Red Hat Ansible 竞争条件问题漏洞

Red Hat Ansible is a computer system configuration manager from Red Hat, an American company. The product can be used to distribute, manage, and orchestrate computer systems. A competitive conditions issue vulnerability exists in Red Hat Ansible. The vulnerability stems from an Ansible user setti...

SUSE-RU-2021:1517-1 Recommended update for open-iscsi

This update for open-iscsi fixes the following issues: - Enabled asynchronous logins for iscsi.service bsc1183421 - Fixed a login issue when target is delayed...

WordPress插件 跨站脚本漏洞

Patreon is a subscription-based crowdfunding platform and Patreon WordPress is a WordPress plugin for the platform. A cross-site scripting vulnerability exists in Patreon WordPress versions prior to 1.7.2. An attacker can exploit this vulnerability to conduct cross-site scripting attacks via the...

CVE-2021-24184

Several AJAX endpoints in the Tutor LMS – eLearning and online course solution WordPress plugin before 1.7.7 were unprotected, allowing students to modify course information and elevate their privileges among many other actions...

CVE-2021-24163

The AJAX action, wpajaxninjaformssendwpremoteinstallhandler, did not have a capability check on it, nor did it have any nonce protection, therefore making it possible for low-level users, such as subscribers, to install and activate the SendWP Ninja Forms Contact Form – The Drag and Drop Form...

CVE-2021-21409

Netty is an open-source, asynchronous event-driven network application framework for rapid development of maintainable high performance protocol servers & clients. In Netty io.netty:netty-codec-http2 before version 4.1.61.Final there is a vulnerability that enables request smuggling. The...

Vajra - A Highly Customi zable Target And Scope Based Automated Web Hacking Framework To Automate Boring Recon Tasks

An automated web hacking framework for web applications Detailed insight about Vajra can be found at https://hackwithproxy.medium.com/introducing-vajra-an-advanced-web-hacking-framework-bd8307a01aa8 About Vajra Vajra is an automated web hacking framework to automate boring recon tasks and same...

The vulnerability of the Samba AD DC LDAP server, related to errors in processing the “Paged Results” and “ASQ” control elements, allows an attacker to cause a service failure.

The vulnerability of the Samba AD DC LDAP server is related to errors in processing the “Paged Results” and “ASQ” control elements. Exploiting this vulnerability can allow an attacker to cause service failures...

PYSEC-2021-50

An issue was discovered in through SaltStack Salt before 3002.5. salt-api does not honor eauth credentials for the wheelasync client. Thus, an attacker can remotely run any wheel modules on the master...

Fedora: Security Advisory for mingw-c-ares (FEDORA-2021-ee913722db)

The remote host is missing an update for the Copyright C 2021 Greenbone Networks GmbH Some text descriptions might be excerpted from a referenced sources, and are Copyright C by the respective right holders. SPDX-License-Identifier: GPL-2.0-or-later This program is free software; you can...

[SECURITY] Fedora 32 Update: mingw-c-ares-1.17.1-1.fc32

c-ares is a C library that performs DNS requests and name resolves asynchronously. c-ares is a fork of the library named 'ares', written by Greg Hudson at MIT...

[SECURITY] Fedora 33 Update: mingw-c-ares-1.17.1-1.fc33

c-ares is a C library that performs DNS requests and name resolves asynchronously. c-ares is a fork of the library named 'ares', written by Greg Hudson at MIT...

Blackcat Cms 跨站脚本漏洞

BlackCat CMS is a PHP5, HTML5 content management system. A stored cross-site scripting vulnerability exists in BlackCat CMS 1.3.6. The vulnerability can be exploited to conduct a cross-site scripting attack via the Display Name field in backend/preferences/ajaxsave.php...

Edge Redirector Cloudlet Gets Faster

Written by Maksym Novoseltsev - Senior Software Engineer, and Jeffrey Costa - Senior Product Manager, Web Performance Cloudlets Policy Manager often takes a long time to load, which is a by-product of its original design where every policy activation is an individual file. These files must be...

Fedora: Security Advisory for zeromq (FEDORA-2021-8b3202b783)

The remote host is missing an update for the SPDX-FileCopyrightText: 2021 Greenbone AG Some text descriptions might be excerpted from a referenced sources, and are Copyright C by the respective right holders. SPDX-License-Identifier: GPL-2.0-only ifdescription...

CVE-2021-21293

CVE-2021-21293 concerns blaze-core prior to 0.14.15, where unbounded acceptance of new connections on a dedicated thread pool can exhaust file handles and degrade services. Affected component is blaze-core (used by http4s-blaze-server) with unbounded queues after accept. The fix in 0.14.15 adds a...

Qualcomm Dsp Service Resource Management Error Vulnerability

Qualcomm Dsp Service is a digital signal processor from Qualcomm Incorporated that meets the needs of mobile platforms for multimedia and modem functionality, deep embedded processing. A security vulnerability exists in Qualcomm Dsp Service that arises from the fastrpc ctx being free during an...

CentOS 8 : systemd (CESA-2020:0575)

The remote CentOS Linux 8 host has packages installed that are affected by a vulnerability as referenced in the CESA-2020:0575 advisory. - systemd: use-after-free when asynchronous polkit queries are performed CVE-2020-1712 Note that Nessus has not tested for this issue but has instead relied onl...

CentOS 8 : virt:rhel (CESA-2020:0279)

The remote CentOS Linux 8 host has packages installed that are affected by a vulnerability as referenced in the CESA-2020:0279 advisory. - hw: TSX Transaction Asynchronous Abort TAA CVE-2019-11135 Note that Nessus has not tested for this issue but has instead relied only on the application's...

KLog Command Injection Vulnerability

KLog is ZhaoKaiQiang KLog individual developers of a logging tool for Android development . The tool's main functions are to print line numbers, function calls, Json parsing, XML parsing, click to jump, Log information saved and other functions. A command injection vulnerability exists in KLog...