WordPress Plugin CMP 安全漏洞

WordPress and WordPress plugin are both products of the WordPress Foundation.WordPress is a blogging platform developed using the PHP language. WordPress is a blogging platform developed in the PHP language that supports personal blogs on PHP and MySQL servers.WordPress plugin is an application...

The vulnerability of the CmpUserMgr component in the Codesys industrial automation software suite allows a perpetrator to gain unauthorized access to protected information.

The vulnerability of the CmpUserMgr component in the Codesys industrial automation software suite is related to the use of a unreliable cryptographic algorithm. Exploiting this vulnerability could allow an attacker operating remotely to gain unauthorized access to protected information...

AZL-31144 CVE-2023-2650 affecting package edk2 for versions less than 20230301gitf80f052277c8-37

Issue summary: Processing some specially crafted ASN.1 object identifiers or data containing them may be very slow. Impact summary: Applications that use OBJobj2txt directly, or use any of the OpenSSL subsystems OCSP, PKCS7/SMIME, CMS, CMP/CRMF or TS with no message size limit may experience...

CVE-2023-2650

Issue summary: Processing some specially crafted ASN.1 object identifiers or data containing them may be very slow. Impact summary: Applications that use OBJobj2txt directly, or use any of the OpenSSL subsystems OCSP, PKCS7/SMIME, CMS, CMP/CRMF or TS with no message size limit may experience...

CVE-2023-2650

Issue summary: Processing some specially crafted ASN.1 object identifiers or data containing them may be very slow. Impact summary: Applications that use OBJobj2txt directly, or use any of the OpenSSL subsystems OCSP, PKCS7/SMIME, CMS, CMP/CRMF or TS with no message size limit may experience...

CVE-2023-2650 Possible DoS translating ASN.1 object identifiers

Issue summary: Processing some specially crafted ASN.1 object identifiers or data containing them may be very slow. Impact summary: Applications that use OBJobj2txt directly, or use any of the OpenSSL subsystems OCSP, PKCS7/SMIME, CMS, CMP/CRMF or TS with no message size limit may experience...

cmp-fibalite.com Cross Site Scripting vulnerability OBB-3363773

Following the coordinated and responsible vulnerability disclosure guidelines of the ISO 29147 standard, Open Bug Bounty has: a. verified the vulnerability and confirmed its existence; b. notified the website operator about its existence. Technical details of the vulnerability are currently hidde...

IO FinNet tss-lib vulnerable to timing attack from non-constant time scalar arithmetic

io.finnet tss-lib before 2.0.0 can leak the lambda value of a private key via a timing side-channel attack because it relies on Go big.Int, which is not constant time for Cmp, modular exponentiation, or modular inverse. An example leak is in crypto/paillier/paillier.go. bnb-chain/tss-lib and...

WordPress CMP – Coming Soon & Maintenance Plugin <= 4.1.7 is vulnerable to Bypass Vulnerability

Software CMP – Coming Soon & Maintenance Type Plugin Vulnerable versions = 4.1.7 Fixed in 4.1.8 OWASP Top 10 A2: Broken Authentication Classification Bypass Vulnerability CVE CVE-2023-2159 Patch priority Low CVSS severity Low 5.3 Developer Claim ownership PSID e2c725a8a335 Credits Marco Wotschka...

CMP – Coming Soon & Maintenance < 4.1.8 - Maintenance Mode Bypass

The plugin does not properly secure maintenance mode, allowing users to bypass it by using a correct cmpbypass GET parameter in the URL...

PT-2023-4171 · Schneider Electric +1 · Schneider Electric +1

Name of the Vulnerable Software and Affected Versions: CODESYS affected versions not specified Schneider Electric affected versions not specified Description: The issue is related to a stack-based out-of-bounds write vulnerability in the CmpTraceMgr component. This vulnerability can be exploited ...

PT-2023-4347 · 3S Smart Software Solutions · Codesys

Name of the Vulnerable Software and Affected Versions: CODESYS products affected versions not specified Description: The issue is related to an Improper Restriction of Operations within the Bounds of a Memory Buffer, which can be exploited by an authenticated, remote attacker to force a...

Fedora 37 : netconsd (2023-88629e9585)

The remote Fedora 37 host has a package installed that is affected by a vulnerability as referenced in the FEDORA-2023-88629e9585 advisory. Update to 0.2 to address CVE-2023-28753; Fixes: RHBZ2181655 Tenable has extracted the preceding description block directly from the Fedora security advisory...

WordPress CMP - Coming Soon & Maintenance Plugin < 4.1.7 Information Disclosure Vulnerability

The WordPress plugin SPDX-FileCopyrightText: 2023 Greenbone AG Some text descriptions might be excerpted from a referenced sources, and are Copyright C by the respective right holders. SPDX-License-Identifier: GPL-2.0-only CPE = "cpe:/a:niteothemes:cmp"; ifdescription...

WordPress CMP – Coming Soon & Maintenance Plugin <= 4.1.6 is vulnerable to Sensitive Data Exposure

Software CMP – Coming Soon & Maintenance Type Plugin Vulnerable versions = 4.1.6 Fixed in 4.1.7 OWASP Top 10 A3: Sensitive Data Exposure Classification Sensitive Data Exposure CVE CVE-2023-1263 Patch priority Low CVSS severity Low 5.3 Developer Claim ownership PSID 7aa91bb177d3 Credits Marco...

CVE-2023-1263

The CMP – Coming Soon & Maintenance plugin for WordPress is vulnerable to Information Exposure in versions up to, and including, 4.1.6 via the cmpgetpostdetail function. This can allow unauthenticated individuals to obtain the contents of any non-password-protected, published post or page even wh...

CVE-2023-1263

The CMP – Coming Soon & Maintenance plugin for WordPress is vulnerable to Information Exposure in versions up to, and including, 4.1.6 via the cmpgetpostdetail function. This can allow unauthenticated individuals to obtain the contents of any non-password-protected, published post or page even wh...

Information disclosure

The CMP – Coming Soon & Maintenance plugin for WordPress is vulnerable to Information Exposure in versions up to, and including, 4.1.6 via the cmpgetpostdetail function. This can allow unauthenticated individuals to obtain the contents of any non-password-protected, published post or page even wh...

CVE-2023-1263 CMP – Coming Soon & Maintenance Plugin by NiteoThemes <= 4.1.6 - Information Exposure

The CMP – Coming Soon & Maintenance plugin for WordPress is vulnerable to Information Exposure in versions up to, and including, 4.1.6 via the cmpgetpostdetail function. This can allow unauthenticated individuals to obtain the contents of any non-password-protected, published post or page even wh...

CVE-2023-1263

CVE-2023-1263 affects the WordPress plugin CMP – Coming Soon & Maintenance (by NiteoThemes) ≤ 4.1.6. The vulnerability allows unauthenticated users to view contents of non-password-protected, published posts/pages while maintenance mode is enabled, via the cmp_get_post_detail function. Root cause...