CVE-2023-1207

This HTTP Headers WordPress plugin before 1.18.8 has an import functionality which executes arbitrary SQL on the server, leading to an SQL Injection vulnerability...

Oracle Linux 9 : kernel (ELSA-2023-2458)

The remote Oracle Linux 9 host has packages installed that are affected by multiple vulnerabilities as referenced in the ELSA-2023-2458 advisory. - A vulnerability has been found in Linux Kernel and classified as problematic. This vulnerability affects the function inet6streamops/inet6dgramops of...

RHEL 9 : kernel-rt (RHSA-2023:2148)

The remote Redhat Enterprise Linux 9 host has packages installed that are affected by multiple vulnerabilities as referenced in the RHSA-2023:2148 advisory. The kernel-rt packages provide the Real Time Linux Kernel, which enables fine-tuning for systems with extremely high determinism requirement...

CVE-2023-2667 SourceCodester Lost and Found Information System cross site scripting

A vulnerability has been found in SourceCodester Lost and Found Information System 1.0 and classified as problematic. Affected by this vulnerability is an unknown functionality of the file admin/. The manipulation of the argument page leads to cross site scripting. The attack can be launched...

PT-2023-20022 · Fetlife · Fetlife Rollout-Ui

Name of the Vulnerable Software and Affected Versions: Fetlife rollout-ui version 0.5 Description: The issue allows attackers to execute arbitrary code via a crafted URL to the delete a feature functionality. This is a Cross Site Scripting XSS vulnerability. Recommendations: For Fetlife rollout-u...

CVE-2023-25309

Cross Site Scripting XSS Vulnerability in Fetlife rollout-ui version 0.5, allows attackers to execute arbitrary code via a crafted url to the delete a feature functionality...

Moderate: Red Hat Security Advisory: libtpms security update

An update for libtpms is now available for Red Hat Enterprise Linux 9. Red Hat Product Security has rated this update as having a security impact of Moderate. A Common Vulnerability Scoring System CVSS base score, which gives a detailed severity rating, is available for each vulnerability from th...

May 9, 2023—Hotpatch KB5026456 (OS Build 20348.1724)

May 9, 2023—Hotpatch KB5026456 OS Build 20348.1724 Improvements and fixes This security update includes quality improvements. When you install this KB: This update makes miscellaneous security improvements to internal OS functionality. No additional issues were documented for this release. If you...

ALSA-2023:2453 Moderate: libtpms security update

The libtpms is a library providing Trusted Platform Module TPM functionality for virtual machines. Security Fixes: tpm: TCG TPM2.0 implementations vulnerable to memory corruption CVE-2023-1017 tpm2: TCG TPM2.0 implementations vulnerable to memory corruption CVE-2023-1018 For more details about th...

MAX_WITHDRAWAL_DELAY_BLOCKS assumes that block time is always 12 seconds

Lines of code Vulnerability details Impact Block time may change in the future which may affect the protocol's withdrawal functionality. Proof of Concept StrategyManagerStorage.sol assumes a 12-second blocks timing. If the block time changes in the future the MAXWITHDRAWALDELAYBLOCKS of one week...

Zero address pauser assignment

Lines of code Vulnerability details Impact By allowing any address to be assigned as the pauser, the StrategyBase contract leaves itself vulnerable to losing critical functionality that controls token transfers in and out. Assigning a zero address would result in no valid pauser, preventing the...

Medium: libxml2

Issue Overview: parser.c in libxml2 before 2.9.5 mishandles parameter-entity references because the NEXTL macro calls the xmlParserHandlePEReference function in the case of a '%' character in a DTD name. CVE-2017-16931 GNOME project libxml2 v2.9.10 has a global buffer over-read vulnerability in...

Claiming of domains will likely be locked due to a bad check in _enableNode

Lines of code Vulnerability details Description DNS name claims all go through claim which calls enableNode, which calls enableNode. Nodes are enabled recursively, from the root downwards.The following check occurs in enableNode: node = keccak256abi.encodePackedparentNode, label; address owner =...

DNSRegistrar does not support domain trees which is key functionality for DNS

Lines of code Vulnerability details Description In DNS it is exceedingly common to have paths such as a.b.c or a.b.c.d. However, the DNSRegistrar fails to support it. enableNode verifies the parent domain is a valid public suffix. function enableNodebytes memory domain public returns bytes32 node...

CVE-2023-20870

VMware Workstation and Fusion contain an out-of-bounds read vulnerability that exists in the functionality for sharing host Bluetooth devices with the virtual machine...

SUSE-SU-2023:2003-1 Security update for runc

This update for runc fixes the following issues: Update to runc v1.1.5: Security fixes: - CVE-2023-25809: Fixed rootless /sys/fs/cgroup is writable when cgroupns isn't unshared bnc1209884. - CVE-2023-27561: Fixed regression that reintroduced CVE-2019-19921 vulnerability bnc1208962. -...

CVE-2023-30458

A username enumeration issue was discovered in Medicine Tracker System 1.0. The login functionality allows a malicious user to guess a valid username due to a different response time from invalid usernames. When one enters a valid username, the response time increases depending on the length of t...

HTTP Headers < 1.18.8 - Admin+ SQL Injection

This plugin has an import functionality which executes arbitrary SQL on the server, leading to an SQL Injection vulnerability. PoC 1. Create an SQL file with the following contents: UPDATE wpoptions SET optionvalue = "Hacked" WHERE optionname = "blogname" 2. As an admin user within WP Admin,...

PT-2023-22703 · Unknown · Medicine Tracker System

Name of the Vulnerable Software and Affected Versions: Medicine Tracker System version 1.0 Description: A username enumeration issue was discovered in the login functionality, allowing a malicious user to guess a valid username due to a different response time from invalid usernames. When a valid...

CVE-2023-30458

A username enumeration issue was discovered in Medicine Tracker System 1.0. The login functionality allows a malicious user to guess a valid username due to a different response time from invalid usernames. When one enters a valid username, the response time increases depending on the length of t...