is vulnerable to a buffer underflow for certain ipv6 addresses, in particular...

EulerOS Virtualization 2.11.0 : c-ares (EulerOS-SA-2023-2749)

According to the versions of the c-ares package installed, the EulerOS Virtualization installation on the remote host is affected by the following vulnerabilities : - c-ares is an asynchronous resolver library. aresinetnetpton is vulnerable to a buffer underflow for certain ipv6 addresses, in...

EulerOS Virtualization 2.11.0 : c-ares (EulerOS-SA-2023-3066)

According to the versions of the c-ares package installed, the EulerOS Virtualization installation on the remote host is affected by the following vulnerabilities : - c-ares is an asynchronous resolver library. When cross-compiling c-ares and using the autotools build system, CARESRANDOMFILE will...

EulerOS Virtualization 2.9.0 : c-ares (EulerOS-SA-2023-2977)

According to the versions of the c-ares package installed, the EulerOS Virtualization installation on the remote host is affected by the following vulnerabilities : - c-ares is an asynchronous resolver library. When cross-compiling c-ares and using the autotools build system, CARESRANDOMFILE will...

EulerOS Virtualization 2.9.1 : c-ares (EulerOS-SA-2023-2951)

According to the versions of the c-ares package installed, the EulerOS Virtualization installation on the remote host is affected by the following vulnerabilities : - c-ares is an asynchronous resolver library. When cross-compiling c-ares and using the autotools build system, CARESRANDOMFILE will...

EulerOS 2.0 SP11 : c-ares (EulerOS-SA-2023-2634)

According to the versions of the c-ares package installed, the EulerOS installation on the remote host is affected by the following vulnerabilities : - c-ares is an asynchronous resolver library. aresinetnetpton is vulnerable to a buffer underflow for certain ipv6 addresses, in particular...