OPENSUSE-SU-2021:0909-1 Security update for wireshark, libvirt, sbc, libqt5-qtmultimedia

This update for wireshark, libvirt, sbc and libqt5-qtmultimedia fixes the following issues: Update wireshark to version 3.4.5 - New and updated support and bug fixes for multiple protocols - Asynchronous DNS resolution is always enabled - Protobuf fields can be dissected as Wireshark header field...

SUSE: Security Advisory (SUSE-SU-2021:2125-1)

The remote host is missing an update for the SPDX-FileCopyrightText: 2021 Greenbone AG Some text descriptions might be excerpted from a referenced sources, and are Copyright C by the respective right holders. SPDX-License-Identifier: GPL-2.0-only ifdescription...

Missing Handler in @scandipwa/magento-scripts

Impact After changing the function from synchronous to asynchronous there wasn't implemented handler in the start, stop, exec and logs commands, effectively making them unusable. Patches Version 1.5.3 contains patches for the problems described above. Workarounds Upgrade to patched or latest...

GHSA-52QP-GWWH-QRG4 Missing Handler in @scandipwa/magento-scripts

Impact After changing the function from synchronous to asynchronous there wasn't implemented handler in the start, stop, exec and logs commands, effectively making them unusable. Patches Version 1.5.3 contains patches for the problems described above. Workarounds Upgrade to patched or latest...

CVE-2021-32684

magento-scripts contains scripts and configuration used by Create Magento App, a zero-configuration tool-chain which allows one to deploy Magento 2. In versions 1.5.1 and 1.5.2, after changing the function from synchronous to asynchronous there wasn't implemented handler in the start, stop, exec,...

CVE-2021-32684

CVE-2021-32684 concerns magento-scripts used by Create Magento App. Versions 1.5.1 and 1.5.2 changed a function from synchronous to asynchronous without implementing handlers for start, stop, exec, and logs, rendering those commands unusable. Version 1.5.3 provides patches addressing the problems...

CVE-2021-32684 Missing Handler in @scandipwa/magento-scripts

magento-scripts contains scripts and configuration used by Create Magento App, a zero-configuration tool-chain which allows one to deploy Magento 2. In versions 1.5.1 and 1.5.2, after changing the function from synchronous to asynchronous there wasn't implemented handler in the start, stop, exec,...

CVE-2021-24355

In the Simple 301 Redirects by BetterLinks WordPress plugin before 2.0.4, the lack of capability checks and insufficient nonce check on the AJAX actions, simple301redirects/admin/getwildcard and simple301redirects/admin/wildcard, made it possible for authenticated users to retrieve and update the...

CVE-2021-24354

A lack of capability checks and insufficient nonce check on the AJAX action in the Simple 301 Redirects by BetterLinks WordPress plugin before 2.0.4, made it possible for authenticated users to install arbitrary plugins on vulnerable sites...

SUSE SLES11 Security Update : microcode_ctl (SUSE-SU-2019:14217-1)

The remote SUSE Linux SLES11 host has a package installed that is affected by multiple vulnerabilities as referenced in the SUSE-SU-2019:14217-1 advisory. - TSX Asynchronous Abort condition on some CPUs utilizing speculative execution may allow an authenticated user to potentially enable...

The vulnerability of the modular library for simplifying the development of JavaScript or AJAX-based applications and websites allows attackers to compromise the confidentiality, integrity, and accessibility of protected information due to improper coding or the concealment of output data.

The vulnerability of the modular library used for simplifying the development of JavaScript- or AJAX-based applications and websites in the Dojo Toolkit is related to incorrect coding or the concealment of output data. Exploiting this vulnerability can allow an attacker to compromise the...

SUSE SLES11 Security Update : xen (SUSE-SU-2020:14444-1)

The remote SUSE Linux SLES11 host has packages installed that are affected by multiple vulnerabilities as referenced in the SUSE-SU-2020:14444-1 advisory. - Improper invalidation for page table updates by a virtual guest operating system for multiple IntelR Processors may allow an authenticated...

WordPress 跨站脚本漏洞

WordPress is a set of blogging platforms developed using the PHP language by the WordPress Wordpress Foundation. The platform supports setting up personal blog sites on servers with PHP and MySQL. A cross-site scripting vulnerability exists in WordPress Goto WordPress theme prior to version 2.1,...

CVE-2021-24282

In the Redirection for Contact Form 7 WordPress plugin before 2.3.4, any authenticated user, such as a subscriber, could use the various AJAX actions in the plugin to do a variety of things. For example, an attacker could use wpcf7rresetsettings to reset the plugin’s settings, wpcf7raddaction to...

CVE-2021-24190

Low privileged users can use the AJAX action 'cppluginsdobuttonjoblatercallback' in the WooCommerce Conditional Marketing Mailer WordPress plugin before 1.5.2, to install any plugin including a specific version from the WordPress repository, as well as activate arbitrary plugin from then blog,...

WordPress plugin Login as User or Customer 安全漏洞

WordPress is the Wordpress Foundation's set of blogging platform developed using the PHP language . The platform supports PHP and MySQL servers to set up a personal blog site.WordPress Plugin is a WordPress open source application plugin . WordPress plugin 1.8 before the version User Switching...

WordPress plugin Login Protection - Limit Failed Login Attempts 安全漏洞

WordPress is the Wordpress Foundation's set of blogging platform developed using the PHP language . The platform supports PHP and MySQL servers to set up a personal blog site.WordPress Plugin is a WordPress open source application plugin . WordPress plugin 2.9 prior to the version Login Protectio...

PT-2021-15734 · WordPress · Wp Content Copy Protection & No Right Click

Name of the Vulnerable Software and Affected Versions: WP Content Copy Protection & No Right Click WordPress plugin versions prior to 3.1.5 Description: The issue allows low-privileged users to exploit the AJAX action 'cp plugins do button job later callback' to install any plugin, including...

WordPress plugin 安全漏洞

WordPress is a set of blogging platforms developed using the PHP language by the WordPress Wordpress Foundation. The platform supports setting up personal blog sites on servers with PHP and MySQL. An improper access control vulnerability exists in WordPress Redirection for Contact Form 7 Plugin...

2019.2 IPU – TSX Asynchronous Abort Advisory

Summary: A potential security vulnerability in TSX Asynchronous Abort TAA for some Intel® Processors may allow information disclosure. Intel is releasing firmware updates to mitigate this potential vulnerability. Vulnerability Details: CVEID: CVE-2019-11135 Description: TSX Asynchronous Abort...