IDOR in message deletion

Description user can delete others's message. we know the report https://huntr.dev/bounties/24ae402f-220f-41c6-962e-47c26938986e/ , but we find that we do not fix one case. Proof of Concept 1 user1 send admin a greeting card1 2 user2 send admin a greeting card2 3 user1 delete his message related ...

Delta Electronics CNCSoft-B DOPSoft

1. EXECUTIVE SUMMARY CVSS v3 7.8 ATTENTION : Low attack complexity Vendor : Delta Electronics Equipment : CNCSoft-B DOPSoft Vulnerabilities: Stack-based Buffer Overflow, Heap-based Buffer Overflow 2. RISK EVALUATION Successful exploitation of these vulnerabilities could allow an attacker to...

golang.org/x/net/http2: avoid quadratic complexity in HPACK decoding

A flaw was found in golang. A maliciously crafted HTTP/2 stream could cause excessive CPU consumption in the HPACK decoder, sufficient to cause a denial of service from a small number of requests...

Important: Red Hat Security Advisory: Red Hat OpenStack Platform 16.1 (etcd) security update

An update for etcd is now available for Red Hat OpenStack Platform 16.1 Train. Red Hat Product Security has rated this update as having a security impact of Important. A Common Vulnerability Scoring System CVSS base score, which gives a detailed severity rating, is available for each vulnerabilit...

golang.org/x/net/http2: avoid quadratic complexity in HPACK decoding

A flaw was found in golang. A maliciously crafted HTTP/2 stream could cause excessive CPU consumption in the HPACK decoder, sufficient to cause a denial of service from a small number of requests...

CVE-2023-3091

UNSUPPORTED WHEN ASSIGNED A vulnerability was found in Captura up to 8.0.0. It has been declared as critical. This vulnerability affects unknown code in the library CRYPTBASE.dll. The manipulation leads to uncontrolled search path. Attacking locally is a requirement. The complexity of an attack i...

Design/Logic Flaw

UNSUPPORTED WHEN ASSIGNED A vulnerability was found in Captura up to 8.0.0. It has been declared as critical. This vulnerability affects unknown code in the library CRYPTBASE.dll. The manipulation leads to uncontrolled search path. Attacking locally is a requirement. The complexity of an attack i...

PT-2023-23040 · Unknown +1 · Cryptbase.Dll +1

Name of the Vulnerable Software and Affected Versions: Captura versions up to 8.0.0 Description: A critical vulnerability was found in Captura, affecting unknown code in the library CRYPTBASE.dll. The manipulation leads to an uncontrolled search path. Attacking locally is a requirement, and the...

The Messy US Influence That’s Helping Iranians Stay Online

Newly announced sanctions against Iran-based Avaran Cloud underscore the complexity of crafting Washington’s internet freedom efforts...

coreBOS 授权问题漏洞

coreBOS is a JPL TSolucio open source commercial software capable of managing day-to-day business needs. A security vulnerability exists in versions prior to coreBOS 8 that stems from the ability to bypass password length and password complexity validation in the account password change feature...

CVE-2023-26485

A flaw was found in CommonMarker. A polynomial time complexity issue in cmark-gfm may lead to unbounded resource exhaustion and subsequent denial of service...

CVE-2023-24824

A flaw was found in CommonMarker. A polynomial time complexity issue in cmark-gfm may lead to unbounded resource exhaustion and subsequent denial of service...

CVE-2023-2900

A vulnerability was found in NFine Rapid Development Platform 20230511. It has been classified as problematic. Affected is an unknown function of the file /Login/CheckLogin. The manipulation leads to use of weak hash. It is possible to launch the attack remotely. The complexity of an attack is...

Apache InLong 安全漏洞

Apache InLong is the United States Apache Apache Foundation's one-stop massive data integration framework. A security vulnerability exists in Apache InLong versions 1.1.0 through 1.6.0, which stems from an application that does not set a complexity requirement for user passwords, and can be...

MGASA-2023-0181 Updated cmark packages fix security vulnerability

cmark incorrectly handled certain inputs. Fixes quadratic complexity in handleclosebracket "" which may lead to a denial of service CVE-2023-22486. Noting that this also fixes a quadratic parsing issue with repeated comment tags that was not in a released product but which was assigned a CVE...

Updated cmark packages fix security vulnerability

cmark incorrectly handled certain inputs. Fixes quadratic complexity in handleclosebracket "" which may lead to a denial of service CVE-2023-22486. Noting that this also fixes a quadratic parsing issue with repeated comment tags that was not in a released product but which was assigned a CVE...

Regular Expression Denial Of Service (ReDoS)

giturlparse is vulnerable to Regular Expression Denial Of Service ReDoS. The vulnerability exists in giturlparser.py which allows an attacker to send a payload in a URL which can cause an application crash due to inefficient regular expression complexity...

Risk of Gas Limit Exceedance During Proposal Sorting

Lines of code Vulnerability details Impact The array of up to 10 proposals using the insertion sort algorithm in insertionSortProposalsByVotes function in the StandardFunding.sol contract but, if the number of proposals exceeds 10, the sorting process may cause the function to exceed the block ga...

Siemens Solid Edge

As of January 10, 2023, CISA will no longer be updating ICS security advisories for Siemens product vulnerabilities beyond the initial advisory. For the most up-to-date information on vulnerabilities in this advisory, please seeSiemens' ProductCERT Security Advisories CERT Services | Services |...

CVE-2023-2473

A vulnerability was found in Dreamer CMS up to 4.1.3. It has been declared as problematic. This vulnerability affects the function updatePwd of the file UserController.java of the component Password Hash Calculation. The manipulation leads to inefficient algorithmic complexity. The attack can be...