Tagged: Cybersecurity Alert

NLnet Labs Unbound up to and including version 1.25.0 has a vulnerability in the DNSSEC validator where the code path to consult the negative cache for DS records does not take into account the...

NLnet Labs Unbound 1.14.0 up to and including version 1.25.0 has a vulnerability that results in heap overflow when encoding multiple NSID and/or DNS Cookie EDNS and/or EDNS Padding options in the reply packet....

NLnet Labs Unbound up to and including version 1.25.0 has a denial of service vulnerability in the DNSSEC validator that can lead to a crash given malicious upstream replies. When Unbound constructs chase-reply messages...

NLnet Labs Unbound 1.6.2 up to and including version 1.25.0 has a denial of service vulnerability when compiled with DNSCrypt support (‘–enable-dnscrypt’). A bad DNSCrypt query could underflow Unbound’s DNSCrypt packet reading procedure that...

NLnet Labs Unbound 1.19.1 up to and including version 1.25.0 has a vulnerability in the DNSSEC validator that enables denial of service and possible remote code execution as a result of deep copying a...

Dell SmartFabric Storage Software, versions prior to 1.4.5, contains an Improper Neutralization of Special Elements used in a Command (‘Command Injection’) vulnerability. A high privileged attacker with local access could potentially exploit this vulnerability,...

NLnet Labs Unbound 1.16.2 up to and including version 1.25.0 has a vulnerability of the ‘ghost domain names’ family of attacks that could extend the ghost domain window by up to one cached TTL...

In `src/havegecmd.c`, the `socket_handler` function performs a credential check on the abstract UNIX socket (`/sys/entropy/haveged`). However, while it detects if the connecting user is not root (`cred.uid != 0`) and prepares a negative acknowledgement...

SureCart version prior to 4.2.1 are vulnerable to authenticated SQL injection via multiple parameters (‘model_name’, ‘model_id’, ‘integration_id’, ‘provider’) on the REST API endpoint ‘/surecart/v1/integrations/{id}’. The root cause is a flawed escaping bypass in the...

NextGEN Gallery version prior to 4.2.1 are vulnerable to authenticated SQL injection via the ‘orderby’ parameter on the REST API endpoints ‘/imagely/v1/galleries’ and ‘/imagely/v1/albums’. The root cause is an insufficient sanitization function (‘_clean_column()’) in...

The Anomify AI – Anomaly Detection and Alerting plugin for WordPress is vulnerable to Cross-Site Request Forgery (CSRF) leading to Stored Cross-Site Scripting (XSS) in versions up to and including 0.3.6. This is due...

The AcyMailing – An Ultimate Newsletter Plugin and Marketing Automation Solution for WordPress plugin for WordPress is vulnerable to Missing Authorization in versions up to, and including, 10.8.2. This is due to the plugin...

The Photo Gallery, Sliders, Proofing and Themes – NextGEN Gallery plugin for WordPress is vulnerable to Insecure Direct Object Reference in versions up to and including 4.2.0. This is due to insufficient object-level authorization...

The Decent Comments WordPress plugin before 3.0.2 does not restrict access to comment author email addresses and post author email addresses via its REST API endpoint, allowing unauthenticated attackers to enumerate registered user email...