CVE-2022-0485

CVE-2022-0485 affects the libnbd nbdcopy tool. The root cause is that during multi-threaded copies, asynchronous nbd command completions were treated as success without validating the error parameter, which could silently corrupt the destination image. No explicit patch/version information or exp...

CVE-2022-0485

A flaw was found in the copying tool nbdcopy of libnbd. When performing multi-threaded copies using asynchronous nbd calls, nbdcopy was blindly treating the completion of an asynchronous command as successful, rather than checking the error parameter. This could result in the silent creation of a...

CVE-2022-0485

A flaw was found in the copying tool nbdcopy of libnbd. When performing multi-threaded copies using asynchronous nbd calls, nbdcopy was blindly treating the completion of an asynchronous command as successful, rather than checking the error parameter. This could result in the silent creation of a...

The vulnerability of the aio subsystem in FreeBSD systems allows attackers to execute arbitrary code.

The vulnerability of the aio subsystem in FreeBSD relates to the use of memory after it is freed. Exploiting this vulnerability allows a remote attacker to execute arbitrary code...

CVE-2022-38667

HTTP applications servers based on Crow through 1.0+4 may allow a Use-After-Free and code execution when HTTP pipelining is used. The HTTP parser supports HTTP pipelining, but the asynchronous Connection layer is unaware of HTTP pipelining. Specifically, the Connection layer is unaware that it ha...

CVE-2022-1932

The Rezgo Online Booking WordPress plugin before 4.1.8 does not sanitise and escape some parameters before outputting them back in a page, leading to a Reflected Cross-Site Scripting, which can be exploited either via a LFI in an AJAX action, or direct call to the affected file...

WordPress plugin Student Result or Employee Database 跨站请求伪造漏洞

WordPress and WordPress plugin are both products of the WordPress Foundation.WordPress is a blogging platform developed using the PHP language. WordPress is a blogging platform developed in the PHP language that supports personal blogs on PHP and MySQL servers.WordPress plugin is an application...

WordPress plugin WP Edit Menu 安全漏洞

WordPress and WordPress plugin are both products of the WordPress Foundation.WordPress is a blogging platform developed using the PHP language. The platform supports personal blog sites on PHP and MySQL servers.WordPress plugin is an application plugin. A security vulnerability exists in the...

PT-2022-17238 · WordPress · Transposh Wordpress Translation Plugin

Name of the Vulnerable Software and Affected Versions: Transposh WordPress Translation plugin versions up to, and including, 1.0.8.1 Description: The issue allows unauthorized setting changes by unauthenticated users due to insufficient validation of settings on the 'tp translation' AJAX action...

CVE-2022-2369

The YaySMTP WordPress plugin before 2.2.1 does not have capability check in an AJAX action, allowing any logged in users, such as subscriber to view the Logs of the plugin...

CVE-2022-2369

The YaySMTP WordPress plugin before 2.2.1 does not have capability check in an AJAX action, allowing any logged in users, such as subscriber to view the Logs of the plugin...

PT-2022-14183 · WordPress · Copyrightpro

Name of the Vulnerable Software and Affected Versions: Copyright Proof WordPress plugin versions 4.16 and earlier Description: The issue concerns a Reflected Cross-Site Scripting problem. It occurs because a parameter is not properly sanitised and escaped before being output via an AJAX action...

automattic/mongoose vulnerable to Prototype pollution via Schema.path

Mongoose is a MongoDB object modeling tool designed to work in an asynchronous environment. Affected versions of this package are vulnerable to Prototype Pollution. The Schema.path function is vulnerable to prototype pollution when setting the schema object. This vulnerability allows modification...

PT-2022-13289 · WordPress · The Professional Social Sharing Buttons

Name of the Vulnerable Software and Affected Versions: The Professional Social Sharing Buttons, Icons & Related Posts WordPress plugin versions prior to 9.7.6 Description: The issue is related to a lack of proper authorization check in one of the AJAX actions, allowing unauthorized access to...

CVE-2022-1937

The Awin Data Feed WordPress plugin before 1.8 does not sanitise and escape a parameter before outputting it back via an AJAX action available to both unauthenticated and authenticated users, leading to a Reflected Cross-Site Scripting...

WordPress plugin Awin Data Feed 跨站脚本漏洞

WordPress and WordPress plugin are both products of the WordPress Foundation.WordPress is a blogging platform developed using the PHP language. The platform supports setting up personal blog sites on servers with PHP and MySQL.WordPress plugin is an application plugin. A cross-site scripting...

rpc.py 代码问题漏洞

rpc.py is a fast and powerful ASGI/WSGI-based RPC framework for individual developers in Aber, China. A security vulnerability exists in rpc.py version 0.6.0 and earlier. An attacker exploited the vulnerability to process data using unpickle...

GHSA-CJ7V-27PG-WF7Q Jetty invalid URI parsing may produce invalid HttpURI.authority

Description URI use within Jetty's HttpURI class can parse invalid URIs such as http://localhost;/path as having an authority with a host of localhost;. A URIs of the type http://localhost;/path should be interpreted to be either invalid or as localhost; to be the userinfo and no host. However,...

Symantec Advanced Secure Gateway 环境问题漏洞

Symantec Advanced Secure Gateway ASG is a security gateway appliance from Symantec Corporation. An environmental issue vulnerability exists in Symantec Advanced Secure Gateway ASG and ProxySG that stems from susceptibility to an HTTP asynchronous vulnerability. An attacker could exploit the...

WordPress plugin Gallery 跨站脚本漏洞

WordPress and WordPress plugin are both products of the WordPress Foundation.WordPress is a blogging platform developed using the PHP language. The platform supports setting up personal blog sites on servers with PHP and MySQL.WordPress plugin is an application plugin. A cross-site scripting...