352 matches found
CVE-2023-7202
The Fatal Error Notify WordPress plugin before 1.5.3 does not have authorisation and CSRF checks in its testerror AJAX action, allowing any authenticated users, such as subscriber to call it and spam the admin email address with error messages. The issue is also exploitable via CSRF...
Cross site request forgery (csrf)
The Fatal Error Notify WordPress plugin before 1.5.3 does not have authorisation and CSRF checks in its testerror AJAX action, allowing any authenticated users, such as subscriber to call it and spam the admin email address with error messages. The issue is also exploitable via CSRF...
CVE-2023-7202 Fatal Error Notify < 1.5.3 - Subscriber+ Test Error Email Sending
The Fatal Error Notify WordPress plugin before 1.5.3 does not have authorisation and CSRF checks in its testerror AJAX action, allowing any authenticated users, such as subscriber to call it and spam the admin email address with error messages. The issue is also exploitable via CSRF...
CVE-2023-7202
CVE-2023-7202 affects the Fatal Error Notify WordPress plugin prior to 1.5.3. The root cause is missing authorization checks and CSRF protections in the test_error AJAX action, enabling any authenticated user (e.g., a Subscriber) to trigger error emails to the site admin. This also enables CSRF e...
WordPress Plugin Fatal Error Notify Security Vulnerability
WordPress and WordPress plugin are both products of the WordPress Foundation.WordPress is a blogging platform developed using the PHP language. WordPress is a blogging platform developed using the PHP language, which supports personal blog sites on PHP and MySQL servers.WordPress plugin is an...
PT-2024-15227 · WordPress · Fatal Error Notify
Name of the Vulnerable Software and Affected Versions: Fatal Error Notify WordPress plugin versions prior to 1.5.3 Description: The issue affects the test error AJAX action in the Fatal Error Notify WordPress plugin, which lacks authorisation and CSRF checks. This allows any authenticated users,...
CVE-2023-52454
In the Linux kernel, the following vulnerability has been resolved: nvmet-tcp: Fix a kernel panic when host sends an invalid H2C PDU length If the host sends an H2CData command with an invalid DATAL, the kernel may crash in nvmettcpbuildpduiovec. Unable to handle kernel NULL pointer dereference a...
DEBIAN-CVE-2023-52454
In the Linux kernel, the following vulnerability has been resolved: nvmet-tcp: Fix a kernel panic when host sends an invalid H2C PDU length If the host sends an H2CData command with an invalid DATAL, the kernel may crash in nvmettcpbuildpduiovec. Unable to handle kernel NULL pointer dereference a...
Null pointer dereference
In the Linux kernel, the following vulnerability has been resolved: nvmet-tcp: Fix a kernel panic when host sends an invalid H2C PDU length If the host sends an H2CData command with an invalid DATAL, the kernel may crash in nvmettcpbuildpduiovec. Unable to handle kernel NULL pointer dereference a...
CVE-2023-52454 nvmet-tcp: Fix a kernel panic when host sends an invalid H2C PDU length
In the Linux kernel, the following vulnerability has been resolved: nvmet-tcp: Fix a kernel panic when host sends an invalid H2C PDU length If the host sends an H2CData command with an invalid DATAL, the kernel may crash in nvmettcpbuildpduiovec. Unable to handle kernel NULL pointer dereference a...
CVE-2023-52454 nvmet-tcp: Fix a kernel panic when host sends an invalid H2C PDU length
In the Linux kernel, the following vulnerability has been resolved: nvmet-tcp: Fix a kernel panic when host sends an invalid H2C PDU length If the host sends an H2CData command with an invalid DATAL, the kernel may crash in nvmettcpbuildpduiovec. Unable to handle kernel NULL pointer dereference a...
CVE-2023-52454 nvmet-tcp: Fix a kernel panic when host sends an invalid H2C PDU length
In the Linux kernel, the following vulnerability has been resolved: nvmet-tcp: Fix a kernel panic when host sends an invalid H2C PDU length If the host sends an H2CData command with an invalid DATAL, the kernel may crash in nvmettcpbuildpduiovec. Unable to handle kernel NULL pointer dereference a...
DoS (Denial of Service) org.xerial.snappy:snappy-java Dependency in Jira Software Data Center and Server
This High severity org.xerial.snappy:snappy-java Dependency vulnerability was introduced in versions 8.20.0, 8.22.0, 9.0.0, 9.1.0, 9.2.0, 9.3.0, 9.4.0, 9.5.0, 9.6.0, 9.7.0, 9.8.0, 9.9.0, 9.10.0, 9.11.0, and 9.12.0 of Jira Software Data Center and Server. This org.xerial.snappy:snappy-java...
WordPress Fatal Error Notify Plugin < 1.5.3 is vulnerable to Broken Access Control
Software Fatal Error Notify Type Plugin Vulnerable versions 1.5.3 Fixed in 1.5.3 OWASP Top 10 A1: Broken Access Control Classification Broken Access Control CVE CVE-2023-7202 Patch priority Low CVSS severity Low 4.3 Developer Claim ownership PSID 55ba4f7fb253 Credits Dmitrii Ignatyev Required...
Fatal Error Notify < 1.5.3 - Subscriber+ Test Error Email Sending
Description The plugin does not have authorisation and CSRF checks in its testerror AJAX action, allowing any authenticated users, such as subscriber to call it and spam the admin email address with error messages. The issue is also exploitable via CSRF PoC As a subscriber, open...
golang: net/http: handle server errors after sending GOAWAY
A flaw was found in the golang package. In net/http in Go, attackers can cause a denial of service because an HTTP/2 connection can hang during closing if a fatal error preempts the shutdown...
DoS (Denial of Service) org.xerial.snappy:snappy-java Dependency in Bitbucket Data Center and Server
This High severity org.xerial.snappy:snappy-java Dependency vulnerability was introduced in versions 7.21.0, 8.9.0 and 8.13.0 of Bitbucket Data Center and Server. This org.xerial.snappy:snappy-java Dependency vulnerability, with a CVSS Score of 7.5 and a CVSS Vector of...
Medium: containerd
Issue Overview: In net/http in Go before 1.18.6 and 1.19.x before 1.19.1, attackers can cause a denial of service because an HTTP/2 connection can hang during closing if shutdown were preempted by a fatal error. CVE-2022-27664 Affected Packages: containerd Note: This advisory is applicable to...
golang: net/http: handle server errors after sending GOAWAY
A flaw was found in the golang package. In net/http in Go, attackers can cause a denial of service because an HTTP/2 connection can hang during closing if a fatal error preempts the shutdown...
CVE-2023-43642 Missing upper bound check on chunk length in snappy-java
snappy-java is a Java port of the snappy, a fast C++ compresser/decompresser developed by Google. The SnappyInputStream was found to be vulnerable to Denial of Service DoS attacks when decompressing data with a too large chunk size. Due to missing upper bound check on chunk length, an unrecoverab...