π¨ CVE-2023-3201
The MStore API plugin for WordPress is vulnerable to Cross-Site Request Forgery due to missing nonce validation on the mstore_update_new_order_title function. This makes it possible for unauthenticated attackers to update new order title via a forged request granted they can trick a site administrator into performing an action such as clicking on a link.
π@cveNotify
The MStore API plugin for WordPress is vulnerable to Cross-Site Request Forgery due to missing nonce validation on the mstore_update_new_order_title function. This makes it possible for unauthenticated attackers to update new order title via a forged request granted they can trick a site administrator into performing an action such as clicking on a link.
π@cveNotify
π¨ CVE-2023-3200
The MStore API plugin for WordPress is vulnerable to Cross-Site Request Forgery due to missing nonce validation on the mstore_update_new_order_message function. This makes it possible for unauthenticated attackers to update new order message via a forged request granted they can trick a site administrator into performing an action such as clicking on a link.
π@cveNotify
The MStore API plugin for WordPress is vulnerable to Cross-Site Request Forgery due to missing nonce validation on the mstore_update_new_order_message function. This makes it possible for unauthenticated attackers to update new order message via a forged request granted they can trick a site administrator into performing an action such as clicking on a link.
π@cveNotify
π¨ CVE-2023-3198
The MStore API plugin for WordPress is vulnerable to Cross-Site Request Forgery due to missing nonce validation on the mstore_update_status_order_message function. This makes it possible for unauthenticated attackers to update status order message via a forged request granted they can trick a site administrator into performing an action such as clicking on a link.
π@cveNotify
The MStore API plugin for WordPress is vulnerable to Cross-Site Request Forgery due to missing nonce validation on the mstore_update_status_order_message function. This makes it possible for unauthenticated attackers to update status order message via a forged request granted they can trick a site administrator into performing an action such as clicking on a link.
π@cveNotify
Wordfence
MStore API <= 3.9.6 - Cross-Site Request Forgery to Order Status Update β Wordfence Intelligence
π¨ CVE-2023-3047
Improper Neutralization of Special Elements used in an SQL Command ('SQL Injection') vulnerability in TMT Lockcell allows SQL Injection.This issue affects Lockcell: before 15.
π@cveNotify
Improper Neutralization of Special Elements used in an SQL Command ('SQL Injection') vulnerability in TMT Lockcell allows SQL Injection.This issue affects Lockcell: before 15.
π@cveNotify
π¨ CVE-2023-29353
Sysinternals Process Monitor for Windows Denial of Service Vulnerability
π@cveNotify
Sysinternals Process Monitor for Windows Denial of Service Vulnerability
π@cveNotify
π¨ CVE-2022-22307
IBM Security Guardium 11.3, 11.4, and 11.5 could allow a local user to obtain elevated privileges due to incorrect authorization checks. IBM X-Force ID: 216753.
π@cveNotify
IBM Security Guardium 11.3, 11.4, and 11.5 could allow a local user to obtain elevated privileges due to incorrect authorization checks. IBM X-Force ID: 216753.
π@cveNotify
Ibm
Security Bulletin: IBM Security Guardium is affected by multiple vulnerabilities
IBM Security Guardium has addressed these vulnerabilities
π¨ CVE-2020-12762
json-c through 0.14 has an integer overflow and out-of-bounds write via a large JSON file, as demonstrated by printbuf_memappend.
π@cveNotify
json-c through 0.14 has an integer overflow and out-of-bounds write via a large JSON file, as demonstrated by printbuf_memappend.
π@cveNotify
GitHub
Prevent out of boundary write on malicious input by stoeckmann Β· Pull Request #592 Β· json-c/json-c
I have discovered a way to trigger an out of boundary write while parsing a huge json file through a malicious input source. It can be triggered if an attacker has control over the input stream or ...
π¨ CVE-2023-2745
WordPress Core is vulnerable to Directory Traversal in versions up to, and including, 6.2, via the βwp_langβ parameter. This allows unauthenticated attackers to access and load arbitrary translation files. In cases where an attacker is able to upload a crafted translation file onto the site, such as via an upload form, this could be also used to perform a Cross-Site Scripting attack.
π@cveNotify
WordPress Core is vulnerable to Directory Traversal in versions up to, and including, 6.2, via the βwp_langβ parameter. This allows unauthenticated attackers to access and load arbitrary translation files. In cases where an attacker is able to upload a crafted translation file onto the site, such as via an upload form, this could be also used to perform a Cross-Site Scripting attack.
π@cveNotify
π¨ CVE-2023-25683
IBM PowerVM Hypervisor FW950.00 through FW950.71, FW1010.00 through FW1010.40, FW1020.00 through FW1020.20, and FW1030.00 through FW1030.11 could allow an attacker to obtain sensitive information if they gain service access to the HMC. IBM X-Force ID: 247592.
