WordPress Custom More Link Complete Plugin <= 1.4.1 is vulnerable to Cross Site Scripting (XSS)

Software Custom More Link Complete Type Plugin Vulnerable versions = 1.4.1 Fixed in N/A OWASP Top 10 A7: Cross-Site Scripting XSS Classification Cross Site Scripting XSS CVE CVE-2023-23788 Patch priority Low CVSS severity Low 5.9 Developer Claim ownership PSID 583ecb11a619 Credits Rio Darmawan...

CVE-2023-20035

A vulnerability in the CLI of Cisco IOS XE SD-WAN Software could allow an authenticated, local attacker to execute arbitrary commands with elevated privileges. This vulnerability is due to insufficient input validation by the system CLI. An attacker with privileges to run commands could exploit...

Reduce Risk and Regain Control with Cloud Risk Complete

Over the last 10 to 15 years, organizations have been migrating to the cloud to take advantage of the speed and scale it enables. During that time, we’ve all had to learn that new cloud infrastructure means new security challenges, and that many legacy tools and processes are unable to keep up wi...

CVE-2023-1168 Authenticated Remote Code Execution in Aruba CX Switches

An authenticated remote code execution vulnerability exists in the AOS-CX Network Analytics Engine. Successful exploitation of this vulnerability results in the ability to execute arbitrary code as a privileged user on the underlying operating system, leading to a complete compromise of the switc...

share underflow in getPoolReward()

Lines of code Vulnerability details Impact It is important to draw attention to an issue that, while out of scope, can lead to a complete loss of funds on the contract and, therefore, seems significant. The configurePools function allows setting an arbitrary, unrestricted daoTax, which can result...

ActivePool.sol – Re-entrancy risk on _rebalance function

Lines of code Vulnerability details The rebalance function is vulnerable to a reentrancy attack. Specifically, an external callee can take over the control flow of the function by calling back into the ActivePool contract via a method that triggers the rebalance function again before it completes...

Malicious code in owa-fabric-theme (npm)

--- -= Per source details. Do not edit below this line.=- Source: ghsa-malware 00c697ee4df7db1ed759f515b005aa747d8b25e658b91a7f744d69bbf1e8a99e Any computer that has this package installed or running should be considered fully compromised. All secrets and keys stored on that computer should be...

K33522171: Multiple MySQL vulnerabilities

Security Advisory Description CVE-2020-14550 Vulnerability in the MySQL Client product of Oracle MySQL component: C API. Supported versions that are affected are 5.6.48 and prior, 5.7.30 and prior and 8.0.20 and prior. Difficult to exploit vulnerability allows low privileged attacker with network...

K10754336: MySQL vulnerabilities CVE-2019-2808, CVE-2019-2810, CVE-2019-2811, CVE-2019-2812, and CVE-2019-2814

Security Advisory Description CVE-2019-2808 Vulnerability in the MySQL Server component of Oracle MySQL subcomponent: Server: Optimizer. Supported versions that are affected are 8.0.16 and prior. Easily exploitable vulnerability allows high privileged attacker with network access via multiple...

K04327352: Multiple MySQL data manipulation language vulnerabilities

Security Advisory Description CVE-2017-3634 Vulnerability in the MySQL Server component of Oracle MySQL subcomponent: Server: DML. Supported versions that are affected are 5.6.36 and earlier and 5.7.18 and earlier. Easily exploitable vulnerability allows low privileged attacker with network acces...

K10107360: Apache Tomcat vulnerability CVE-2019-12418

Security Advisory Description When Apache Tomcat 9.0.0.M1 to 9.0.28, 8.5.0 to 8.5.47, 7.0.0 and 7.0.97 is configured with the JMX Remote Lifecycle Listener, a local attacker without access to the Tomcat process or configuration files is able to manipulate the RMI registry to perform a...

K21512823: MySQL vulnerabilities CVE-2018-2645, CVE-2018-2646, CVE-2018-2647, CVE-2018-2665, and CVE-2018-2667

Security Advisory Description CVE-2018-2645 Vulnerability in the MySQL Server component of Oracle MySQL subcomponent: Server: Performance Schema. Supported versions that are affected are 5.6.38 and prior and 5.7.20 and prior. Easily exploitable vulnerability allows high privileged attacker with...

K66851119: F5 TMUI XSS vulnerability CVE-2021-22994

Security Advisory Description Undisclosed endpoints in iControl REST allow for a reflected XSS attack, which could lead to a complete compromise of the BIG-IP system if the victim user is granted the admin role. This vulnerability is due to an incomplete fix for CVE-2020-5948. CVE-2021-22994 Impa...

SUSE CVE-2012-1975

Use-after-free vulnerability in the PresShell::CompleteMove function in Mozilla Firefox before 15.0, Firefox ESR 10.x before 10.0.7, Thunderbird before 15.0, Thunderbird ESR 10.x before 10.0.7, and SeaMonkey before 2.12 allows remote attackers to execute arbitrary code or cause a denial of servic...

SUSE CVE-2018-8002

In PoDoFo 0.9.5, there exists an infinite loop vulnerability in PdfParserObject::ParseFileComplete in PdfParserObject.cpp which may result in stack overflow. Remote attackers could leverage this vulnerability to cause a denial-of-service or possibly unspecified other impact via a crafted pdf file...

SUSE CVE-2021-20275

A flaw was found in privoxy before 3.0.32. A invalid read of size two may occur in chunkedbodyiscomplete leading to denial of service...

SUSE CVE-2021-39698

In aiopollcompletework of aio.c, there is a possible memory corruption due to a use after free. This could lead to local escalation of privilege with no additional execution privileges needed. User interaction is not needed for exploitation.Product: AndroidVersions: Android kernelAndroid ID:...

GSD-2023-1002021 io_uring/poll: add hash if ready poll request can't complete inline

iouring/poll: add hash if ready poll request can't complete inline This is an automated ID intended to aid in discovery of potential security vulnerabilities. The actual impact and attack plausibility have not yet been proven. This ID is fixed in Linux Kernel version v6.1.7 by commit...

Guide to Container Management on AWS

This article explores how services provided by Amazon Web Services enable better container management with simplicity, flexibility, and complete control...

Dell PowerScale OneFS Trust Management Issue Vulnerability

Dell PowerScale OneFS is a U.S. Dell Dell PowerScale OneFS operating system that provides scale-out NAS. Dell PowerScale OneFS is vulnerable to a trust management issue, which could be exploited by an unauthenticated attacker to cause a complete system crash...