Lucene search
K

352 matches found

OSV
OSV
added 2024/02/27 9:15 a.m.4 views

CVE-2023-7202

The Fatal Error Notify WordPress plugin before 1.5.3 does not have authorisation and CSRF checks in its testerror AJAX action, allowing any authenticated users, such as subscriber to call it and spam the admin email address with error messages. The issue is also exploitable via CSRF...

6.1CVSS7.3AI score0.00228EPSS
Exploits3References2
Prion
Prion
added 2024/02/27 9:15 a.m.13 views

Cross site request forgery (csrf)

The Fatal Error Notify WordPress plugin before 1.5.3 does not have authorisation and CSRF checks in its testerror AJAX action, allowing any authenticated users, such as subscriber to call it and spam the admin email address with error messages. The issue is also exploitable via CSRF...

6.8AI score0.00228EPSS
Exploits3References2
Cvelist
Cvelist
added 2024/02/27 8:30 a.m.20 views

CVE-2023-7202 Fatal Error Notify < 1.5.3 - Subscriber+ Test Error Email Sending

The Fatal Error Notify WordPress plugin before 1.5.3 does not have authorisation and CSRF checks in its testerror AJAX action, allowing any authenticated users, such as subscriber to call it and spam the admin email address with error messages. The issue is also exploitable via CSRF...

6.5AI score0.00228EPSS
Exploits3References2
CVE
CVE
added 2024/02/27 8:30 a.m.5679 views

CVE-2023-7202

CVE-2023-7202 affects the Fatal Error Notify WordPress plugin prior to 1.5.3. The root cause is missing authorization checks and CSRF protections in the test_error AJAX action, enabling any authenticated user (e.g., a Subscriber) to trigger error emails to the site admin. This also enables CSRF e...

6.1CVSS6.3AI score0.00228EPSS
Exploits3References2Affected Software1
CNNVD
CNNVD
added 2024/02/27 12:0 a.m.2 views

WordPress Plugin Fatal Error Notify Security Vulnerability

WordPress and WordPress plugin are both products of the WordPress Foundation.WordPress is a blogging platform developed using the PHP language. WordPress is a blogging platform developed using the PHP language, which supports personal blog sites on PHP and MySQL servers.WordPress plugin is an...

6.1CVSS6.4AI score0.00228EPSS
Exploits3References3
Positive Technologies
Positive Technologies
added 2024/02/27 12:0 a.m.3 views

PT-2024-15227 · WordPress · Fatal Error Notify

Name of the Vulnerable Software and Affected Versions: Fatal Error Notify WordPress plugin versions prior to 1.5.3 Description: The issue affects the test error AJAX action in the Fatal Error Notify WordPress plugin, which lacks authorisation and CSRF checks. This allows any authenticated users,...

6.1CVSS9.2AI score0.00228EPSS
Exploits3References7
NVD
NVD
added 2024/02/23 3:15 p.m.21 views

CVE-2023-52454

In the Linux kernel, the following vulnerability has been resolved: nvmet-tcp: Fix a kernel panic when host sends an invalid H2C PDU length If the host sends an H2CData command with an invalid DATAL, the kernel may crash in nvmettcpbuildpduiovec. Unable to handle kernel NULL pointer dereference a...

5.5CVSS6.1AI score0.00228EPSS
Exploits0References8
OSV
OSV
added 2024/02/23 3:15 p.m.2 views

DEBIAN-CVE-2023-52454

In the Linux kernel, the following vulnerability has been resolved: nvmet-tcp: Fix a kernel panic when host sends an invalid H2C PDU length If the host sends an H2CData command with an invalid DATAL, the kernel may crash in nvmettcpbuildpduiovec. Unable to handle kernel NULL pointer dereference a...

5.5CVSS5.5AI score0.00228EPSS
Exploits0References1
Prion
Prion
added 2024/02/23 3:15 p.m.28 views

Null pointer dereference

In the Linux kernel, the following vulnerability has been resolved: nvmet-tcp: Fix a kernel panic when host sends an invalid H2C PDU length If the host sends an H2CData command with an invalid DATAL, the kernel may crash in nvmettcpbuildpduiovec. Unable to handle kernel NULL pointer dereference a...

7.3AI score0.00228EPSS
Exploits0References7
Vulnrichment
Vulnrichment
added 2024/02/23 2:46 p.m.19 views

CVE-2023-52454 nvmet-tcp: Fix a kernel panic when host sends an invalid H2C PDU length

In the Linux kernel, the following vulnerability has been resolved: nvmet-tcp: Fix a kernel panic when host sends an invalid H2C PDU length If the host sends an H2CData command with an invalid DATAL, the kernel may crash in nvmettcpbuildpduiovec. Unable to handle kernel NULL pointer dereference a...

6.7AI score0.00228EPSS
Exploits0References7
Cvelist
Cvelist
added 2024/02/23 2:46 p.m.29 views

CVE-2023-52454 nvmet-tcp: Fix a kernel panic when host sends an invalid H2C PDU length

In the Linux kernel, the following vulnerability has been resolved: nvmet-tcp: Fix a kernel panic when host sends an invalid H2C PDU length If the host sends an H2CData command with an invalid DATAL, the kernel may crash in nvmettcpbuildpduiovec. Unable to handle kernel NULL pointer dereference a...

