CVE-2023-32800

CVE-2023-32800 affects WordPress Rank Math SEO PRO (= 3.0.36. Public sources (Patchstack) confirm patched in 3.0.36; CVSS details vary across sources (Patchstack lists 7.1, NVD lists 6.1).

WordPress plugin Rank Math SEO Pro 跨站脚本漏洞

WordPress and WordPress plugin are both products of the WordPress Foundation.WordPress is a blogging platform developed using the PHP language. The platform supports setting up personal blog sites on servers with PHP and MySQL.WordPress plugin is an application plugin. A cross-site scripting...

PT-2023-24033 · WordPress · One Rank Math Seo Pro

Name of the Vulnerable Software and Affected Versions: One Rank Math SEO PRO plugin versions = 3.0.35 Description: The issue is related to an Unauth. Reflected Cross-Site Scripting XSS vulnerability. This means that an attacker can inject malicious scripts into a website, potentially allowing the...

WordPress Rank Math SEO PRO Plugin <= 3.0.35 is vulnerable to Cross Site Scripting (XSS)

Software Rank Math SEO PRO Type Plugin Vulnerable versions = 3.0.35 Fixed in 3.0.36 OWASP Top 10 A7: Cross-Site Scripting XSS Classification Cross Site Scripting XSS CVE CVE-2023-32800 Patch priority Medium CVSS severity Medium 7.1 Developer Claim ownership PSID 436b3db030cf Credits Rafie Muhamma...

If, as a result of the calculation, _tokenCount = 0, then this may lead to incorrect execution of the _mint function(_data, _tokenCount).

Lines of code Vulnerability details Impact If the payParams function receives null values in data, then uint256 tokenCount = PRBMath.mulDivdata.amount.value, data.weight, 10 18 may result in a null value. Proof of Concept If, as a result of the calculation, tokenCount = 0, then this may lead to...

Invalid conversion uint256 -> int256

Lines of code Vulnerability details Impact Invalid conversion uint256 - int256 in pool.swap.... The number may be incorrectly converted uint256 data.amount.value - int256 amountSpecified. As a result, number truncation may occur. Proof of Concept typeuint256.max =...

Moderate: Red Hat Security Advisory: Secondary Scheduler Operator for Red Hat OpenShift 1.1.1 security update

Secondary Scheduler Operator for Red Hat OpenShift 1.1.1 Red Hat Product Security has rated this update as having a security impact of Moderate. A Common Vulnerability Scoring System CVSS base score, which gives a detailed severity rating, is available for each vulnerability from the CVE links in...

golang: math/big: decoding big.Float and big.Rat types can panic if the encoded message is too short, potentially allowing a denial of service

An uncontrolled resource consumption flaw was found in Golang math/big. A too-short encoded message can cause a panic in Float.GobDecode and Rat.GobDecode in math/big in Go, potentially allowing an attacker to create a denial of service, impacting availability...

ALSA-2023:2758 Moderate: container-tools:rhel8 security, bug fix, and enhancement update

The container-tools module contains tools for working with containers, notably podman, buildah, skopeo, and runc. Security Fixes: golang: net/http: improper sanitization of Transfer-Encoding header CVE-2022-1705 golang: go/parser: stack exhaustion in all Parse functions CVE-2022-1962 golang:...

Incorrectly calculation of the total tokens to be seized because of the difference on the scale of magnitude for the prices of the underlying assets

Lines of code Vulnerability details Impact The total number of tokens to be seized could be wrongly calculated if the underlying assets of vTokenBorrowed & vTokenCollateral have a different decimals. Proof of Concept The price returned by the ChainlinkOracle contract of the Venus Protocol, the...

Potential Division by Zero in utilizationRate method

Lines of code Vulnerability details Impact In the case where cash + borrows - reserves equals 0, the function would try to divide by zero which will result in a runtime error. Proof of Concept An attacker might manipulate the state of the contract to where cash + borrows - reserves equals zero...

Incorrect decimal handling in _startAuction, resulting in wrong auction.startBidBps

Lines of code Vulnerability details Shortfall.startAuction uses the oracle price of the underlying tokens to price the pool bad debt: Shortfall.sol 389: for uint256 i; i the price returned by priceOracle.getUnderlyingPrice has a number of decimals equal to 36 - vToken decimals. This means the...

RHEL 9 : git-lfs (RHSA-2023:2357)

The remote Redhat Enterprise Linux 9 host has a package installed that is affected by multiple vulnerabilities as referenced in the RHSA-2023:2357 advisory. Git Large File Storage LFS replaces large files such as audio samples, videos, datasets, and graphics with text pointers inside Git, while...

RHEL 9 : butane (RHSA-2023:2193)

The remote Redhat Enterprise Linux 9 host has a package installed that is affected by multiple vulnerabilities as referenced in the RHSA-2023:2193 advisory. Butane translates human-readable Butane Configs into machine-readable Ignition configs for provisioning operating systems that use Ignition...

RHEL 9 : toolbox (RHSA-2023:2236)

The remote Redhat Enterprise Linux 9 host has packages installed that are affected by multiple vulnerabilities as referenced in the RHSA-2023:2236 advisory. Toolbox is a tool for Linux operating systems, which allows the use of containerized command line environments. It is built on top of Podman...

golang: math/big: decoding big.Float and big.Rat types can panic if the encoded message is too short, potentially allowing a denial of service

An uncontrolled resource consumption flaw was found in Golang math/big. A too-short encoded message can cause a panic in Float.GobDecode and Rat.GobDecode in math/big in Go, potentially allowing an attacker to create a denial of service, impacting availability...

Moderate: Red Hat Security Advisory: git-lfs security and bug fix update

An update for git-lfs is now available for Red Hat Enterprise Linux 9. Red Hat Product Security has rated this update as having a security impact of Moderate. A Common Vulnerability Scoring System CVSS base score, which gives a detailed severity rating, is available for each vulnerability from th...

ALSA-2023:2236 Moderate: toolbox security and bug fix update

Toolbox is a tool for Linux operating systems, which allows the use of containerized command line environments. It is built on top of Podman and other standard container technologies from OCI. Security Fixes: golang: net/http: handle server errors after sending GOAWAY CVE-2022-27664 golang:...

Moderate: toolbox security and bug fix update

Toolbox is a tool for Linux operating systems, which allows the use of containerized command line environments. It is built on top of Podman and other standard container technologies from OCI. Security Fixes: golang: net/http: handle server errors after sending GOAWAY CVE-2022-27664 golang:...

mathfunworksheets.com Cross Site Scripting vulnerability OBB-3256485

Following the coordinated and responsible vulnerability disclosure guidelines of the ISO 29147 standard, Open Bug Bounty has: a. verified the vulnerability and confirmed its existence; b. notified the website operator about its existence. Technical details of the vulnerability are currently hidde...