CVE-2020-36714

The Brizy plugin for WordPress is vulnerable to authorization bypass due to a incorrect capability check on the isadministrator function in versions up to, and including, 1.0.125. This makes it possible for authenticated attackers to access and interact with available AJAX functions...

WordPress Plugin Social Media Share Buttons & Social Sharing Icons Cross-Site Request Forgery Vulnerability

WordPress and WordPress plugin are both products of the WordPress Foundation.WordPress is a blogging platform developed using the PHP language. WordPress is a blogging platform developed in the PHP language that supports personal blogs on PHP and MySQL servers.WordPress plugin is an application...

WordPress Plugin Fancy Product Designer Security Vulnerability

WordPress and WordPress plugin are both products of the WordPress Foundation.WordPress is a blogging platform developed using the PHP language. WordPress is a blogging platform developed in the PHP language that supports personal blogs on PHP and MySQL servers.WordPress plugin is an application...

WordPress Plugin WooCommerce EAN Payment Gateway Security Vulnerability

WordPress and WordPress plugin are both products of the WordPress Foundation.WordPress is a blogging platform developed using the PHP language. The platform supports personal blog sites on PHP and MySQL servers.WordPress plugin is an application plugin. A security vulnerability exists in WordPres...

WordPress Plugin AI ChatBot Security Vulnerability

WordPress and WordPress plugin are both products of the WordPress Foundation.WordPress is a blogging platform developed using the PHP language. The platform supports personal blog sites on PHP and MySQL servers.WordPress plugin is an application plugin. A security vulnerability exists in WordPres...

PT-2023-11856 · WordPress · Brizy

Name of the Vulnerable Software and Affected Versions: Brizy plugin for WordPress versions up to, and including, 1.0.125 Description: The issue is related to an incorrect capability check on the is administrator function, which allows authenticated attackers to bypass authorization and access...

Fedora: Security Advisory for python-asgiref (FEDORA-2023-cc023fabb7)

The remote host is missing an update for the SPDX-FileCopyrightText: 2023 Greenbone AG Some text descriptions might be excerpted from a referenced sources, and are Copyright C by the respective right holders. SPDX-License-Identifier: GPL-2.0-only ifdescription...

Microsoft Message Queuing Denial of Service Vulnerability

Microsoft Message Queuing is the solution for implementing asynchronous and synchronous scenarios that require high performance. A denial of service vulnerability exists in Microsoft Message Queuing, which can be exploited by an attacker to cause a denial of service condition...

What to know about the HTTP/2 Rapid Reset DDoS attacks

Cisco Talos is actively tracking the novel distributed denial-of-service DDoS attacks cloud services provider Cloudflare disclosed earlier this week. The techniques described in Cloudflares blog post resulted in a record-breaking DDoS attack and could facilitate much larger attacks in the future...

Huawei EulerOS: Security Advisory for c-ares (EulerOS-SA-2023-2913)

The remote host is missing an update for the Huawei EulerOS SPDX-FileCopyrightText: 2023 Greenbone AG Some text descriptions might be excerpted from a referenced sources, and are Copyright C by the respective right holders. SPDX-License-Identifier: GPL-2.0-only ifdescription...

Huawei EulerOS: Security Advisory for c-ares (EulerOS-SA-2023-2932)

The remote host is missing an update for the Huawei EulerOS SPDX-FileCopyrightText: 2023 Greenbone AG Some text descriptions might be excerpted from a referenced sources, and are Copyright C by the respective right holders. SPDX-License-Identifier: GPL-2.0-only ifdescription...

GLSA-202310-09 : c-ares: Multiple Vulnerabilities

The remote host is affected by the vulnerability described in GLSA-202310-09 c-ares: Multiple Vulnerabilities - c-ares is an asynchronous resolver library. When cross-compiling c-ares and using the autotools build system, CARESRANDOMFILE will not be set, as seen when cross compiling aarch64...

c-ares: Multiple Vulnerabilities

Background c-ares is a C library for asynchronous DNS requests including name resolves. Description Multiple vulnerabilities have been discovered in c-ares. Please review the CVE identifiers referenced below for details. Impact Please review the referenced CVE identifiers for details. Workaround...

Huawei EulerOS: Security Advisory for c-ares (EulerOS-SA-2023-2833)

The remote host is missing an update for the Huawei EulerOS SPDX-FileCopyrightText: 2023 Greenbone AG Some text descriptions might be excerpted from a referenced sources, and are Copyright C by the respective right holders. SPDX-License-Identifier: GPL-2.0-only ifdescription...

USN-6376-1: c-ares vulnerability

It was discovered that c-ares incorrectly parsed certain SOA replies. A remote attacker could possibly use this issue to cause c-res to crash, resulting in a denial of service...

Debian: Security Advisory (DLA-3567-1)

The remote host is missing an update for the Debian SPDX-FileCopyrightText: 2023 Greenbone AG Some text descriptions might be excerpted from a referenced sources, and are Copyright C by the respective right holders. SPDX-License-Identifier: GPL-2.0-only ifdescription...

requestDeposit and requestRedeem do not allow for any price guarantee, opening users to sandwich attacks and other losses

Lines of code Vulnerability details Impact Request functions take only the desired input amount as a parameter, giving no way for the caller to control the fulfilment price. The price is decided by the Centrifuge mainnet only. function requestDeposituint256 assets, address owner; function...

USN-6164-2: c-ares vulnerabilities

USN-6164-1 fixed several vulnerabilities in c-ares. This update provides the corresponding update for Ubuntu 16.04 LTS and Ubuntu 18.04 LTS. Original advisory details: Hannes Moesl discovered that c-ares incorrectly handled certain ipv6 addresses. An attacker could use this issue to cause c-ares ...

Exploit for Unrestricted Upload of File with Dangerous Type in Mappresspro Mappress

CVE-2020-12077 MapPress Maps Pro 2.53.9 - Remote Code Exe...

Ubuntu 16.04 ESM / 18.04 ESM : c-ares vulnerabilities (USN-6164-2)

The remote Ubuntu 16.04 ESM / 18.04 ESM host has packages installed that are affected by multiple vulnerabilities as referenced in the USN-6164-2 advisory. USN-6164-1 fixed several vulnerabilities in c-ares. This update provides the corresponding update for Ubuntu 16.04 LTS and Ubuntu 18.04 LTS...