RLSA-2023:3559 Important: c-ares security update

The c-ares C library defines asynchronous DNS Domain Name System requests and provides name resolving API. Security Fixes: c-ares: 0-byte UDP payload Denial of Service CVE-2023-32067 For more details about the security issues, including the impact, a CVSS score, acknowledgments, and other related...

Important: Red Hat Security Advisory: c-ares security update

An update for c-ares is now available for Red Hat Enterprise Linux 9. Red Hat Product Security has rated this update as having a security impact of Important. A Common Vulnerability Scoring System CVSS base score, which gives a detailed severity rating, is available for each vulnerability from th...

ALSA-2023:3559 Important: c-ares security update

The c-ares C library defines asynchronous DNS Domain Name System requests and provides name resolving API. Security Fixes: c-ares: 0-byte UDP payload Denial of Service CVE-2023-32067 For more details about the security issues, including the impact, a CVSS score, acknowledgments, and other related...

PT-2023-20002 · WordPress · Easy Google Maps

Name of the Vulnerable Software and Affected Versions: Easy Google Maps plugin for WordPress versions up to and including 1.11.7 Description: The issue is related to Cross-Site Request Forgery due to missing or incorrect nonce validation on the AJAX action handler. This allows unauthenticated...

WordPress Plugin WP Activity Log Premium 安全漏洞

WordPress and WordPress plugin are both products of the WordPress Foundation.WordPress is a blogging platform developed using the PHP language. The platform supports personal blog sites on servers with PHP and MySQL.WordPress plugin is an application plugin. A security vulnerability exists in...

CVE-2022-4949

The AdSanity plugin for WordPress is vulnerable to arbitrary file uploads due to missing file type validation in the 'ajaxupload' function in versions up to, and including, 1.8.1. This makes it possible for authenticated attackers with Contributor+ level privileges to upload arbitrary files on th...

CVE-2020-36702

The Ultimate Addons for Gutenberg plugin for WordPress is vulnerable to Authenticated Settings Change in versions up to, and including, 1.14.7. This is due to missing capability checks on several AJAX actions. This makes it possible for authenticated attackers with subscriber+ roles to update the...

WordPress Plugin uListing 安全漏洞

WordPress and WordPress plugin are both products of the WordPress Foundation.WordPress is a blogging platform developed using the PHP language. WordPress is a blogging platform developed in the PHP language that supports personal blogs on PHP and MySQL servers.WordPress plugin is an application...

WordPress Plugin Unauthenticated Account Creation 安全漏洞

WordPress and WordPress plugin are both products of the WordPress Foundation.WordPress is a blogging platform developed using the PHP language. WordPress is a blogging platform developed in the PHP language that supports personal blogs on PHP and MySQL servers.WordPress plugin is an application...

WordPress Plugin Ultimate Addons for Gutenberg 安全漏洞

WordPress and WordPress plugin are both products of the WordPress Foundation.WordPress is a blogging platform developed using the PHP language. WordPress is a blogging platform developed in the PHP language that supports personal blogs on PHP and MySQL servers.WordPress plugin is an application...

PT-2023-11844 · WordPress · Ultimate Addons For Gutenberg

Name of the Vulnerable Software and Affected Versions: The Ultimate Addons for Gutenberg plugin for WordPress versions up to, and including, 1.14.7 Description: The issue is due to missing capability checks on several AJAX actions, making it possible for authenticated attackers with subscriber+...

WordPress Theme Fruitful 跨站脚本漏洞

WordPress is a blogging platform developed in PHP by the WordPress Foundation. The platform supports personal blog sites on servers running PHP and MySQL.WordPress theme is a theme for WordPress. A cross-site scripting vulnerability exists in WordPress Theme Fruitful version 3.8.1 and prior...

Debian: Security Advisory (DSA-5419-1)

The remote host is missing an update for the Debian SPDX-FileCopyrightText: 2023 Greenbone AG Some text descriptions might be excerpted from a referenced sources, and are Copyright C by the respective right holders. SPDX-License-Identifier: GPL-2.0-only ifdescription...

WordPress Plugin Frontend File Manager 跨站脚本漏洞

WordPress and WordPress plugin are both products of the WordPress Foundation.WordPress is a blogging platform developed using the PHP language. WordPress is a blogging platform developed using the PHP language, which supports personal blogs on PHP and MySQL servers.WordPress plugin is an...

WordPress Plugin uListing 安全漏洞

WordPress and WordPress plugin are both products of the WordPress Foundation.WordPress is a blogging platform developed using the PHP language. The platform supports personal blog sites on PHP and MySQL servers.WordPress plugin is an application plugin. A security vulnerability exists in WordPres...

WordPress Plugin JobSearch WP Job Board 安全漏洞

WordPress and WordPress plugin are both products of the WordPress Foundation.WordPress is a blogging platform developed using the PHP language. The platform supports personal blog sites on PHP and MySQL servers.WordPress plugin is an application plugin. A security vulnerability exists in the...

PT-2023-11871 · WordPress · 2J-Slideshow Plugin

Name of the Vulnerable Software and Affected Versions: 2J-SlideShow Plugin for WordPress versions up to, and including, 1.3.31 Description: The issue is related to authorization bypass due to a missing capability check on the twoj slideshow setup function. This function is called via the "wp ajax...

PT-2023-22343 · Prestashop · Prestashop Jmspagebuilder

Name of the Vulnerable Software and Affected Versions: PrestaShop jmspagebuilder version 3.x Description: The issue is related to SQL Injection via the ajax jmspagebuilder.php file. Recommendations: For PrestaShop jmspagebuilder version 3.x, consider restricting access to the ajax...

[SECURITY] Fedora 37 Update: c-ares-1.19.1-1.fc37

c-ares is a C library that performs DNS requests and name resolves asynchronously. c-ares is a fork of the library named 'ares', written by Greg Hudson at MIT...

Fedora: Security Advisory for c-ares (FEDORA-2023-520848815b)

The remote host is missing an update for the SPDX-FileCopyrightText: 2023 Greenbone AG Some text descriptions might be excerpted from a referenced sources, and are Copyright C by the respective right holders. SPDX-License-Identifier: GPL-2.0-only ifdescription...