π@cveNotify
IBM PowerVM Hypervisor FW950.00 through FW950.71, FW1010.00 through FW1010.40, FW1020.00 through FW1020.20, and FW1030.00 through FW1030.11 could allow an attacker to obtain sensitive information if they gain service access to the HMC. IBM X-Force ID: 247592.
π@cveNotify
Ibm
Security Bulletin: This Power System update is being released to address CVE-2023-25683
The PowerVM Hypervisor could allow an attacker to obtain sensitive information if they gain service access to the HMC
π¨ CVE-2022-33168
IBM Security Directory Suite VA 8.0.1 could allow an attacker to cause a denial of service due to uncontrolled resource consumption. IBM X-Force ID: 228588.
π@cveNotify
IBM Security Directory Suite VA 8.0.1 could allow an attacker to cause a denial of service due to uncontrolled resource consumption. IBM X-Force ID: 228588.
π@cveNotify
Ibmcloud
IBM Security Directory Suite VA denial of service CVE-2022-33168 Vulnerability Report
IBM X-Force Exchange is a threat intelligence sharing platform enabling research on security threats, aggregation of intelligence, and collaboration with peers
π¨ CVE-2022-33163
IBM Security Directory Suite VA 8.0.1 specifies permissions for a security-critical resource in a way that allows that resource to be read or modified by unintended actors. IBM X-Force ID: 228571.
π@cveNotify
IBM Security Directory Suite VA 8.0.1 specifies permissions for a security-critical resource in a way that allows that resource to be read or modified by unintended actors. IBM X-Force ID: 228571.
π@cveNotify
Ibm
Security Bulletin: IBM Security Directory Suite has multiple vulnerabilities [CVE-2022-33163 and CVE-2022-33168]
The following vulnerabilties in IBM Security Directory Suite have been addressed. Please apply the fixes shown below. [CVE-2022-33163 and CVE-2022-33168]
π¨ CVE-2022-33159
IBM Security Directory Suite VA 8.0.1 through 8.0.1.19 stores user credentials in plain clear text which can be read by an authenticated user. IBM X-Force ID: 228567.
π@cveNotify
IBM Security Directory Suite VA 8.0.1 through 8.0.1.19 stores user credentials in plain clear text which can be read by an authenticated user. IBM X-Force ID: 228567.
π@cveNotify
Ibm
Security Bulletin: IBM Security Directory Suite is vulnerable to multiple issues
Multiple Security Vulnerabilities in the IBM Security Directory Suite have been addressed by code updates and updating the relevant components.
π¨ CVE-2022-33166
IBM Security Directory Suite VA 8.0.1 through 8.0.1.19 could allow a privileged user to upload malicious files of dangerous types that can be automatically processed within the product's environment. IBM X-Force ID: 228586.
π@cveNotify
IBM Security Directory Suite VA 8.0.1 through 8.0.1.19 could allow a privileged user to upload malicious files of dangerous types that can be automatically processed within the product's environment. IBM X-Force ID: 228586.
π@cveNotify
Ibm
Security Bulletin: IBM Security Directory Suite is vulnerable to multiple issues
Multiple Security Vulnerabilities in the IBM Security Directory Suite have been addressed by code updates and updating the relevant components.
π¨ CVE-2022-32757
IBM Security Directory Suite VA 8.0.1 through 8.0.1.19 uses an inadequate account lockout setting that could allow a remote attacker to brute force account credentials. IBM X-Force ID: 228510.
π@cveNotify
IBM Security Directory Suite VA 8.0.1 through 8.0.1.19 uses an inadequate account lockout setting that could allow a remote attacker to brute force account credentials. IBM X-Force ID: 228510.
π@cveNotify
Ibm
Security Bulletin: IBM Security Directory Suite is vulnerable to multiple issues
Multiple Security Vulnerabilities in the IBM Security Directory Suite have been addressed by code updates and updating the relevant components.
π¨ CVE-2022-32752
IBM Security Directory Suite VA 8.0.1 through 8.0.1.19 could allow a remote authenticated attacker to execute arbitrary commands on the system by sending a specially crafted request. IBM X-Force ID: 228439.
π@cveNotify
IBM Security Directory Suite VA 8.0.1 through 8.0.1.19 could allow a remote authenticated attacker to execute arbitrary commands on the system by sending a specially crafted request. IBM X-Force ID: 228439.
π@cveNotify
Ibm
Security Bulletin: IBM Security Directory Suite is vulnerable to multiple issues
Multiple Security Vulnerabilities in the IBM Security Directory Suite have been addressed by code updates and updating the relevant components.
