WP Post Popup <= 3.7.3 - Admin+ Stored XSS

Description The plugin does not sanitise and escape some of its inputs, which could allow high privilege users such as admin to perform Stored Cross-Site Scripting attacks even when the unfilteredhtml capability is disallowed for example in multisite setup Enter the following payload in the Close...

ALPINE-CVE-2023-45802

When a HTTP/2 stream was reset RST frame by a client, there was a time window were the request's memory resources were not reclaimed immediately. Instead, de-allocation was deferred to connection close. A client could send new requests and resets, keeping the connection busy and open and causing...

CVE-2023-45802

When a HTTP/2 stream was reset RST frame by a client, there was a time window were the request's memory resources were not reclaimed immediately. Instead, de-allocation was deferred to connection close. A client could send new requests and resets, keeping the connection busy and open and causing...

Design/Logic Flaw

When a HTTP/2 stream was reset RST frame by a client, there was a time window were the request's memory resources were not reclaimed immediately. Instead, de-allocation was deferred to connection close. A client could send new requests and resets, keeping the connection busy and open and causing...

CVE-2023-45802

When a HTTP/2 stream was reset RST frame by a client, there was a time window were the request's memory resources were not reclaimed immediately. Instead, de-allocation was deferred to connection close. A client could send new requests and resets, keeping the connection busy and open and causing...

CVE-2023-45802

A flaw was found in modhttp2. When a HTTP/2 stream is reset RST frame by a client, there is a time window were the request's memory resources were not reclaimed immediately. Instead, de-allocation was deferred to connection close. A client could send new requests and resets, keeping the connectio...

CVE-2023-42448 Hydra's contestation period in head datum can be modified during Close transaction, allowing malicious participant to freely modify the contestation deadline

Hydra is the layer-two scalability solution for Cardano. Prior to version 0.13.0, the specification states that the contestation period in the datum of the UTxO at the head validator must stay unchanged as the state progresses from Open to Closed Close transaction, but no such check appears to be...

CVE-2023-42448 Hydra's contestation period in head datum can be modified during Close transaction, allowing malicious participant to freely modify the contestation deadline

Hydra is the layer-two scalability solution for Cardano. Prior to version 0.13.0, the specification states that the contestation period in the datum of the UTxO at the head validator must stay unchanged as the state progresses from Open to Closed Close transaction, but no such check appears to be...

PT-2023-28348 · Hydra · Hydra

Name of the Vulnerable Software and Affected Versions: Hydra versions prior to 0.13.0 Description: Hydra is the layer-two scalability solution for Cardano. The issue arises because the contestation period in the datum of the UTxO at the head validator must stay unchanged as the state progresses...

Attacker can extract value from pool by sandwiching herself at swapAll during close

Lines of code Vulnerability details Attacker can drain the lending pool by leveraging two facts: 1. swapAll allows 1% slippage 2. There is no Health Factor check after close. Alice and Bob are good friends, the steps are in one single tx: 1. Alice deposits 10000 USDT and borrows 7000$ worth of TR...

PT-2023-9786

Name of the Vulnerable Software and Affected Versions: Waitress versions prior to 3.0.1 Description: The issue is related to the getpeername function in the Waitress WSGI server for Python. When a remote client closes the connection before Waitress has the opportunity to call getpeername, it fail...

Mozilla: Browsing Context potentially not cleared when closing Private Window

The Mozilla Foundation Security Advisory describes this flaw as: When checking if the Browsing Context had been discarded in HttpBaseChannel, if the load group was not available then it was assumed to have already been discarded which was not always the case for private channels after the private...

Mozilla Firefox 安全漏洞

Mozilla Firefox is an open source web browser from the Mozilla Foundation. A security vulnerability exists in Mozilla Firefox, which originates from the possibility that the browsing environment may not be cleared when closing a private window under certain circumstances...

HDF Group HDF5 缓冲区错误漏洞

HDF Group HDF5 is a suite of tools for managing and storing different types of data from HDF Group, USA. The product supports managing, manipulating, viewing and analyzing data and generating files in portable formats. A security vulnerability exists in HDF Group HDF5 version 1.10.4, which stems...

Undertow: Infinite loop in SslConduit during close

A flaw was found in undertow. This issue makes achieving a denial of service possible due to an unexpected handshake status updated in SslConduit, where the loop never terminates...

CVE-2023-39841

Missing encryption in the RFID tag of Etekcity 3-in-1 Smart Door Lock v1.0 allows attackers to create a cloned tag via brief physical proximity to the original device...

Missing sanityCheckUnderlying Call in Certain Functions of OptionsPositionManager Contract

Lines of code Vulnerability details Bug Description In the OptionsPositionManager contract, there is a missing call to the sanityCheckUnderlying function at the beginning of the sellOptions and close functions. These functions involve interactions with option assets and underlying tokens. However...

function rngComplete is unpprotected

Lines of code Vulnerability details Impact The rngComplete is a function Called by the relayer to complete the Rng relay auction. However it has zero access control. Proof of Concept The function makes calls to the prizepool to close a draw, it also withdraws from a reserve. All these are done wi...

CVE-2023-32258

A flaw was found in the Linux kernel's ksmbd, a high-performance in-kernel SMB server. The specific flaw exists within the processing of SMB2LOGOFF and SMB2CLOSE commands. The issue results from the lack of proper locking when performing operations on an object. An attacker can leverage this...

AZL-27763 CVE-2023-32258 affecting package kernel for versions less than 5.15.135.1-2

A flaw was found in the Linux kernel's ksmbd, a high-performance in-kernel SMB server. The specific flaw exists within the processing of SMB2LOGOFF and SMB2CLOSE commands. The issue results from the lack of proper locking when performing operations on an object. An attacker can leverage this...