WordPress 插件跨站脚本漏洞

WordPress is a set of blogging platform developed by Wordpress Foundation using PHP language. The platform supports setting up personal blog sites on servers with PHP and MySQL.Awesome Weather Widget plugin is an application plugin for WordPress. A cross-site scripting vulnerability exists in...

USN-5007-1: libuv vulnerability

Eric Sesterhenn discovered that libuv incorrectly handled certain strings. An attacker could possibly use this issue to access sensitive information or cause a crash...

WordPress 插件路径遍历漏洞

WordPress is the Wordpress Foundation's set of blogging platform developed using the PHP language . The platform supports PHP and MySQL servers to set up a personal blog site.WordPress Plugin is a WordPress open source application plugin . An authorization issue vulnerability exists in WordPress...

Lazyrecon - Tool To Automate Your Reconnaissance Process In An Organized Fashion

Lazyrecon is a subdomain discovery tool that finds and resolves valid subdomains then performs SSRF/LFI/SQLi fuzzing, brute-force and port scanning. It has a simple modular architecture and is optimized for speed while working with github and wayback machine. Features Super fast asynchronous...

ALPINE-CVE-2021-28692

inappropriate x86 IOMMU timeout detection / handling IOMMUs process commands issued to them in parallel with the operation of the CPUs issuing such commands. In the current implementation in Xen, asynchronous notification of the completion of such commands is not used. Instead, the issuing CPU...

CVE-2021-28692

inappropriate x86 IOMMU timeout detection / handling IOMMUs process commands issued to them in parallel with the operation of the CPUs issuing such commands. In the current implementation in Xen, asynchronous notification of the completion of such commands is not used. Instead, the issuing CPU...

CVE-2021-28690

x86: TSX Async Abort protections not restored after S3 This issue relates to the TSX Async Abort speculative security vulnerability. Please see https://xenbits.xen.org/xsa/advisory-305.html for details. Mitigating TAA by disabling TSX the default and preferred option requires selecting a...

OPENSUSE-SU-2021:0909-1 Security update for wireshark, libvirt, sbc, libqt5-qtmultimedia

This update for wireshark, libvirt, sbc and libqt5-qtmultimedia fixes the following issues: Update wireshark to version 3.4.5 - New and updated support and bug fixes for multiple protocols - Asynchronous DNS resolution is always enabled - Protobuf fields can be dissected as Wireshark header field...

SUSE: Security Advisory (SUSE-SU-2021:2125-1)

The remote host is missing an update for the SPDX-FileCopyrightText: 2021 Greenbone AG Some text descriptions might be excerpted from a referenced sources, and are Copyright C by the respective right holders. SPDX-License-Identifier: GPL-2.0-only ifdescription...

GHSA-52QP-GWWH-QRG4 Missing Handler in @scandipwa/magento-scripts

Impact After changing the function from synchronous to asynchronous there wasn't implemented handler in the start, stop, exec and logs commands, effectively making them unusable. Patches Version 1.5.3 contains patches for the problems described above. Workarounds Upgrade to patched or latest...

Missing Handler in @scandipwa/magento-scripts

Impact After changing the function from synchronous to asynchronous there wasn't implemented handler in the start, stop, exec and logs commands, effectively making them unusable. Patches Version 1.5.3 contains patches for the problems described above. Workarounds Upgrade to patched or latest...

CVE-2021-32684

magento-scripts contains scripts and configuration used by Create Magento App, a zero-configuration tool-chain which allows one to deploy Magento 2. In versions 1.5.1 and 1.5.2, after changing the function from synchronous to asynchronous there wasn't implemented handler in the start, stop, exec,...

CVE-2021-32684 Missing Handler in @scandipwa/magento-scripts

magento-scripts contains scripts and configuration used by Create Magento App, a zero-configuration tool-chain which allows one to deploy Magento 2. In versions 1.5.1 and 1.5.2, after changing the function from synchronous to asynchronous there wasn't implemented handler in the start, stop, exec,...

CVE-2021-32684

CVE-2021-32684 concerns magento-scripts used by Create Magento App. Versions 1.5.1 and 1.5.2 changed a function from synchronous to asynchronous without implementing handlers for start, stop, exec, and logs, rendering those commands unusable. Version 1.5.3 provides patches addressing the problems...

CVE-2021-24355

In the Simple 301 Redirects by BetterLinks WordPress plugin before 2.0.4, the lack of capability checks and insufficient nonce check on the AJAX actions, simple301redirects/admin/getwildcard and simple301redirects/admin/wildcard, made it possible for authenticated users to retrieve and update the...

CVE-2021-24354

A lack of capability checks and insufficient nonce check on the AJAX action in the Simple 301 Redirects by BetterLinks WordPress plugin before 2.0.4, made it possible for authenticated users to install arbitrary plugins on vulnerable sites...

The vulnerability of the modular library for simplifying the development of JavaScript or AJAX-based applications and websites allows attackers to compromise the confidentiality, integrity, and accessibility of protected information due to improper coding or the concealment of output data.

The vulnerability of the modular library used for simplifying the development of JavaScript- or AJAX-based applications and websites in the Dojo Toolkit is related to incorrect coding or the concealment of output data. Exploiting this vulnerability can allow an attacker to compromise the...

SUSE SLES11 Security Update : microcode_ctl (SUSE-SU-2019:14217-1)

The remote SUSE Linux SLES11 host has a package installed that is affected by multiple vulnerabilities as referenced in the SUSE-SU-2019:14217-1 advisory. - TSX Asynchronous Abort condition on some CPUs utilizing speculative execution may allow an authenticated user to potentially enable...

SUSE SLES11 Security Update : xen (SUSE-SU-2020:14444-1)

The remote SUSE Linux SLES11 host has packages installed that are affected by multiple vulnerabilities as referenced in the SUSE-SU-2020:14444-1 advisory. - Improper invalidation for page table updates by a virtual guest operating system for multiple IntelR Processors may allow an authenticated...

WordPress 跨站脚本漏洞

WordPress is a set of blogging platforms developed using the PHP language by the WordPress Wordpress Foundation. The platform supports setting up personal blog sites on servers with PHP and MySQL. A cross-site scripting vulnerability exists in WordPress Goto WordPress theme prior to version 2.1,...