π¨ CVE-2023-34239
Gradio is an open-source Python library that is used to build machine learning and data science. Due to a lack of path filtering Gradio does not properly restrict file access to users. Additionally Gradio does not properly restrict the what URLs are proxied. These issues have been addressed in version 3.34.0. Users are advised to upgrade. There are no known workarounds for this vulnerability.
π@cveNotify
Gradio is an open-source Python library that is used to build machine learning and data science. Due to a lack of path filtering Gradio does not properly restrict file access to users. Additionally Gradio does not properly restrict the what URLs are proxied. These issues have been addressed in version 3.34.0. Users are advised to upgrade. There are no known workarounds for this vulnerability.
π@cveNotify
GitHub
Prevent path traversal in `/file` routes by abidlabs Β· Pull Request #4370 Β· gradio-app/gradio
Prevents path traversal in /file routes
Internal discussion here
Internal discussion here
π¨ CVE-2023-34364
A buffer overflow was discovered in Progress DataDirect Connect for ODBC before 08.02.2770 for Oracle. An overly large value for certain options of a connection string may overrun the buffer allocated to process the string value. This allows an attacker to execute code of their choice on an affected host by copying carefully selected data that will be executed as code.
π@cveNotify
A buffer overflow was discovered in Progress DataDirect Connect for ODBC before 08.02.2770 for Oracle. An overly large value for certain options of a connection string may overrun the buffer allocated to process the string value. This allows an attacker to execute code of their choice on an affected host by copying carefully selected data that will be executed as code.
π@cveNotify
Progress.com
Unleash the Power of AI for Your Business | Progress Software
Progress provides AI-powered software solutions to automate processes to develop, deploy and manage apps, and make critical data more accessible and secure.
π¨ CVE-2023-0342
MongoDB Ops Manager Diagnostics Archive may not redact sensitive PEM key file password app settings. Archives do not include the PEM files themselves. This issue affects MongoDB Ops Manager v5.0 prior to 5.0.21 and MongoDB Ops Manager v6.0 prior to 6.0.12
π@cveNotify
MongoDB Ops Manager Diagnostics Archive may not redact sensitive PEM key file password app settings. Archives do not include the PEM files themselves. This issue affects MongoDB Ops Manager v5.0 prior to 5.0.21 and MongoDB Ops Manager v6.0 prior to 6.0.12
π@cveNotify
π¨ CVE-2023-34855
A Cross Site Scripting (XSS) vulnerability in Youxun Electronic Equipment (Shanghai) Co., Ltd AC Centralized Management Platform v1.02.040 allows attackers to execute arbitrary code via uploading a crafted HTML file to the interface /upfile.cgi.
π@cveNotify
A Cross Site Scripting (XSS) vulnerability in Youxun Electronic Equipment (Shanghai) Co., Ltd AC Centralized Management Platform v1.02.040 allows attackers to execute arbitrary code via uploading a crafted HTML file to the interface /upfile.cgi.
π@cveNotify
GitHub
Stored Cross-Site Scripting (XSS) Vulnerability in Youxun Electronic Equipment (Shanghai) Co., Ltd. AC Centralized Management Platformβ¦
Search vulnerable products on internet Go to https://hunter.qianxin.com/, and use this syntax to search potential vulnerable products existing on internet:web.body="login_title: 'D-Linkθ·―η±ε¨...
π¨ CVE-2019-6502
sc_context_create in ctx.c in libopensc in OpenSC 0.19.0 has a memory leak, as demonstrated by a call from eidenv.
π@cveNotify
sc_context_create in ctx.c in libopensc in OpenSC 0.19.0 has a memory leak, as demonstrated by a call from eidenv.
π@cveNotify
GitHub
Memory leak Β· Issue #1586 Β· OpenSC/OpenSC
Hi Team, I have build this repo using clang via ASAN, a memory leak was detected in eidenv.c ASAN ==32025==ERROR: LeakSanitizer: detected memory leaks Direct leak of 632 byte(s) in 1 object(s) allo...
π¨ CVE-2021-42782
Stack buffer overflow issues were found in Opensc before version 0.22.0 in various places that could potentially crash programs using the library.
π@cveNotify
Stack buffer overflow issues were found in Opensc before version 0.22.0 in various places that could potentially crash programs using the library.
π@cveNotify
GitHub
cardos: Correctly calculate the left bytes to avoid buffer overrun Β· OpenSC/OpenSC@1252aca
Thanks oss-fuzz
https://bugs.chromium.org/p/oss-fuzz/issues/detail?id=29912
https://bugs.chromium.org/p/oss-fuzz/issues/detail?id=29912