Elasticsearch Information Disclosure Vulnerability (CNVD-2021-03548)

Elasticsearch is a search engine based on the Lucene library. An information disclosure vulnerability exists in the asynchronous search API in Elasticsearch 7.7.0 - 7.10.1. The vulnerability stems from the fact that users performing asynchronous searches will incorrectly store HTTP headers. An...

Elastic 资源管理错误漏洞

Elasticsearch is a search engine based on the Lucene library. An information disclosure vulnerability exists in the asynchronous search API in Elasticsearch 7.7.0 - 7.10.1. The vulnerability stems from the fact that users performing asynchronous searches will incorrectly store HTTP headers. An...

CVE-2021-23928

OX App Suite through 7.10.3 allows XSS via the ajax/apps/manifests query string...

Pidrila - Python Interactive Deepweb-oriented Rapid Intelligent Link Analyzer

PIDRILA : P ython I nteractive D eepweb-oriented R apid I ntelligent L ink A nalyzer is really fast async web path scanner prototype developed by BrightSearch team for all ethical netstalkers. Installation & Usage git clone https://github.com/enemy-submarine/pidrila.git cd pidrila python3...

WordPress Newsletter plugin cross-site scripting vulnerability

WordPress is a set of blogging platforms developed using the PHP language by the WordPress Wordpress Foundation. The platform supports setting up personal blog sites on servers with PHP and MySQL. A cross-site scripting vulnerability in WordPress Newsletter plugin versions prior to 6.8.2 allows...

CVE-2020-35933

A Reflected Authenticated Cross-Site Scripting XSS vulnerability in the Newsletter plugin before 6.8.2 for WordPress allows remote attackers to trick a victim into submitting a tnpcrender AJAX request containing either JavaScript in an options parameter, or a base64-encoded JSON string containing...

UBUNTU-CVE-2020-11947

iscsiaioioctlcb in block/iscsi.c in QEMU 4.1.0 has a heap-based buffer over-read that may disclose unrelated information from process memory to an attacker...

WordPress 授权问题漏洞

WordPress is a set of blogging platforms developed using the PHP language by the WordPress Wordpress Foundation. The platform supports setting up personal blog sites on servers with PHP and MySQL. A security vulnerability exists in WordPress PageLayer plugin versions prior to 1.1.2 that stems fro...

Microsoft Azure Sphere Denial of Service Vulnerability (CNVD-2020-73757)

Microsoft Azure Sphere is an appliance from Microsoft USA that is used to provide security in cloud environments. A denial of service vulnerability exists in Microsoft Azure Sphere version 20.05, which stems from the asynchronous ioctl feature of Microsoft Azure Sphere 20.05. An attacker could...

c-ares: Denial of service

Background c-ares is an asynchronous resolver library. Description It was discovered that c-ares incorrectly handled certain DNS requests. Impact A remote attacker, able to trigger a DNS request for a host of their choice by an application linked against c-ares, could possibly cause a Denial of...

CVE-2020-35609

A denial-of-service vulnerability exists in the asynchronous ioctl functionality of Microsoft Azure Sphere 20.05. A sequence of specially crafted ioctl calls can cause a denial of service. An attacker can write shellcode to trigger this vulnerability...

Denial of service

A denial-of-service vulnerability exists in the asynchronous ioctl functionality of Microsoft Azure Sphere 20.05. A sequence of specially crafted ioctl calls can cause a denial of service. An attacker can write shellcode to trigger this vulnerability...

Microsoft Azure Sphere 注入漏洞

Microsoft Azure Sphere is an appliance from Microsoft USA that is used to provide security in cloud environments. A denial of service vulnerability exists in Microsoft Azure Sphere version 20.05, which stems from the asynchronous ioctl feature of Microsoft Azure Sphere 20.05. An attacker could...

CVE-2020-26281

async-h1 is an asynchronous HTTP/1.1 parser for Rust crates.io. There is a request smuggling vulnerability in async-h1 before version 2.3.0. This vulnerability affects any webserver that uses async-h1 behind a reverse proxy, including all such Tide applications. If the server does not read the bo...

Http-rs Async-h1 Environment Issue Vulnerability

Http-rs Async-h1 is a Rust-based asynchronous Http parser from the Http-rs team. A security vulnerability exists in async-h1 versions prior to 2.3.0, which stems from the presence of a request smuggling vulnerability. This vulnerability affects any web server that uses async-h1 behind a reverse...

Moderate: Red Hat Security Advisory: Red Hat AMQ Broker 7.8 release and security update

Red Hat AMQ Broker 7.8 is now available from the Red Hat Customer Portal. Red Hat Product Security has rated this update as having a security impact of Moderate. A Common Vulnerability Scoring System CVSS base score, which gives a detailed severity rating, is available for each vulnerability from...

CVE-2020-29441

An issue was discovered in the Upload Widget in OutSystems Platform 10 before 10.0.1019.0. An unauthenticated attacker can upload arbitrary files. In some cases, this attack may consume the available database space Denial of Service, corrupt legitimate data if files are being processed...

USN-4638-1: c-ares vulnerability

It was discovered that c-ares incorrectly handled certain DNS requests. An attacker could possibly use this issue to cause a denial of service...

Unbreakable Enterprise kernel security update

5.4.17-2036.100.6.1.el8uek - powercap: restrict energy meter to root access Kanth Ghatraju Orabug: 32040802 CVE-2020-8694 CVE-2020-8695 - KVM: ioapic: break infinite recursion on lazy EOI Vitaly Kuznetsov Orabug: 32066585 CVE-2020-27152 CVE-2020-27152 - x86/mitigations: Restore paranoid checks fo...

USN-4548-1: libuv vulnerability

It was discovered that libuv incorrectly handled certain paths. An attacker could possibly use this issue to cause a crash or execute arbitrary code...