The vulnerability of the C-ares asynchronous DNS query library, related to uncontrolled resource consumption, allows a hacker to cause a service failure.

The vulnerability of the C-ares asynchronous DNS query library is related to an uncontrolled resource consumption when the packet length is interpreted incorrectly. Exploiting this vulnerability can allow a malicious actor to cause service failures through corrupted UDP packets...

Critical: Red Hat Security Advisory: Red Hat AMQ Broker 7.11.4 release and security update

Red Hat AMQ Broker 7.11.4 is now available from the Red Hat Customer Portal. Red Hat Product Security has rated this update as having a security impact of Critical. A Common Vulnerability Scoring System CVSS base score, which gives a detailed severity rating, is available for each vulnerability...

[SECURITY] Fedora 39 Update: libnbd-1.18.1-2.fc39

NBD =EF=BF=BD=EF=BF=BD=EF=BF=BD Network Block Device =EF=BF=BD=EF=BF=BD=EF=BF =BD is a protocol for accessing Block Devices hard disks and disk-like things over a Network. This is the NBD client library in userspace, a simple library for writing NBD clients. The key features are: Synchronous and...

Huawei EulerOS: Security Advisory for c-ares (EulerOS-SA-2023-3115)

The remote host is missing an update for the Huawei EulerOS SPDX-FileCopyrightText: 2023 Greenbone AG Some text descriptions might be excerpted from a referenced sources, and are Copyright C by the respective right holders. SPDX-License-Identifier: GPL-2.0-only ifdescription...

kernel: ovl: fix use after free in struct ovl_aio_req

A use-after-free flaw was found in the Linux kernel’s Ext4 File System in how a user triggers several file operations simultaneously with the overlay FS usage. This flaw allows a local user to crash or potentially escalate their privileges on the system. Only if patch 9a2544037600 "ovl: fix use...

ALSA-2023:6523 Moderate: python-tornado security update

Tornado is a Python web framework and asynchronous networking library that provides an open source version of scalable, non-blocking web server and tools. Security Fixes: python-tornado: open redirect vulnerability in StaticFileHandler under certain configurations CVE-2023-28370 For more details...

Rocky Linux 8 : virt:rhel (RLSA-2020:0279)

The remote Rocky Linux 8 host has packages installed that are affected by a vulnerability as referenced in the RLSA-2020:0279 advisory. - TSX Asynchronous Abort condition on some CPUs utilizing speculative execution may allow an authenticated user to potentially enable information disclosure via ...

Rocky Linux 8 : thunderbird (RLSA-2021:5045)

The remote Rocky Linux 8 host has packages installed that are affected by multiple vulnerabilities as referenced in the RLSA-2021:5045 advisory. - Mozilla developers and community members Julian Hector, Randell Jesup, Gabriele Svelto, Tyson Smith, Christian Holler, and Masayuki Nakano reported...

Rocky Linux 8 : nodejs:16 (RLSA-2023:4034)

The remote Rocky Linux 8 host has packages installed that are affected by multiple vulnerabilities as referenced in the RLSA-2023:4034 advisory. - c-ares is an asynchronous resolver library. When cross-compiling c-ares and using the autotools build system, CARESRANDOMFILE will not be set, as seen...

Exploit for Unrestricted Upload of File with Dangerous Type in Royal-Elementor-Addons Royal_Elementor_Addons

CVE-2023-5360 An Open-source EXPLOIT for The Royal Elementor...

[SECURITY] Fedora 39 Update: fbthrift-2023.10.16.00-1.fc39

Thrift is a serialization and RPC framework for service communication. Thrift enables these features in all major languages, and there is strong support for C++, Python, Hack, and Java. Most services at Facebook are written using Thri ft for RPC, and some storage systems use Thrift for serializin...

Advisory ROSA-SA-2023-2284

software: c-ares 1.18.1 OS: ROSA-CHROME packageevrstring: c-ares-1.18.1-2.src.rpm CVE-ID: CVE-2022-4904 BDU-ID: 2023-01258 CVE-Crit: HIGH CVE-DESC.: A vulnerability in the aressetsortlist function of the c-ares asynchronous DNS query library is related to a lack of input string validation, allowi...

Huawei EulerOS: Security Advisory for c-ares (EulerOS-SA-2023-3049)

The remote host is missing an update for the Huawei EulerOS SPDX-FileCopyrightText: 2023 Greenbone AG Some text descriptions might be excerpted from a referenced sources, and are Copyright C by the respective right holders. SPDX-License-Identifier: GPL-2.0-only ifdescription...

PT-2023-30746 · WordPress · Wp Meta/Date Remover

Name of the Vulnerable Software and Affected Versions: WP Meta and Date Remover WordPress plugin versions prior to 2.2.0 Description: The issue concerns an AJAX endpoint for configuring plugin settings that lacks capability checks and fails to sanitize user input. This input is later output...

VulnCheck KEV: CVE-2023-5559

The 10Web Booster WordPress plugin before 2.24.18 does not validate the option name given to some AJAX actions, allowing unauthenticated users to delete arbitrary options from the database, leading to denial of service...

WordPress plugin Post Meta Data Manager security vulnerability

WordPress and WordPress plugin are both products of the WordPress Foundation.WordPress is a blogging platform developed using the PHP language. The platform supports personal blog sites on PHP and MySQL servers.WordPress plugin is an application plugin. A security vulnerability exists in the...

CVE-2023-46137

Twisted is an event-based framework for internet applications. Prior to version 23.10.0rc1, when sending multiple HTTP requests in one TCP packet, twisted.web will process the requests asynchronously without guaranteeing the response order. If one of the endpoints is controlled by an attacker, th...

HTTP Request Smuggling

twisted is vulnerable to HTTP Request Smuggling. The vulnerability exists because it processes requests in an asynchronous manner without ensuring the sequence of the responses, allowing an attacker to smuggle HTTP requests...

twisted.web has disordered HTTP pipeline response

Twisted is an event-based framework for internet applications. Prior to version 23.10.0rc1, when sending multiple HTTP requests in one TCP packet, twisted.web will process the requests asynchronously without guaranteeing the response order. If one of the endpoints is controlled by an attacker, th...

Design/Logic Flaw

Twisted is an event-based framework for internet applications. Prior to version 23.10.0rc1, when sending multiple HTTP requests in one TCP packet, twisted.web will process the requests asynchronously without guaranteeing the response order. If one of the endpoints is controlled by an attacker, th...