EulerOS Virtualization 3.0.6.6 : c-ares (EulerOS-SA-2023-3394)

According to the versions of the c-ares packages installed, the EulerOS Virtualization installation on the remote host is affected by the following vulnerabilities : - c-ares is an asynchronous resolver library. When cross-compiling c-ares and using the autotools build system, CARESRANDOMFILE wil...

libuv: Buffer Overread

Background libuv is a multi-platform support library with a focus on asynchronous I/O. Description libuv fails to ensure that a pointer lies within the bounds of a defined buffer in the uvidnatoascii function before reading and manipulating the memory at that address. Impact The overread can resu...

EulerOS Virtualization 2.10.1 : c-ares (EulerOS-SA-2023-2913)

According to the versions of the c-ares package installed, the EulerOS Virtualization installation on the remote host is affected by the following vulnerabilities : - c-ares is an asynchronous resolver library. When cross-compiling c-ares and using the autotools build system, CARESRANDOMFILE will...

EulerOS Virtualization 2.11.1 : c-ares (EulerOS-SA-2023-3049)

According to the versions of the c-ares package installed, the EulerOS Virtualization installation on the remote host is affected by the following vulnerabilities : - c-ares is an asynchronous resolver library. When cross-compiling c-ares and using the autotools build system, CARESRANDOMFILE will...

EulerOS 2.0 SP11 : c-ares (EulerOS-SA-2023-2828)

According to the versions of the c-ares package installed, the EulerOS installation on the remote host is affected by the following vulnerabilities : - c-ares is an asynchronous resolver library. When cross-compiling c-ares and using the autotools build system, CARESRANDOMFILE will not be set, as...

PT-2024-15401 · WordPress · Eventon

Name of the Vulnerable Software and Affected Versions: EventON WordPress plugin versions prior to 4.5.5 EventON WordPress plugin versions prior to 2.2.7 Description: The issue allows unauthenticated users to retrieve email addresses of any users on the blog due to a lack of authorization in an AJ...

PT-2024-15402 · Zoom · Zoom

Name of the Vulnerable Software and Affected Versions: EventON WordPress plugin versions prior to 4.5.5 EventON WordPress plugin versions prior to 2.2.7 Description: The issue allows unauthenticated users to retrieve the settings of arbitrary virtual events, including any meeting password set, du...

EulerOS Virtualization 2.10.0 : c-ares (EulerOS-SA-2023-2932)

According to the versions of the c-ares package installed, the EulerOS Virtualization installation on the remote host is affected by the following vulnerabilities : - c-ares is an asynchronous resolver library. When cross-compiling c-ares and using the autotools build system, CARESRANDOMFILE will...

WordPress plugin Qyrr security vulnerability

WordPress and WordPress plugin are both products of the WordPress Foundation.WordPress is a blogging platform developed using the PHP language. WordPress is a blogging platform developed in the PHP language that supports personal blogs on PHP and MySQL servers.WordPress plugin is an application...

EulerOS Virtualization 3.0.6.0 : c-ares (EulerOS-SA-2023-3421)

According to the versions of the c-ares packages installed, the EulerOS Virtualization installation on the remote host is affected by the following vulnerabilities : - c-ares is an asynchronous resolver library. When cross-compiling c-ares and using the autotools build system, CARESRANDOMFILE wil...

EulerOS Virtualization 2.11.1 : c-ares (EulerOS-SA-2023-2718)

According to the versions of the c-ares package installed, the EulerOS Virtualization installation on the remote host is affected by the following vulnerabilities : - c-ares is an asynchronous resolver library. aresinetnetpton is vulnerable to a buffer underflow for certain ipv6 addresses, in...

EulerOS 2.0 SP8 : c-ares (EulerOS-SA-2023-3115)

According to the versions of the c-ares packages installed, the EulerOS installation on the remote host is affected by the following vulnerabilities : - c-ares is an asynchronous resolver library. When cross-compiling c-ares and using the autotools build system, CARESRANDOMFILE will not be set, a...

CVE-2023-6066

The WP Custom Widget area WordPress plugin through 1.2.5 does not properly apply capability and nonce checks on any of its AJAX action callback functions, which could allow attackers with subscriber+ privilege to create, delete or modify menus on the site...

PT-2024-14871 · WordPress · Wp Custom Widget Area

Name of the Vulnerable Software and Affected Versions: WP Custom Widget area WordPress plugin versions 1.2.5 and earlier Description: The issue arises from the plugin not properly applying capability and nonce checks on its AJAX action callback functions. This could allow attackers with subscribe...

WordPress Plugin easy.jobs- Best Recruitment Security Breach

WordPress and WordPress plugin are both products of the WordPress Foundation.WordPress is a blogging platform developed using the PHP language. The platform supports personal blog sites on PHP and MySQL servers.WordPress plugin is an application plugin. A security vulnerability in the WordPress...

WordPress Plugin WP Custom Widget area security vulnerability

WordPress and WordPress plugin are both products of the WordPress Foundation.WordPress is a blogging platform developed using the PHP language. The platform supports personal blog sites on PHP and MySQL servers.WordPress plugin is an application plugin. A security vulnerability exists in WordPres...

PT-2024-15107 · WordPress · Easyjobs

Name of the Vulnerable Software and Affected Versions: easy.jobs- Best Recruitment Plugin for Job Board Listing, Manager, Career Page for Elementor & Gutenberg WordPress plugin versions prior to 2.4.7 Description: The issue arises from the plugin not properly securing some of its AJAX actions,...

Microsoft Message Queuing Information Disclosure Vulnerability (CNVD-2024-04950)

Microsoft Message Queuing is the solution for implementing asynchronous and synchronous scenarios that require high performance. An information disclosure vulnerability exists in Microsoft Message Queuing, which can be exploited by an attacker to obtain sensitive information from heap memory...

Microsoft Message Queuing Information Disclosure Vulnerability (CNVD-2024-04947)

Microsoft Message Queuing is the solution for implementing asynchronous and synchronous scenarios that require high performance. An information disclosure vulnerability exists in Microsoft Message Queuing, which can be exploited by an attacker to obtain sensitive information from heap memory...

The vulnerability of the do_vcc_ioctl() function in the net/atm/ioctl.c module, which implements the ATM network protocol in the Linux operating system’s kernel, allows a attacker to compromise the confidentiality, integrity, and accessibility of the protected information.

The vulnerability of the dovccioctl function in the net/atm/ioctl.c module, which implements the ATM network protocol in the Linux operating system, is related to the reallocation of previously freed memory due to concurrent access to resources. Exploiting this vulnerability could allow an attack...