6.4AI score0.00228EPSS
Exploits0References7
OSV
OSV
added 2024/02/23 2:46 p.m.5 views

CVE-2023-52454 nvmet-tcp: Fix a kernel panic when host sends an invalid H2C PDU length

In the Linux kernel, the following vulnerability has been resolved: nvmet-tcp: Fix a kernel panic when host sends an invalid H2C PDU length If the host sends an H2CData command with an invalid DATAL, the kernel may crash in nvmettcpbuildpduiovec. Unable to handle kernel NULL pointer dereference a...

5.5CVSS5.8AI score0.00228EPSS
Exploits0References11
Atlassian
Atlassian
added 2024/02/14 10:46 a.m.40 views

DoS (Denial of Service) org.xerial.snappy:snappy-java Dependency in Jira Software Data Center and Server

This High severity org.xerial.snappy:snappy-java Dependency vulnerability was introduced in versions 8.20.0, 8.22.0, 9.0.0, 9.1.0, 9.2.0, 9.3.0, 9.4.0, 9.5.0, 9.6.0, 9.7.0, 9.8.0, 9.9.0, 9.10.0, 9.11.0, and 9.12.0 of Jira Software Data Center and Server. This org.xerial.snappy:snappy-java...

7.5CVSS9.9AI score0.01707EPSS
Exploits1
Patchstack
Patchstack
added 2024/01/31 12:0 a.m.7 views

WordPress Fatal Error Notify Plugin < 1.5.3 is vulnerable to Broken Access Control

Software Fatal Error Notify Type Plugin Vulnerable versions 1.5.3 Fixed in 1.5.3 OWASP Top 10 A1: Broken Access Control Classification Broken Access Control CVE CVE-2023-7202 Patch priority Low CVSS severity Low 4.3 Developer Claim ownership PSID 55ba4f7fb253 Credits Dmitrii Ignatyev Required...

6.1CVSS6.5AI score0.00228EPSS
Exploits3References4Affected Software1
WPVulnDB
WPVulnDB
added 2024/01/30 12:0 a.m.15 views

Fatal Error Notify < 1.5.3 - Subscriber+ Test Error Email Sending

Description The plugin does not have authorisation and CSRF checks in its testerror AJAX action, allowing any authenticated users, such as subscriber to call it and spam the admin email address with error messages. The issue is also exploitable via CSRF PoC As a subscriber, open...

9.1AI score0.00228EPSS
Exploits3References1Affected Software1
RedHat Linux
RedHat Linux
added 2024/01/10 11:36 a.m.3 views

golang: net/http: handle server errors after sending GOAWAY

A flaw was found in the golang package. In net/http in Go, attackers can cause a denial of service because an HTTP/2 connection can hang during closing if a fatal error preempts the shutdown...

7.5CVSS6.6AI score0.02607EPSS
Exploits0References6
Atlassian
Atlassian
added 2024/01/08 8:45 p.m.43 views

DoS (Denial of Service) org.xerial.snappy:snappy-java Dependency in Bitbucket Data Center and Server

This High severity org.xerial.snappy:snappy-java Dependency vulnerability was introduced in versions 7.21.0, 8.9.0 and 8.13.0 of Bitbucket Data Center and Server. This org.xerial.snappy:snappy-java Dependency vulnerability, with a CVSS Score of 7.5 and a CVSS Vector of...

7.5CVSS6.7AI score0.01762EPSS
Exploits1
Amazon
Amazon
added 2023/11/16 12:0 a.m.5 views

Medium: containerd

Issue Overview: In net/http in Go before 1.18.6 and 1.19.x before 1.19.1, attackers can cause a denial of service because an HTTP/2 connection can hang during closing if shutdown were preempted by a fatal error. CVE-2022-27664 Affected Packages: containerd Note: This advisory is applicable to...

7.5CVSS6.9AI score0.02607EPSS
Exploits0
RedHat Linux
RedHat Linux
added 2023/10/31 2:6 p.m.4 views

golang: net/http: handle server errors after sending GOAWAY

A flaw was found in the golang package. In net/http in Go, attackers can cause a denial of service because an HTTP/2 connection can hang during closing if a fatal error preempts the shutdown...

7.5CVSS6.6AI score0.02607EPSS
Exploits0References6
Cvelist
Cvelist
added 2023/09/25 7:3 p.m.39 views

CVE-2023-43642 Missing upper bound check on chunk length in snappy-java

snappy-java is a Java port of the snappy, a fast C++ compresser/decompresser developed by Google. The SnappyInputStream was found to be vulnerable to Denial of Service DoS attacks when decompressing data with a too large chunk size. Due to missing upper bound check on chunk length, an unrecoverab...

7.5CVSS7.6AI score0.0104EPSS
Exploits1References2
Rows per page
Query Builder