UBUNTU-CVE-2023-28859

redis-py before 4.4.4 and 4.5.x before 4.5.4 leaves a connection open after canceling an async Redis command at an inopportune time, and can send response data to the client of an unrelated request. This could, for example, happen for a non-pipeline operation. NOTE: the solutions for CVE-2023-288...

CVE-2023-28445 Deno improperly handles resizable ArrayBuffer

Deno is a runtime for JavaScript and TypeScript that uses V8 and is built in Rust. Resizable ArrayBuffers passed to asynchronous functions that are shrunk during the asynchronous operation could result in an out-of-bound read/write. It is unlikely that this has been exploited in the wild, as the...

GHSA-C25X-CM9X-QQGX Deno improperly handles resizable ArrayBuffer

Impact Resizable ArrayBuffers passed to asynchronous native functions that are shrunk during the asynchronous operation could result in an out-of-bound read/write. It is unlikely that this has been exploited in the wild, as the only version affected is Deno 1.32.0. Deno Deploy users are not...

Deno improperly handles resizable ArrayBuffer

Impact Resizable ArrayBuffers passed to asynchronous native functions that are shrunk during the asynchronous operation could result in an out-of-bound read/write. It is unlikely that this has been exploited in the wild, as the only version affected is Deno 1.32.0. Deno Deploy users are not...

PT-2023-16580

Name of the Vulnerable Software and Affected Versions: WP Meta SEO WordPress plugin versions prior to 4.5.3 Description: The issue allows low-privilege users to make updates to certain data due to a lack of authorization for several ajax actions, leading to an arbitrary redirect. Recommendations:...

Mattermost 跨站脚本漏洞

Mattermost is an open source collaboration platform from the US-based Mattermost Inc. A security vulnerability exists in Mattermost OAuth, which stems from a reflected cross-site scripting vulnerability that can be exploited by an attacker to send AJAX requests on behalf of a victim by sharing a...

PT-2023-16292 · WordPress · Auto Featured Image

Name of the Vulnerable Software and Affected Versions: Auto Featured Image Auto Post Thumbnail WordPress plugin versions prior to 3.9.16 Description: The issue is caused by incorrect file extension validation, allowing any user with at least Author privileges to upload arbitrary files, such as PH...

[SECURITY] Fedora 36 Update: c-ares-1.19.0-1.fc36

c-ares is a C library that performs DNS requests and name resolves asynchronously. c-ares is a fork of the library named 'ares', written by Greg Hudson at MIT...

WordPress plugin NEX-Forms 安全漏洞

WordPress and WordPress plugin are both products of the WordPress Foundation.WordPress is a blogging platform developed using the PHP language. The platform supports setting up personal blog sites on servers with PHP and MySQL.WordPress plugin is an application plugin. A security vulnerability...

USN-5907-1: c-ares vulnerability

It was discovered that c-ares incorrectly handled certain sortlist strings. A remote attacker could use this issue to cause c-ares to crash, resulting in a denial of service, or possibly execute arbitrary code...

XWiki Platform 安全漏洞

XWiki Platform is a suite of wiki platforms for creating web collaboration applications from the French company XWiki. A security vulnerability exists in XWiki Platform, which stems from the fact that any user with commenting privileges can use an asynchronous macro that allows them to execute an...

Web applications and Project Loom

Introduction Project Loom aims to bring "easy-to-use, high-throughput, lightweight concurrency" to the JRE. One feature introduced by Project Loom is virtual threads. In this blog post, we'll be exploring what virtual threads mean for web applications using some simple web applications deployed o...

Fedora: Security Advisory for c-ares (FEDORA-2023-b121bd62a9)

The remote host is missing an update for the Copyright C 2023 Greenbone Networks GmbH Some text descriptions might be excerpted from a referenced sources, and are Copyright C by the respective right holders. SPDX-License-Identifier: GPL-2.0-or-later This program is free software; you can...

[SECURITY] Fedora 37 Update: c-ares-1.19.0-1.fc37

c-ares is a C library that performs DNS requests and name resolves asynchronously. c-ares is a fork of the library named 'ares', written by Greg Hudson at MIT...

K24465120: iControl REST vulnerability CVE-2017-6167

Security Advisory Description Race conditions in iControl REST may lead to commands executed with different privilege levels than expected. CVE-2017-6167 Impact Sending asynchronous tasks using the iControl REST API may be processed as the wrong user and result in an error. Security Advisory Stat...

K02912734: Intel CPU vulnerability CVE-2019-11135

Security Advisory Description TSX Asynchronous Abort condition on some CPUs utilizing speculative execution may allow an authenticated user to potentially enable information disclosure via a side channel with local access. CVE-2019-11135 Impact There is no impact; F5 products are not affected by...

WordPress Plugin Intuitive Custom Post Order 安全漏洞

WordPress and WordPress plugin are both products of the WordPress Foundation.WordPress is a blogging platform developed using the PHP language. The platform supports personal blog sites on PHP and MySQL servers.WordPress plugin is an application plugin. A security vulnerability exists in WordPres...

SUSE CVE-2007-0046

Double free vulnerability in the Adobe Acrobat Reader Plugin before 8.0.0, as used in Mozilla Firefox 1.5.0.7, allows remote attackers to execute arbitrary code by causing an error via a javascript: URI call to document.write in the 1 FDF, 2 XML, or 3 XFDF AJAX request parameters...

SUSE CVE-2009-4141

Use-after-free vulnerability in the fasynchelper function in fs/fcntl.c in the Linux kernel before 2.6.33-rc4-git1 allows local users to gain privileges via vectors that include enabling OASYNC aka FASYNC or FIOASYNC on a locked file, and then closing this file...

SUSE CVE-2011-0447

Ruby on Rails 2.1.x, 2.2.x, and 2.3.x before 2.3.11, and 3.x before 3.0.4, does not properly validate HTTP requests that contain an X-Requested-With header, which makes it easier for remote attackers to conduct cross-site request forgery CSRF attacks via forged 1 AJAX or 2 API requests that...