SUSE CVE-2012-0058

The kiocbbatchfree function in fs/aio.c in the Linux kernel before 3.2.2 allows local users to cause a denial of service OOPS via vectors that trigger incorrect iocb management...

SUSE CVE-2014-8172

The filesystem implementation in the Linux kernel before 3.13 performs certain operations on lists of files with an inappropriate locking approach, which allows local users to cause a denial of service soft lockup or system crash via unspecified use of Asynchronous I/O AIO operations...

SUSE CVE-2016-9815

Xen through 4.7.x allows local ARM guest OS users to cause a denial of service host panic by sending an asynchronous abort...

SUSE CVE-2016-9818

Xen through 4.7.x allows local ARM guest OS users to cause a denial of service host crash via vectors involving an asynchronous abort while at HYP...

SUSE CVE-2018-6097

Incorrect handling of asynchronous methods in Fullscreen in Google Chrome on macOS prior to 66.0.3359.117 allowed a remote attacker to enter full screen without showing a warning via a crafted HTML page...

SUSE CVE-2019-11135

TSX Asynchronous Abort condition on some CPUs utilizing speculative execution may allow an authenticated user to potentially enable information disclosure via a side channel with local access...

SUSE CVE-2019-19338

A flaw was found in the fix for CVE-2019-11135, in the Linux upstream kernel versions before 5.5 where, the way Intel CPUs handle speculative execution of instructions when a TSX Asynchronous Abort TAA error occurs. When a guest is running on a host CPU affected by the TAA flaw TAANO=0, but is no...

SUSE CVE-2021-43536

Under certain circumstances, asynchronous functions could have caused a navigation to fail but expose the target URL. This vulnerability affects Thunderbird 91.4.0, Firefox ESR 91.4.0, and Firefox 95...

SUSE CVE-2022-0485

A flaw was found in the copying tool nbdcopy of libnbd. When performing multi-threaded copies using asynchronous nbd calls, nbdcopy was blindly treating the completion of an asynchronous command as successful, rather than checking the error parameter. This could result in the silent creation of a...

Microsoft Windows ALPC 安全漏洞

Microsoft Windows ALPC is an inter-process communication tool for high-speed messaging from Microsoft Corporation USA. A security vulnerability exists in Microsoft Windows ALPC. The following products and editions are affected:Windows 10 Version 1809 for 32-bit Systems,Windows 10 Version 1809 for...

CVE-2023-0098

The Simple URLs WordPress plugin before 115 does not escape some parameters before using them in various SQL statements used by AJAX actions available by any authenticated users, leading to a SQL injection exploitable by low privilege users such as subscriber...

PT-2023-16012 · WordPress · Simple Urls

Name of the Vulnerable Software and Affected Versions: Simple URLs WordPress plugin versions prior to 115 Description: The issue concerns a SQL injection problem. It arises because the plugin does not properly escape certain parameters before using them in SQL statements for AJAX actions. These...

WordPress plugin WP FullCalendar 安全漏洞

WordPress and WordPress plugin are both products of the WordPress Foundation.WordPress is a blogging platform developed using the PHP language. The platform supports personal blog sites on PHP and MySQL servers.WordPress plugin is an application plugin. A security vulnerability exists in the...

CVE-2023-0726

The Wicked Folders plugin for WordPress is vulnerable to Cross-Site Request Forgery in versions up to, and including, 2.18.16. This is due to missing or incorrect nonce validation on the ajaxeditfolder function. This makes it possible for unauthenticated attackers to invoke this function via forg...

CVE-2023-0619

The Kraken.io Image Optimizer plugin for WordPress is vulnerable to authorization bypass due to a missing capability check on its AJAX actions in versions up to, and including, 2.6.8. This makes it possible for authenticated attackers, with subscriber-level permissions and above, to reset image...

WordPress Plugin Kraken.io Image Optimizer 安全漏洞

WordPress and WordPress plugin are both products of the WordPress Foundation.WordPress is a blogging platform developed using the PHP language. The platform supports setting up personal blog sites on servers with PHP and MySQL.WordPress plugin is an application plugin. A security vulnerability...

WordPress plugin Quick Restaurant Menu 安全漏洞

WordPress and WordPress plugin are both products of the WordPress Foundation.WordPress is a blogging platform developed using the PHP language. The platform supports personal blog sites on PHP and MySQL servers.WordPress plugin is an application plugin. A security vulnerability exists in the...

atm_tc_enqueue in net/sched/sch_atm.c in the Linux kernel through 6.1.4 allows attackers to cause a denial of service because of type confusion (non-negative numbers can sometimes indicate a TC_ACT_SHOT condition rather than valid classification results).

...

Spring Modulith 0.3 released

Hot on the heels of Spring Boot 3.0.2, I am excited to announce the 0.3 release of Spring Modulith. The release is packed with improvements. We have tweaked a couple of things that might require your attention and a couple of adapting changes to your code. The most notable changes are: GH-114 – W...

openSUSE 15 Security Update : libnbd (SUSE-SU-2022:2754-1)

The remote openSUSE 15 host has packages installed that are affected by a vulnerability as referenced in the SUSE- SU-2022:2754-1 advisory. - A flaw was found in the copying tool nbdcopy of libnbd. When performing multi-threaded copies using asynchronous nbd calls, nbdcopy was blindly treating th...