Pausing the GuardCM does not work because the governorCheckProposalId is never set

Lines of code Vulnerability details Impact Since the governorCheckProposalId of the proposal to check the activity of the governance is never set in GuardCM, the CM can never pause GuardCM, even if the governance is inactive. This will result in a stagnation of the protocol since no significant...

CVE-2023-47145 IBM Db2 for Windows privilege escalation

IBM Db2 for Windows includes Db2 Connect Server 10.5, 11.1, and 11.5 could allow a local user to escalate their privileges to the SYSTEM user using the MSI repair functionality. IBM X-Force ID: 270402...

CVE-2023-34328

This CNA information record relates to multiple CVEs; the text explains which aspects/vulnerabilities correspond to which CVE. AMD CPUs since 2014 have extensions to normal x86 debugging functionality. Xen supports guests using these extensions. Unfortunately there are errors in Xen's handling of...

Huawei HarmonyOS Security Vulnerability

Huawei HarmonyOS is an operating system from Huawei China. It provides a full-scenario distributed operating system based on a microkernel. A security vulnerability exists in Huawei HarmonyOS. Successful exploitation of this vulnerability may result in abnormal functionality...

Important: Red Hat Security Advisory: xorg-x11-server security update

An update for xorg-x11-server is now available for Red Hat Enterprise Linux 7. Red Hat Product Security has rated this update as having a security impact of Important. A Common Vulnerability Scoring System CVSS base score, which gives a detailed severity rating, is available for each vulnerabilit...

CVE-2023-49594

An information disclosure vulnerability exists in the challenge functionality of instipod DuoUniversalKeycloakAuthenticator 1.0.7 plugin. A specially crafted HTTP request can lead to a disclosure of sensitive information. A user logging into Keycloak using DuoUniversalKeycloakAuthenticator plugin...

CVE-2023-49594

An information disclosure vulnerability exists in the challenge functionality of instipod DuoUniversalKeycloakAuthenticator 1.0.7 plugin. A specially crafted HTTP request can lead to a disclosure of sensitive information. A user logging into Keycloak using DuoUniversalKeycloakAuthenticator plugin...

GLSA-202312-11 : SABnzbd: Remote Code Execution

The remote host is affected by the vulnerability described in GLSA-202312-11 SABnzbd: Remote Code Execution - SABnzbd is an open source automated Usenet download tool. A design flaw was discovered in SABnzbd that could allow remote code execution. Manipulating the Parameters setting in the...

Signature Verification for voteForManyWithSig Function

Lines of code Vulnerability details Potential Risk: The voteForManyWithSig function in the CultureIndex contract allows users to vote on multiple pieceIds using a provided signature. While it attempts to verify the signature, there are some potential risks associated with signature verification...

Security update for putty (important)

openSUSE Security Update: Security update for putty Announcement ID: openSUSE-SU-2023:0411-1 Rating: important References: 1218128 Cross-References: CVE-2023-48795 CVSS scores: CVE-2023-48795 SUSE: 5.9 CVSS:3.1/AV:N/AC:H/PR:N/UI:N/S:U/C:N/I:H/A:N Affected Products: openSUSE Backports SLE-15-SP5 A...

CVE-2023-48738

Improper Neutralization of Special Elements used in an SQL Command 'SQL Injection' vulnerability in Porto Theme Porto Theme - Functionality.This issue affects Porto Theme - Functionality: from n/a before 2.12.1...

CVE-2023-48738

Improper Neutralization of Special Elements used in an SQL Command 'SQL Injection' vulnerability in Porto Theme Porto Theme - Functionality.This issue affects Porto Theme - Functionality: from n/a before 2.12.1...

CVE-2023-48738 WordPress Porto Theme - Functionality Plugin < 2.12.1 is vulnerable to SQL Injection

Improper Neutralization of Special Elements used in an SQL Command 'SQL Injection' vulnerability in Porto Theme Porto Theme - Functionality.This issue affects Porto Theme - Functionality: from n/a before 2.12.1...

CVE-2023-48738 WordPress Porto Theme - Functionality Plugin < 2.12.1 is vulnerable to SQL Injection

Improper Neutralization of Special Elements used in an SQL Command 'SQL Injection' vulnerability in Porto Theme Porto Theme - Functionality.This issue affects Porto Theme - Functionality: from n/a before 2.12.1...

CVE-2023-48738

CVE-2023-48738 affects the Porto Theme – Functionality plugin for WordPress. The vulnerability is an SQL Injection caused by improper neutralization of specific elements, exploitable by an unauthenticated attacker. The issue applies to Porto Theme – Functionality versions before 2.12.1. Impact is...

GHSA-67GV-XRW7-P72W Phpsysinfo Cross Site Request Forgery (CSRF) vulnerability

Cross Site Request Forgery CSRF vulnerability in Phpsysinfo version 3.4.3 allows a remote attacker to obtain sensitive information via a crafted page in the XML.php file. Phpsysinfo 3.4.3 disables the functionality by default but the users may enable the vulnerable functionality...

Authorization

Missing Authorization vulnerability in Clever plugins Delete Duplicate Posts allows Accessing Functionality Not Properly Constrained by ACLs.This issue affects Delete Duplicate Posts: from n/a through 4.8.9...

PT-2023-29848 · Apache · Apache Superset

Name of the Vulnerable Software and Affected Versions: Apache Superset versions up to and including 2.1.2 Apache Superset versions 3.0.0, 3.0.1 Description: Uncontrolled resource consumption can be triggered by an authenticated attacker that uploads a malicious ZIP to import database, dashboards,...

PT-2023-30507 · Unknown · Mahlamusa Who Hit The Page – Hit Counter

Name of the Vulnerable Software and Affected Versions: Mahlamusa Who Hit The Page – Hit Counter versions 1.4.14.3 and earlier Description: The issue is related to an SQL Injection vulnerability due to improper neutralization of special elements used in an SQL command. This allows for SQL Injectio...

CVE-2023-6885

A vulnerability was found in Tongda OA 2017 up to 11.10. It has been declared as critical. Affected by this vulnerability is an unknown functionality of the file general/vote/manage/delete.php. The manipulation of the argument DELETESTR leads to sql injection. The exploit has been disclosed to th...