CVE-2023-4318 Herd Effects < 5.2.4 - Effect Deletion via CSRF

The Herd Effects WordPress plugin before 5.2.4 does not have CSRF when deleting its items, which could allow attackers to make logged in admins delete arbitrary effects via a CSRF attack...

BELL-CVE-2020-27814 CVE-2020-27814 does not affect BellSoft software

Bulletin has no description...

BELL-CVE-2021-22924 CVE-2021-22924 does not affect BellSoft software

Bulletin has no description...

BELL-CVE-2017-5969 CVE-2017-5969 does not affect BellSoft software

Bulletin has no description...

BELL-CVE-2020-14147 CVE-2020-14147 does not affect BellSoft software

Bulletin has no description...

BELL-CVE-2017-7485 CVE-2017-7485 does not affect BellSoft software

Bulletin has no description...

BELL-CVE-2020-24119 CVE-2020-24119 does not affect BellSoft software

Bulletin has no description...

BELL-CVE-2019-6706 CVE-2019-6706 does not affect BellSoft software

Bulletin has no description...

BELL-CVE-2020-15389 CVE-2020-15389 does not affect BellSoft software

Bulletin has no description...

BELL-CVE-2023-28841 CVE-2023-28841 does not affect BellSoft software

Bulletin has no description...

MAL-2023-7955 Malicious code in frontend-effect (npm)

--- -= Per source details. Do not edit below this line.=- Source: ghsa-malware f99fca2bf58d400b4cf4e469118f0ff61967c8a4e29d0ec247501cf57a978428 Any computer that has this package installed or running should be considered fully compromised. All secrets and keys stored on that computer should be...

Malicious code in frontend-effect (npm)

--- -= Per source details. Do not edit below this line.=- Source: ghsa-malware f99fca2bf58d400b4cf4e469118f0ff61967c8a4e29d0ec247501cf57a978428 Any computer that has this package installed or running should be considered fully compromised. All secrets and keys stored on that computer should be...

WordPress Typing Effect Plugin <= 1.3.6 is vulnerable to Cross Site Scripting (XSS)

Software Typing Effect Type Plugin Vulnerable versions = 1.3.6 Fixed in 1.3.7 OWASP Top 10 A7: Cross-Site Scripting XSS Classification Cross Site Scripting XSS CVE CVE-2023-40605 Patch priority Low CVSS severity Low 6.5 Developer Claim ownership PSID 92bc3bb12d2e Credits yuyudhn Required privileg...

InterchainTokenService.expressReceiveTokenWithData does not apply Check-Effect-Interaction mode

Lines of code Vulnerability details Impact InterchainTokenService.expressReceiveTokenWithData does not apply the Check-Effect-Interaction pattern. In some edge cases, the caller can lose funds. Proof of Concept The life cycle of sending token across chains contains 3 phases: //P1: launch on sourc...

MAL-2023-762 Malicious code in schema2x (npm)

--- -= Per source details. Do not edit below this line.=- Source: ghsa-malware 1cb19fe5d19843c87b53b0b52539cc74f919d82a31151b81159b41bd40b1467a Any computer that has this package installed or running should be considered fully compromised. All secrets and keys stored on that computer should be...

SUSE CVE-2016-5283

Mozilla Firefox before 49.0 allows remote attackers to bypass the Same Origin Policy via a crafted fragment identifier in the SRC attribute of an IFRAME element, leading to insufficient restrictions on link-color information after a document is resized...

SUSE CVE-2019-8357

An issue was discovered in SoX 14.4.2. lsxmakelpf in effectidsp.c allows a NULL pointer dereference...

reentrancy in TimeswapV2Option.collect()

Lines of code Vulnerability details Impact collect function doesn't respect the check-effect-interaction pattern, where in the case if a param.data is provided it makes an external call to the caller, right after that, it updates option short amount state. in the case if the caller calls back int...

CVE-2022-22738

Applying a CSS filter effect could have accessed out of bounds memory. This could have lead to a heap-buffer-overflow causing a potentially exploitable crash. This vulnerability affects Firefox ESR 91.5, Firefox 96, and Thunderbird 91.5...

CVE-2022-20548

In setParameter of EqualizerEffect.cpp, there is a possible out of bounds write due to improper input validation. This could lead to local escalation of privilege with no additional execution privileges needed. User interaction is not needed for exploitation.Product: AndroidVersions:...