CVE-2024-50035

...

EulerOS 2.0 SP10 : c-ares (EulerOS-SA-2024-2900)

According to the versions of the c-ares package installed, the EulerOS installation on the remote host is affected by the following vulnerabilities : c-ares is a C library for asynchronous DNS requests.aresreadline is used to parse local configuration files such as /etc/resolv.conf, /etc/...

CVE-2024-50342 Internal address and port enumeration allowed by NoPrivateNetworkHttpClient in symfony/http-client

symfony/http-client is a module for the Symphony PHP framework which provides powerful methods to fetch HTTP resources synchronously or asynchronously. When using the NoPrivateNetworkHttpClient, some internal information is still leaking during host resolution, which leads to possible IP/port...

OPENSUSE-SU-2024:0351-1 Security update for python-mysql-connector-python

This update for python-mysql-connector-python fixes the following issues: - Update to 9.1.0 boo1231740, CVE-2024-21272 - WL16452: Bundle all installable authentication plugins when building the C-extension - WL16444: Drop build support for DEB packages - WL16442: Upgrade gssapi version to 1.8.3 -...

kernel: tipc: force a dst refcount before doing decryption

A vulnerability was found in the Linux kernel's TIPC module, where a reference count on the destination entry was not enforced before decryption. This issue arises due to potential asynchronous returns from crypto requests, which could lead to crash...

kernel: KVM: Always flush async #PF workqueue when vCPU is being destroyed

In the Linux kernel, the following vulnerability has been resolved: KVM: Always flush async PF workqueue when vCPU is being destroyed Always flush the per-vCPU async PF workqueue when a vCPU is clearing its completion queue, e.g. when a VM and all its vCPUs is being destroyed. KVM must ensure tha...

kernel: tipc: force a dst refcount before doing decryption

A vulnerability was found in the Linux kernel's TIPC module, where a reference count on the destination entry was not enforced before decryption. This issue arises due to potential asynchronous returns from crypto requests, which could lead to crash...

kernel: KVM: Always flush async #PF workqueue when vCPU is being destroyed

In the Linux kernel, the following vulnerability has been resolved: KVM: Always flush async PF workqueue when vCPU is being destroyed Always flush the per-vCPU async PF workqueue when a vCPU is clearing its completion queue, e.g. when a VM and all its vCPUs is being destroyed. KVM must ensure tha...

CVE-2024-33032

Memory corruption when the user application modifies the same shared memory asynchronously when kernel is accessing it...

kernel: ovl: fix use after free in struct ovl_aio_req

A use-after-free flaw was found in the Linux kernel’s Ext4 File System in how a user triggers several file operations simultaneously with the overlay FS usage. This flaw allows a local user to crash or potentially escalate their privileges on the system. Only if patch 9a2544037600 "ovl: fix use...

The vulnerability of the ASGI framework for web development in Starlette, related to the allocation of unlimited memory, allows attackers to trigger a service failure.

The vulnerability of the ASGI framework for web development in Starlette is related to the allocation of unlimited memory. Exploiting this vulnerability allows a remote attacker to cause service interruptions...

PT-2024-38738 · WordPress · The Fileorganizer

Name of the Vulnerable Software and Affected Versions: The FileOrganizer – Manage WordPress and Website Files plugin for WordPress versions up to, and including, 1.0.9 Description: The issue is related to arbitrary file uploads due to missing file type validation in the fileorganizer ajax handler...

Huawei EulerOS: Security Advisory for c-ares (EulerOS-SA-2024-2731)

The remote host is missing an update for the Huawei EulerOS SPDX-FileCopyrightText: 2024 Greenbone AG Some text descriptions might be excerpted from a referenced sources, and are Copyright C by the respective right holders. SPDX-License-Identifier: GPL-2.0-only ifdescription...

Huawei EulerOS: Security Advisory for openssh (EulerOS-SA-2024-2614)

The remote host is missing an update for the Huawei EulerOS SPDX-FileCopyrightText: 2024 Greenbone AG Some text descriptions might be excerpted from a referenced sources, and are Copyright C by the respective right holders. SPDX-License-Identifier: GPL-2.0-only ifdescription...

Huawei EulerOS: Security Advisory for c-ares (EulerOS-SA-2024-2766)

The remote host is missing an update for the Huawei EulerOS SPDX-FileCopyrightText: 2024 Greenbone AG Some text descriptions might be excerpted from a referenced sources, and are Copyright C by the respective right holders. SPDX-License-Identifier: GPL-2.0-only ifdescription...

Huawei EulerOS: Security Advisory for c-ares (EulerOS-SA-2024-2714)

The remote host is missing an update for the Huawei EulerOS SPDX-FileCopyrightText: 2024 Greenbone AG Some text descriptions might be excerpted from a referenced sources, and are Copyright C by the respective right holders. SPDX-License-Identifier: GPL-2.0-only ifdescription...

CVE-2024-9584

The Image Map Pro plugin for WordPress is vulnerable to unauthorized modification of data and loss of data due to a missing capability check on the AJAX functions in versions up to, and including, 6.0.20. This makes it possible for authenticated attackers with contributor-level privileges or abov...

WordPress plugin Image Map Pro 安全漏洞

WordPress and WordPress plugin are both products of the WordPress Foundation.WordPress is a blogging platform developed using the PHP language. The platform supports setting up personal blog sites on servers with PHP and MySQL.WordPress plugin is an application plugin. A security vulnerability...

ROS-20241021-10

The vulnerability of the SI library for asynchronous DNS c-ares queries is related to failure to take measures to protect the structure of a web page. the structure of the web page. Exploitation of the vulnerability could allow an attacker acting remotely, gain access to sensitive data, compromis...

DEBIAN-CVE-2024-50047

In the Linux kernel, the following vulnerability has been resolved: smb: client: fix UAF in async decryption Doing an async decryption large read crashes with a slab-use-after-free way down in the crypto API. Reproducer: mount.cifs -o ...,seal,esize=1 //srv/share /mnt dd if=/mnt/largefile...