Important: Red Hat Security Advisory: Red Hat JBoss Enterprise Application Platform 7.4 security update

A security update is now available for Red Hat JBoss Enterprise Application Platform 7.4. Red Hat Product Security has rated this update as having a security impact of Important. A Common Vulnerability Scoring System CVSS base score, which gives a detailed severity rating, is available for each...

WordPress plugin Cost Calculator Builder 安全漏洞

WordPress and WordPress plugin are both products of the WordPress Foundation.WordPress is a blogging platform developed using the PHP language. The platform supports setting up personal blog sites on servers with PHP and MySQL.WordPress plugin is an application plugin. A security vulnerability...

WordPress plugin RepairBuddy 安全漏洞

WordPress and WordPress plugin are both products of the WordPress Foundation.WordPress is a set of blogging platforms developed using the PHP language. The platform supports setting up personal blog sites on servers with PHP and MySQL.WordPress plugin is an application plugin. A security...

python: Unbounded memory buffering in SelectorSocketTransport.writelines()

A flaw was found in Python. In certain configurations, the asyncio.SelectorSocketTransport.writelines method fails to signal the protocol to clear the write buffer when it approaches capacity. Because of this, protocols would not periodically drain the write buffer, potentially leading to a denia...

Method Exposure

orchid/platform is vulnerable to Method Exposure. The vulnerability is due to inadequate access control in the asynchronous modal functionality of the Orchid Platform, allows arbitrary methods within the Screen class to be called without proper validation, enabling attackers to exploit the expose...

CVE-2024-11730

The KiviCare – Clinic & Patient Management System EHR plugin for WordPress is vulnerable to SQL Injection via the 'sort' parameter of the staticdatalist AJAX action in all versions up to, and including, 3.6.4 due to insufficient escaping on the user supplied parameter and lack of sufficient...

CVE-2024-53140 netlink: terminate outstanding dump on socket close

In the Linux kernel, the following vulnerability has been resolved: netlink: terminate outstanding dump on socket close Netlink supports iterative dumping of data. It provides the families the following ops: - start - optional kicks off the dumping process - dump - actual dump helper, keeps getti...

CVE-2024-53140 netlink: terminate outstanding dump on socket close

In the Linux kernel, the following vulnerability has been resolved: netlink: terminate outstanding dump on socket close Netlink supports iterative dumping of data. It provides the families the following ops: - start - optional kicks off the dumping process - dump - actual dump helper, keeps getti...

PT-2024-16660 · WordPress · Authors List

Name of the Vulnerable Software and Affected Versions: The Authors List plugin for WordPress versions up to, and including, 2.0.4 Description: The issue allows unauthenticated attackers to execute arbitrary shortcodes due to the software permitting users to execute an action that does not properl...

The vulnerability of the aio kernel component in the Linux operating system allows attackers to increase their privileges within the system.

The vulnerability of the aio kernel component in the Linux operating system is related to memory management errors after deallocation. Exploiting this vulnerability can allow an attacker to gain elevated privileges within the system...

DEBIAN-CVE-2024-53990

The AsyncHttpClient AHC library allows Java applications to easily execute HTTP requests and asynchronously process HTTP responses. When making any HTTP request, the automatically enabled and self-managed CookieStore aka cookie jar will silently replace explicitly defined Cookies with any that ha...

Important: Red Hat Security Advisory: python-tornado security update

An update for python-tornado is now available for Red Hat Enterprise Linux 9. Red Hat Product Security has rated this update as having a security impact of Important. A Common Vulnerability Scoring System CVSS base score, which gives a detailed severity rating, is available for each vulnerability...

ALSA-2024:10590 Important: python-tornado security update

Tornado is a Python web framework and asynchronous networking library that provides an open source version of scalable, non-blocking web server and tools. Security Fixes: python-tornado: Tornado has HTTP cookie parsing DoS vulnerability CVE-2024-52804 For more details about the security issues,...

Race Condition

Overview minio is a MinIO Python SDK for Amazon S3 Compatible Cloud Storage Affected versions of this package are vulnerable to Race Condition due to improper handling of shared resources in worker threads via the helpers.py function. An attacker can exploit this by initiating multiple asynchrono...

[SECURITY] Fedora 40 Update: libsoup3-3.4.4-5.fc40

Libsoup is an HTTP library implementation in C. It was originally part of a SOAP Simple Object Access Protocol implementation called Soup, but the SOAP and non-SOAP parts have now been split into separate packages. libsoup uses the Glib main loop and is designed to work well with GTK applications...

PT-2024-17345 · WordPress · Image Alt Text

Name of the Vulnerable Software and Affected Versions: Image Alt Text plugin for WordPress versions up to and including 2.0.0 Description: The issue allows authenticated attackers with subscriber-level access and above to update the alt text on arbitrary images due to a missing capability check o...

[SECURITY] Fedora 39 Update: libsoup3-3.4.4-3.fc39

Libsoup is an HTTP library implementation in C. It was originally part of a SOAP Simple Object Access Protocol implementation called Soup, but the SOAP and non-SOAP parts have now been split into separate packages. libsoup uses the Glib main loop and is designed to work well with GTK applications...

PYSEC-2024-310

Sentry is an error tracking and performance monitoring platform. Version 24.11.0, and only version 24.11.0, is vulnerable to a scenario where a specific error message generated by the Sentry platform could include a plaintext Client ID and Client Secret for an application integration. The Client ...

CVE-2024-52804

Tornado is a Python web framework and asynchronous networking library. The algorithm used for parsing HTTP cookies in Tornado versions prior to 6.4.2 sometimes has quadratic complexity, leading to excessive CPU consumption when parsing maliciously-crafted cookie headers. This parsing occurs in th...

WordPress plugin Ultimate Member 安全漏洞

WordPress and WordPress plugin are both products of the WordPress Foundation.WordPress is a blogging platform developed using the PHP language. The platform supports personal blog sites on PHP and MySQL servers.WordPress plugin is an application plugin. A security vulnerability exists in WordPres...