Mysten Labs Sui Security Vulnerability

Mysten Labs Sui is a smart contract platform from Mysten Labs Labs. A security vulnerability exists in versions prior to Mysten Labs Sui v.1.6.3, which stems from a vulnerability that allows a remote attacker to execute arbitrary code and cause a denial of service via a carefully crafted...

WordPress ImageRecycle pdf & image compression Plugin <= 3.1.13 is vulnerable to Cross Site Request Forgery (CSRF)

Software ImageRecycle pdf & image compression Type Plugin Vulnerable versions = 3.1.13 Fixed in 3.1.14 OWASP Top 10 A5: Broken Access Control Classification Cross Site Request Forgery CSRF CVE CVE-2024-1339 Patch priority Low CVSS severity Low 4.3 Developer Claim ownership PSID d8c1f1233fec Credi...

WordPress ImageRecycle pdf & image compression Plugin <= 3.1.13 is vulnerable to Broken Access Control

Software ImageRecycle pdf & image compression Type Plugin Vulnerable versions = 3.1.13 Fixed in 3.1.14 OWASP Top 10 A5: Broken Access Control Classification Broken Access Control CVE CVE-2024-0983 Patch priority Low CVSS severity Low 4.3 Developer Claim ownership PSID 3893271a34ec Credits Frances...

WordPress ImageRecycle pdf & image compression Plugin <= 3.1.13 is vulnerable to Cross Site Request Forgery (CSRF)

Software ImageRecycle pdf & image compression Type Plugin Vulnerable versions = 3.1.13 Fixed in 3.1.14 OWASP Top 10 A5: Broken Access Control Classification Cross Site Request Forgery CSRF CVE CVE-2024-1336 Patch priority Low CVSS severity Low 4.3 Developer Claim ownership PSID a40a0d1defb3 Credi...

WordPress ImageRecycle pdf & image compression Plugin <= 3.1.13 is vulnerable to Broken Access Control

Software ImageRecycle pdf & image compression Type Plugin Vulnerable versions = 3.1.13 Fixed in 3.1.14 OWASP Top 10 A5: Broken Access Control Classification Broken Access Control CVE CVE-2024-0984 Patch priority Low CVSS severity Low 4.3 Developer Claim ownership PSID 35a4c2f10086 Credits Frances...

ImageRecycle pdf & image compression < 3.1.14 - Cross-Site Request Forgery to Settings Update in stopOptimizeAll

Description The ImageRecycle pdf & image compression plugin for WordPress is vulnerable to Cross-Site Request Forgery in all versions up to, and including, 3.1.13. This is due to missing or incorrect nonce validation on the stopOptimizeAll function. This makes it possible for unauthenticated...

ImageRecycle pdf & image compression < 3.1.14 - Cross-Site Request Forgery to Settings Update in enableOptimization

Description The ImageRecycle pdf & image compression plugin for WordPress is vulnerable to Cross-Site Request Forgery in all versions up to, and including, 3.1.13. This is due to missing or incorrect nonce validation on the enableOptimization function. This makes it possible for unauthenticated...

ImageRecycle pdf & image compression < 3.1.14 - Missing Authorization to Settings Update in stopOptimizeAll

Description The ImageRecycle pdf & image compression plugin for WordPress is vulnerable to unauthorized modification of data due to a missing capability check on the stopOptimizeAll function in all versions up to, and including, 3.1.13. This makes it possible for authenticated attackers, with...

Nervos CKB Panic on malformed input

Impact CKB process will panic when received malformed p2p message because of snappy, which is used to compress network messages References https://github.com/BurntSushi/rust-snappy/issues/29...

GHSA-WJXC-PJX9-4WVM Nervos CKB Panic on malformed input

Impact CKB process will panic when received malformed p2p message because of snappy, which is used to compress network messages References https://github.com/BurntSushi/rust-snappy/issues/29...

Post-quantum Cryptography for the Go Ecosystem

filippo.io/mlkem768 is a pure-Go implementation of ML-KEM-768 optimized for correctness and readability. ML-KEM formerly known as Kyber, renamed because we can't have nice things is a post-quantum key exchange mechanism in the process of being standardized by NIST and adopted by most of the...

zlib: Buffer Overflow

Background zlib is a widely used free and patent unencumbered data compression library. Description A vulnerability has been discovered in zlib. Please review the CVE identifier referenced below for details. Impact MiniZip in zlib through 1.3 has an integer overflow and resultant heap-based buffe...

Denial Of Service (DoS)

Microsoft.IdentityModel.JsonWebTokens and System.IdentityModel.Tokens.Jwt are vulnerable to Denial Of Service DoS. The vulnerability is cause by improper JWT compression checks, which results in resource exhaustion due processing of malicious JSON Web EncryptionJWE token. Successful exploitation...

Allocation of Resources Without Limits or Throttling

Overview Affected versions of this package are vulnerable to Allocation of Resources Without Limits or Throttling by processing JSON Web Encryption JWE tokens with a high compression ratio. An attacker can cause excessive memory allocation and processing time during decompression, leading to a...

Timing Attack

github.com/cloudflare/circl is vulnerable to Timing Attack. The vulnerability is caused due to arithmetic operations during ciphertext compression which leaks sensitive timing information. An attacker can learn parts of secret key by exploiting this vulnerability brute force...

Vulnerabilities fixed in IBM DB2

IBM has fixed vulnerabilities in several DB2 products such as DB2, DB2 for Cloud Pak and Web Query for i. A malicious party could exploit the exploit the vulnerabilities to grant himself locally elevated privileges assigned arbitrary code and thus execute arbitrary code with potentially privilege...

SUSE-RU-2023:4991-1 Recommended update for mariadb104

This update for mariadb104 fixes the following issues: - Implement version 10.4 of MariaDB jscPED-2455: It is possible to use more than one authentication plugin for each user account. The root user account is being created with the ability to use two authentication plugins. All user accounts,...

NetScaler ns.log Files not Compressed NSCALLHOME-252

Issue : ns.log Files not Compressed root@ns cat /etc/newsyslog.conf | grep ns.log /var/log/ns.log 600 25 $D00 Z...

Integer overflow

A LogoFAIL issue was discovered in BmpDecoderDxe in Insyde InsydeH2O with kernel 5.2 before 05.28.47, 5.3 before 05.37.47, 5.4 before 05.45.47, 5.5 before 05.53.47, and 5.6 before 05.60.47 for certain Lenovo devices. Image parsing of crafted BMP logo files can copy data to a specific address duri...

Heap-Based Buffer Overflow

capnproto:sid is vulnerable to Heap based buffer overflow. The vulnerability due to misinterpretation of input vulnerability in BiSheng-WNM FW 3.0.0.325 and WebSocket compression enabled, a malicious peer may be able to cause a buffer under run on a heap-allocated buffer.It leads to allow an...