CVE-2022-36376

Server-Side Request Forgery SSRF vulnerability in Rank Math SEO plugin = 1.0.95 at WordPress...

Server side request forgery (ssrf)

Server-Side Request Forgery SSRF vulnerability in Rank Math SEO plugin = 1.0.95 at WordPress...

CVE-2022-36376

CVE-2022-36376 : A Server-Side Request Forgery (SSRF) vulnerability affects the WordPress Rank Math SEO plugin, versioned at or below 1.0.95. The issue is documented across multiple sources (NVD, OSV, patchstack, GitHub advisories). The core problem is an SSRF condition in Rank Math prior to a ne...

CVE-2022-36376 WordPress Rank Math SEO plugin <= 1.0.95 - Server-Side Request Forgery (SSRF) vulnerability

Server-Side Request Forgery SSRF vulnerability in Rank Math SEO plugin = 1.0.95 at WordPress...

CVE-2022-36376 WordPress Rank Math SEO plugin <= 1.0.95 - Server-Side Request Forgery (SSRF) vulnerability

Server-Side Request Forgery SSRF vulnerability in Rank Math SEO plugin = 1.0.95 at WordPress...

WordPress plugin Rank Math 代码问题漏洞

WordPress and WordPress plugin are both products of the WordPress Foundation.WordPress is a blogging platform developed using the PHP language. The platform supports setting up personal blog sites on servers with PHP and MySQL.WordPress plugin is an application plugin. A code issue vulnerability...

PT-2022-23336 · WordPress · Rank Math Seo

Name of the Vulnerable Software and Affected Versions: Rank Math SEO plugin versions = 1.0.95 Description: A Server-Side Request Forgery SSRF issue affects the Rank Math SEO plugin at WordPress, allowing for potential exploitation. SSRF is a type of attack where an attacker can trick a server int...

RHEL 8 : OpenShift Container Platform 4.11.0 (RHSA-2022:5068)

The remote Redhat Enterprise Linux 8 host has packages installed that are affected by multiple vulnerabilities as referenced in the RHSA-2022:5068 advisory. Red Hat OpenShift Container Platform is Red Hat's cloud computing Kubernetes application platform solution designed for on-premise or privat...

RHEL 8 : Red Hat OpenShift Service Mesh 2.1.3 (RHSA-2022:5004)

The remote Redhat Enterprise Linux 8 host has packages installed that are affected by multiple vulnerabilities as referenced in the RHSA-2022:5004 advisory. Red Hat OpenShift Service Mesh is a Red Hat distribution of the Istio service mesh project, tailored for installation into an on-premise...

Possible frontrunning attack in Vault.

Lines of code Vulnerability details Impact First depositor will have the control of the vault and drain user funds. Proof of Concept The project uses VaultAccount.sol library for math implementations. To determine the number of shares to mint to a depositor, shares = amount total.shares /...

Multiplication performed after division can truncate the results

Lines of code Vulnerability details Multiplication performed after division can truncate the results Impact Solidity could truncate the results, performing multiplication before division will prevent rounding/truncation in solidity math. Details This can affect variables such as slopes, interests...

Math operation, condition check with two different data values (uint256 with uint128 and so).

Lines of code Vulnerability details Impact It may leads to unexpected result during math operation and condition checks. Proof of Concept It is obvious that following lines of codes are written with two different data types. nt256 deltaTime = block.timestamp - currentRateInfo.lastTimestamp;...

Panic when decoding Float and Rat types in math/big

...

The toLocked.end >= fromLocked.end in delegate function is inconsistent with design.

Lines of code Vulnerability details Impact The condition of toLocked.end = fromLocked.end in function delegate is inconsistent with design in veFDT Checkpoint Math Proof of Concept In VotingEscrow.sol. L589 requiretoLocked.end = fromLocked.end, "Only delegate to longer lock"; But In veFDT...

OESA-2022-1830 golang security update

The Go Programming Language Security Fixes: A too-short encoded message can cause a panic in Float.GobDecode and Rat.GobDecode in math/big in Go before 1.17.13 and 1.18.5, potentially allowing a denial of service. References: https://go.dev/issue/53871...

Updated golang packages fix security vulnerability

A too-short encoded message can cause a panic in Float.GobDecode and Rat GobDecode in math/big in Go before 1.17.13 and 1.18.5, potentially allowing a denial of service. CVE-2022-32189...

Rank Math SEO < 1.0.95.1 - Unauthenticated SSRF

The plugin does not properly restrict access to some .htaccess blocked REST endpoints when the headless settings is enabled, which could allow unauthenticated attackers to perform SSRF attacks...

WordPress Rank Math SEO plugin <= 1.0.95 - Server-Side Request Forgery (SSRF) vulnerability

Server-Side Request Forgery SSRF vulnerability was discovered by Rafie Muhammad aka Yeraisci Patchstack Alliance in the WordPress Rank Math SEO plugin versions = 1.0.95. Solution Update the WordPress WordPress SEO Plugin – Rank Math plugin to the latest available version at least 1.0.95.1...

AZL-10539 CVE-2022-32189 affecting package golang for versions less than 1.18.5-1

A too-short encoded message can cause a panic in Float.GobDecode and Rat GobDecode in math/big in Go before 1.17.13 and 1.18.5, potentially allowing a denial of service...

DEBIAN-CVE-2022-32189

A too-short encoded message can cause a panic in Float.GobDecode and Rat GobDecode in math/big in Go before 1.17.13 and 1.18.5, potentially allowing a denial of service...