CVE-2023-2715

CVE-2023-2715 concerns the Groundhogg WordPress plugin. Public records show vulnerable versions up to 2.7.9.8 where a missing capability check in the submit_ticket function can allow an authenticated user to modify data or create an admin account via a ticket that includes site data and a login l...

CVE-2023-2715 Groundhogg <= 2.7.9.8 - Missing Authorization to Admin Account and Ticket Creation

The Groundhogg plugin for WordPress is vulnerable to unauthorized modification of data due to a missing capability check on the 'submitticket' function in versions up to, and including, 2.7.9.8. This makes it possible for authenticated attackers to create a support ticket that sends the website's...

PT-2023-20979 · WordPress · Groundhogg

Name of the Vulnerable Software and Affected Versions: Groundhogg plugin for WordPress versions up to, and including, 2.7.9.8 Description: The issue allows unauthorized access and modification of data due to a missing capability check on the ajax upload file function. This enables authenticated...

CVE-2022-47984

IBM InfoSphere Information Server 11.7 is vulnerable to SQL injection. A remote attacker could send specially crafted SQL statements, which could allow the attacker to view, add, modify or delete information in the back-end database. IBM X-Force ID: 243163...

buildah: possible information disclosure and modification

An incorrect handling of the supplementary groups in the Buildah container engine might lead to the sensitive information disclosure or possible data modification if an attacker has direct access to the affected container where supplementary groups are used to set access permissions and is able t...

mysql: Server: Security: Encryption unspecified vulnerability (CPU Jan 2023)

Vulnerability in the MySQL Server product of Oracle MySQL component: Server: Security: Encryption. Supported versions that are affected are 8.0.31 and prior. Difficult to exploit vulnerability allows high privileged attacker with network access via multiple protocols to compromise MySQL Server...

mysql: Server: Optimizer unspecified vulnerability (CPU Jan 2023)

Vulnerability in the MySQL Server product of Oracle MySQL component: Server: Optimizer. Supported versions that are affected are 8.0.31 and prior. Easily exploitable vulnerability allows high privileged attacker with network access via multiple protocols to compromise MySQL Server. Successful...

mysql: InnoDB unspecified vulnerability (CPU Jan 2023)

Vulnerability in the MySQL Server product of Oracle MySQL component: InnoDB. Supported versions that are affected are 8.0.31 and prior. Easily exploitable vulnerability allows high privileged attacker with network access via multiple protocols to compromise MySQL Server. Successful attacks of thi...

podman: possible information disclosure and modification

An incorrect handling of the supplementary groups in the Podman container engine might lead to the sensitive information disclosure or possible data modification if an attacker has direct access to the affected container where supplementary groups are used to set access permissions and is able to...

CentOS 8 : container-tools:4.0 (CESA-2023:2802)

The remote CentOS Linux 8 host has packages installed that are affected by multiple vulnerabilities as referenced in the CESA-2023:2802 advisory. - Acceptance of some invalid Transfer-Encoding headers in the HTTP/1 client in net/http before Go 1.17.12 and Go 1.18.4 allows HTTP request smuggling i...

Rockwell Automation ArmorStart ST Cross-Site Scripting Vulnerability (CNVD-2023-44292)

Rockwell Automation ArmorStart ST is a simple and cost-effective solution for machine-side control architectures from Rockwell Automation. A cross-site scripting vulnerability exists in Rockwell Automation ArmorStart ST, which can be exploited by an attacker to view and modify sensitive data or...

The vulnerability of the Connector/J driver for MySQL Connectors of the Oracle MySQL database management system allows a hacker to gain access to read, modify, add, or delete data.

The vulnerability of the Connector/J driver for MySQL Connectors of the Oracle Database Management System exists due to insufficient validation of input data. Exploiting this vulnerability allows an attacker to remotely gain access to read, modify, add, or delete data...

The vulnerability of the Libraries component of the Oracle Java SE software platform and the Oracle GraalVM Enterprise Edition virtual machine allows a perpetrator to gain access to modify, add, or delete data.

The vulnerability of the Libraries component of the Oracle Java SE software platform and the Oracle GraalVM Enterprise Edition virtual machine exists due to insufficient testing of input data. Exploiting this vulnerability can allow an attacker, operating remotely, to gain access to modify, add, ...

The vulnerability of the Routing Hub sub-component of the Oracle Banking Virtual Account Management component in the banking analytics system of the Oracle Financial Services Applications allows a perpetrator to gain access to read, modify, add, or delete data.

The vulnerability of the Routing Hub subcomponent of the Oracle Banking Virtual Account Management component in the banking analytics system of the Oracle Financial Services Applications is related to insufficient validation of input data. Exploiting this vulnerability could allow an attacker to...

The vulnerability of the Libraries component of the Oracle Java SE software platform and the Oracle GraalVM Enterprise Edition virtual machine allows a perpetrator to gain access to modify, add, or delete data.

The vulnerability of the Libraries component of the Oracle Java SE software platform and the Oracle GraalVM Enterprise Edition virtual machine exists due to insufficient testing of input data. Exploiting this vulnerability can allow an attacker, operating remotely, to gain access to modify, add, ...

The vulnerability of the Native Image component in the Oracle GraalVM Enterprise Edition virtual machine allows a hacker to gain access to modify, add, or delete data.

The vulnerability of the Native Image component in the Oracle GraalVM Enterprise Edition virtual machine exists due to insufficient testing of input data. Exploiting this vulnerability can allow an attacker to modify, add, or delete data...

The vulnerability of the SMS Module component of the Oracle Banking Virtual Account Management component of the banking analytics system’s simulation model, Oracle Financial Services Applications, allows a perpetrator to gain access to read, modify, add, or delete data.

The vulnerability of the SMS Module component of the Oracle Banking Virtual Account Management component of the banking analytics system’s simulation model, Oracle Financial Services Applications, is related to insufficient validation of entered data. Exploiting this vulnerability could allow an...

The vulnerability in the IPS repository of Oracle Solaris operating systems allows a perpetrator to gain access to modify, add, or delete data.

The vulnerability in the IPS repository of Oracle Solaris operating systems is related to insufficient validation of input data. Exploiting this vulnerability can allow an attacker to modify, add, or delete data...

Vulnerability of the MySQL Server component: The MySQL Server database management system’s DDL functions allow attackers to cause service failures or gain access to modify, add, or delete data.

Vulnerability of the MySQL Server component: The DDL system for database management of MySQL Server is vulnerable due to insufficient validation of input data. Exploiting this vulnerability can allow an attacker to cause service failures or gain access to modify, add, or delete data...

CVE-2023-29031

A cross site scripting vulnerability was discovered in Rockwell Automation's ArmorStart ST product that could potentially allow a malicious user to view and modify sensitive data or make the web page unavailable. User interaction, such as a phishing attack, is required for successful exploitation...