Edge Redirector Cloudlet Gets Faster

Written by Maksym Novoseltsev - Senior Software Engineer, and Jeffrey Costa - Senior Product Manager, Web Performance Cloudlets Policy Manager often takes a long time to load, which is a by-product of its original design where every policy activation is an individual file. These files must be...

Fedora: Security Advisory for zeromq (FEDORA-2021-8b3202b783)

The remote host is missing an update for the SPDX-FileCopyrightText: 2021 Greenbone AG Some text descriptions might be excerpted from a referenced sources, and are Copyright C by the respective right holders. SPDX-License-Identifier: GPL-2.0-only ifdescription...

CVE-2021-21293

CVE-2021-21293 concerns blaze-core prior to 0.14.15, where unbounded acceptance of new connections on a dedicated thread pool can exhaust file handles and degrade services. Affected component is blaze-core (used by http4s-blaze-server) with unbounded queues after accept. The fix in 0.14.15 adds a...

CentOS 8 : systemd (CESA-2020:0575)

The remote CentOS Linux 8 host has packages installed that are affected by a vulnerability as referenced in the CESA-2020:0575 advisory. - systemd: use-after-free when asynchronous polkit queries are performed CVE-2020-1712 Note that Nessus has not tested for this issue but has instead relied onl...

Qualcomm Dsp Service Resource Management Error Vulnerability

Qualcomm Dsp Service is a digital signal processor from Qualcomm Incorporated that meets the needs of mobile platforms for multimedia and modem functionality, deep embedded processing. A security vulnerability exists in Qualcomm Dsp Service that arises from the fastrpc ctx being free during an...

CentOS 8 : virt:rhel (CESA-2020:0279)

The remote CentOS Linux 8 host has packages installed that are affected by a vulnerability as referenced in the CESA-2020:0279 advisory. - hw: TSX Transaction Asynchronous Abort TAA CVE-2019-11135 Note that Nessus has not tested for this issue but has instead relied only on the application's...

KLog Command Injection Vulnerability

KLog is ZhaoKaiQiang KLog individual developers of a logging tool for Android development . The tool's main functions are to print line numbers, function calls, Json parsing, XML parsing, click to jump, Log information saved and other functions. A command injection vulnerability exists in KLog...

Elasticsearch Information Disclosure Vulnerability (CNVD-2021-03548)

Elasticsearch is a search engine based on the Lucene library. An information disclosure vulnerability exists in the asynchronous search API in Elasticsearch 7.7.0 - 7.10.1. The vulnerability stems from the fact that users performing asynchronous searches will incorrectly store HTTP headers. An...

Elastic 资源管理错误漏洞

Elasticsearch is a search engine based on the Lucene library. An information disclosure vulnerability exists in the asynchronous search API in Elasticsearch 7.7.0 - 7.10.1. The vulnerability stems from the fact that users performing asynchronous searches will incorrectly store HTTP headers. An...

CVE-2021-23928

OX App Suite through 7.10.3 allows XSS via the ajax/apps/manifests query string...

Pidrila - Python Interactive Deepweb-oriented Rapid Intelligent Link Analyzer

PIDRILA : P ython I nteractive D eepweb-oriented R apid I ntelligent L ink A nalyzer is really fast async web path scanner prototype developed by BrightSearch team for all ethical netstalkers. Installation & Usage git clone https://github.com/enemy-submarine/pidrila.git cd pidrila python3...

WordPress Newsletter plugin cross-site scripting vulnerability

WordPress is a set of blogging platforms developed using the PHP language by the WordPress Wordpress Foundation. The platform supports setting up personal blog sites on servers with PHP and MySQL. A cross-site scripting vulnerability in WordPress Newsletter plugin versions prior to 6.8.2 allows...

CVE-2020-35933

A Reflected Authenticated Cross-Site Scripting XSS vulnerability in the Newsletter plugin before 6.8.2 for WordPress allows remote attackers to trick a victim into submitting a tnpcrender AJAX request containing either JavaScript in an options parameter, or a base64-encoded JSON string containing...

UBUNTU-CVE-2020-11947

iscsiaioioctlcb in block/iscsi.c in QEMU 4.1.0 has a heap-based buffer over-read that may disclose unrelated information from process memory to an attacker...

WordPress 授权问题漏洞

WordPress is a set of blogging platforms developed using the PHP language by the WordPress Wordpress Foundation. The platform supports setting up personal blog sites on servers with PHP and MySQL. A security vulnerability exists in WordPress PageLayer plugin versions prior to 1.1.2 that stems fro...

c-ares: Denial of service

Background c-ares is an asynchronous resolver library. Description It was discovered that c-ares incorrectly handled certain DNS requests. Impact A remote attacker, able to trigger a DNS request for a host of their choice by an application linked against c-ares, could possibly cause a Denial of...

Microsoft Azure Sphere Denial of Service Vulnerability (CNVD-2020-73757)

Microsoft Azure Sphere is an appliance from Microsoft USA that is used to provide security in cloud environments. A denial of service vulnerability exists in Microsoft Azure Sphere version 20.05, which stems from the asynchronous ioctl feature of Microsoft Azure Sphere 20.05. An attacker could...

CVE-2020-35609

A denial-of-service vulnerability exists in the asynchronous ioctl functionality of Microsoft Azure Sphere 20.05. A sequence of specially crafted ioctl calls can cause a denial of service. An attacker can write shellcode to trigger this vulnerability...

Denial of service

A denial-of-service vulnerability exists in the asynchronous ioctl functionality of Microsoft Azure Sphere 20.05. A sequence of specially crafted ioctl calls can cause a denial of service. An attacker can write shellcode to trigger this vulnerability...

Microsoft Azure Sphere 注入漏洞

Microsoft Azure Sphere is an appliance from Microsoft USA that is used to provide security in cloud environments. A denial of service vulnerability exists in Microsoft Azure Sphere version 20.05, which stems from the asynchronous ioctl feature of Microsoft Azure Sphere 20.05. An attacker could...