Huawei EulerOS: Security Advisory for kvm (EulerOS-SA-2020-1792)

The remote host is missing an update for the Huawei EulerOS SPDX-FileCopyrightText: 2020 Greenbone AG Some text descriptions might be excerpted from a referenced sources, and are Copyright C by the respective right holders. SPDX-License-Identifier: GPL-2.0-only ifdescription...

[SECURITY] Fedora 32 Update: adns-1.6.0-1.fc32

adns is a resolver library for C and C++ programs. In contrast with the existing interfaces, gethostbyname et al and libresolv, it has the following features: - It is reasonably easy to use for simple programs which just want to translate names to addresses, look up MX records, etc. - It can be...

[SECURITY] Fedora 31 Update: adns-1.6.0-1.fc31

adns is a resolver library for C and C++ programs. In contrast with the existing interfaces, gethostbyname et al and libresolv, it has the following features: - It is reasonably easy to use for simple programs which just want to translate names to addresses, look up MX records, etc. - It can be...

EulerOS Virtualization 3.0.6.0 : kvm (EulerOS-SA-2020-1792)

According to the versions of the kvm package installed, the EulerOS Virtualization installation on the remote host is affected by the following vulnerabilities : - An out-of-bounds access issue was found in the Linux kernel, all versions through 5.3, in the way Linux kernel's KVM hypervisor...

PT-2020-14427 · Centos · Centos Web Panel

Name of the Vulnerable Software and Affected Versions: CentOS Web Panel version cwp-e17.0.9.8.923 Description: This issue allows remote attackers to execute arbitrary code on affected installations. Authentication is not required to exploit this issue. The specific flaw exists within the ajax...

Forerunner - Fast And Extensible Network Scanning Library Featuring Multithreading, Ping Probing, And Scan Fetchers

The Forerunner library is a fast, lightweight, and extensible networking library created to aid in the development of robust network centric applications such as: IP Scanners, Port Knockers, Clients, Servers, etc. In it's current state, the Forerunner library is able to both synchronously and...

CVE-2020-12675

The mappress-google-maps-for-wordpress plugin before 2.54.6 for WordPress does not correctly implement capability checks for AJAX functions related to creation/retrieval/deletion of PHP template files, leading to Remote Code Execution. NOTE: this issue exists because of an incomplete fix for...

WordPress Accordion Cross-Site Scripting Vulnerability

WordPress is a blogging platform developed by the WordPress Foundation using the PHP language. The platform supports personal blog sites on PHP and MySQL servers.Accordion is one of the plugins used to create responsive content. A cross-site scripting vulnerability exists in the AJAX...

CVE-2020-12077

The mappress-google-maps-for-wordpress plugin before 2.53.9 for WordPress does not correctly implement AJAX functions with nonces or capability checks, leading to remote code execution...

CVE-2020-12076

The data-tables-generator-by-supsystic plugin before 1.9.92 for WordPress lacks CSRF nonce checks for AJAX actions. One consequence of this is stored XSS...

WordPress Permission Check Bypass Vulnerability

WordPress is a blogging platform developed by the WordPress Foundation using the PHP language. The platform supports personal blog sites on PHP and MySQL servers. data-tables-generator-by-supsystic is a data table generator plugin used in it. A security vulnerability exists in the WordPress...

Security Bulletin: IBM QRadar SIEM is vulnerable to side channel attack with Intel CPUs (CVE-2019-11135)

Summary IBM QRadar SIEM when using Intel CPUs could allow a local authenticated attacker to obtain sensitive information Vulnerability Details CVEID: CVE-2019-11135 DESCRIPTION: Multiple Intel CPUs could allow a local authenticated attacker to obtain sensitive information, caused by a TSX...

Kernel: KVM: export MSR_IA32_TSX_CTRL to guest - incomplete fix for TAA (CVE-2019-11135)

A flaw was found in the fix for CVE-2019-11135, the way Intel CPUs handle speculative execution of instructions when a TSX Asynchronous Abort TAA error occurs. When a guest is running on a host CPU affected by the TAA flaw TAANO=0, but is not affected by the MDS issue MDSNO=1, the guest was to...

Important: Red Hat Security Advisory: Red Hat AMQ Broker 7.4.3 release and security update

Red Hat AMQ Broker 7.4.3 is now available from the Red Hat Customer Portal. Red Hat Product Security has rated this update as having a security impact of Important. A Common Vulnerability Scoring System CVSS base score, which gives a detailed severity rating, is available for each vulnerability...

Information Disclosure

kernel is vulnerable to information disclosure. A missing upper bound integer check was found in the sysiosubmit function in the Linux kernel asynchronous I/O implementation. A local, unprivileged user could use this flaw to cause an information leak...

Denial Of Service (DoS)

The kernel-rt package is vulnerable to denial of service DoS. A deficiency in the fasynchelper implementation allows a local, unprivileged user to leverage a use-after-free of locked, asynchronous file descriptors to cause a denial of service or privilege escalation...

Use-after-Free

The kernel package is vulnerable to Use-after-Free. A deficiency in the fasynchelper implementation allows a local, unprivileged user to leverage a use-after-free of locked, asynchronous file descriptors to cause a denial of service or privilege escalation...

CVE-2020-11512

Stored XSS in the IMPress for IDX Broker WordPress plugin before 2.6.2 allows authenticated attackers with minimal subscriber-level permissions to save arbitrary JavaScript in the plugin's settings panel via the idxupdaterecaptchakey AJAX action and a crafted idxrecaptchasitekey parameter, which...

pornl.com Cross Site Scripting vulnerability

Open Bug Bounty ID: OBB-1133996 Security Researcher Hchabik Helped patch 2358 vulnerabilities Received 5 Coordinated Disclosure badges Received 2 recommendations , a holder of 5 badges for responsible and coordinated disclosure, found a security vulnerability affecting pornl.com website and its...

Huawei EulerOS: Security Advisory for kernel (EulerOS-SA-2020-1342)

The remote host is missing an update for the Huawei EulerOS SPDX-FileCopyrightText: 2020 Greenbone AG Some text descriptions might be excerpted from a referenced sources, and are Copyright C by the respective right holders. SPDX-License-Identifier: GPL-2.0-only ifdescription...