WordPress plugin All-in-One WP Migration Unlimited Extension 安全漏洞

WordPress and WordPress plugins are both products of the WordPress Foundation. WordPress is a blog platform developed using the PHP language. This platform allows for the creation of personal blog websites on servers based on PHP and MySQL. A WordPress plugin is an application extension. There is...

Dnsmasq Security Feature Issue Vulnerability

Dnsmasq is a lightweight DNS forwarding and DHCP, TFTP server written in C. It can be used as a server to forward DNS, DHCP, and TFTP. A security vulnerability exists in Dnsmasq prior to version 2.83, which can be exploited by attackers to perform DNS cache poisoning attacks...

Security fix for the ALT Linux 10 package dnsmasq version 2.83-alt1

Jan. 22, 2021 Mikhail Efremov 2.83-alt1 - Use useradd -N instead of -n. - Updated to 2.83 fixes: CVE-2020-25681, CVE-2020-25682, CVE-2020-25683, CVE-2020-25684, CVE-2020-25685, CVE-2020-25686, CVE-2020-25687...

DEBIAN-CVE-2020-25686

A flaw was found in dnsmasq before version 2.83. When receiving a query, dnsmasq does not check for an existing pending request for the same name and forwards a new request. By default, a maximum of 150 pending queries can be sent to upstream servers, so there can be at most 150 queries for the...

Heap overflow

A flaw was found in dnsmasq before version 2.83. A heap-based buffer overflow was discovered in the way RRSets are sorted before validating with DNSSEC data. An attacker on the network, who can forge DNS replies such as that they are accepted as valid, could use this flaw to cause a buffer overfl...

CVE-2020-25685

A flaw was found in dnsmasq before version 2.83. When getting a reply from a forwarded query, dnsmasq checks in forward.c:replyquery, which is the forwarded query that matches the reply, by only using a weak hash of the query name. Due to the weak hash CRC32 when dnsmasq is compiled without DNSSE...

Design/Logic Flaw

A flaw was found in dnsmasq before version 2.83. When getting a reply from a forwarded query, dnsmasq checks in forward.c:replyquery, which is the forwarded query that matches the reply, by only using a weak hash of the query name. Due to the weak hash CRC32 when dnsmasq is compiled without DNSSE...

UBUNTU-CVE-2020-25684

A flaw was found in dnsmasq before version 2.83. When getting a reply from a forwarded query, dnsmasq checks in the forward.c:replyquery if the reply destination address/port is used by the pending forwarded queries. However, it does not use the address/port to retrieve the exact forwarded query,...

CVE-2020-25685

A flaw was found in dnsmasq before version 2.83. When getting a reply from a forwarded query, dnsmasq checks in forward.c:replyquery, which is the forwarded query that matches the reply, by only using a weak hash of the query name. Due to the weak hash CRC32 when dnsmasq is compiled without DNSSE...

Emerson OpenEnterprise SCADA Server Buffer Overflow Vulnerability

Emerson Electric OpenEnterprise SCADA Server is a suite of data acquisition and monitoring system SCADA servers from Emerson Electric that are primarily used for remote oil and gas applications. A buffer overflow vulnerability exists in Emerson Electric OpenEnterprise versions 3.1 through 3.3.3 a...

CloudBees Jenkins Denial of Service Vulnerability

CloudBees Jenkins formerly known as Hudson Labs is the United States CloudBees company's set of Java-based development of continuous integration tools , it is mainly used to monitor the continuous software version of the release/testing project and some of the timed execution of the task . A...

Code injection

SocialEngine SE before 2.83 grants certain write privileges for templates, which allows remote authenticated administrators to execute arbitrary PHP code...