WordPress iQ Block Country <=1.2.11 - Cross-Site Scripting

WordPress iQ Block Country plugin 1.2.11 and prior contains a cross-site scripting vulnerability. An attacker can execute arbitrary script in the browser of an unsuspecting user in the context of the affected site. This can allow the attacker to steal cookie-based authentication credentials and...

WordPress amtyThumb Posts 8.1.3 - Cross-Site Scripting

WordPress amty-thumb-recent-post plugin 8.1.3 contains a cross-site scripting vulnerability via the query string to amtyThumbPostsAdminPg.php. id: CVE-2017-17059 info: name: WordPress amtyThumb Posts 8.1.3 - Cross-Site Scripting author: daffainfo severity: medium description: WordPress...

Contact Form to DB by BestWebSoft < 1.5.7 - Cross-Site Scripting

The contact-form-to-db plugin before 1.5.7 for WordPress has multiple XSS issues. id: CVE-2017-18492 info: name: Contact Form to DB by BestWebSoft 1.5.7 - Cross-Site Scripting author: luisfelipe146 severity: medium description: | The contact-form-to-db plugin before 1.5.7 for WordPress has multip...

WordPress CTHthemes - Cross-Site Scripting

WordPress CTHthemes CityBook before 2.3.4, TownHub before 1.0.6, and EasyBook before 1.2.2 themes contain reflected cross-site scripting vulnerabilities via a search query. id: CVE-2019-20210 info: name: WordPress CTHthemes - Cross-Site Scripting author: edoardottt severity: medium description: |...

CVE-2024-9404

CVE-2024-9404 concerns a DoS vulnerability in MOXA devices caused by insufficient input validation in the moxa_cmd service, leading to potential service disruption or crashes when exposed to networks. The initial CVE entry documents a high-severity impact with CVSS scores (3.1: 7.5/ HIGH and 4.0:...

Urgent: GitLab Patches Critical Flaw Allowing Unauthorized Pipeline Job Execution

GitLab on Wednesday released security updates to address 17 security vulnerabilities, including a critical flaw that allows an attacker to run pipeline jobs as an arbitrary user. The issue, tracked as CVE-2024-6678, carries a CVSS score of 9.9 out of a maximum of 10.0 "An issue was discovered in...

GitHub Patches Critical Security Flaw in Enterprise Server Granting Admin Privileges

GitHub has released fixes to address a set of three security flaws impacting its Enterprise Server product, including one critical bug that could be abused to gain site administrator privileges. The most severe of the shortcomings has been assigned the CVE identifier CVE-2024-6800, and carries a...

Zimbra email platform vulnerability exploited to steal European govt emails

By Deeba Ahmed Researchers have noted that attackers are targeting a medium-severity Zimbra vulnerability that the company patched in version 9.0.0 Patch 24, one year ago. This is a post from HackRead.com Read the original post: Zimbra email platform vulnerability exploited to steal European govt...

Advisory ROSA-SA-2023-2135

Software: java-11-openjdk 11.0.18.0.10-1 OS: rosa-server79 packageevrstring: 11.0.18.0.10-1 CVE-ID: CVE-2022-21366 BDU-ID: None CVE-Crit: MEDIUM CVE-DESC: An easily exploitable vulnerability allows an unauthorized attacker with network access through multiple protocols to compromise Oracle Java S...

setMinter() in vcon.sol missing important checks can lead to loss of minting ability

Lines of code Vulnerability details Impact The setMinter function in Vcon.sol lacks both zero address checks and a proper ownership transfer pattern. I am submitting this as a medium-severity issue separate from similar low-severity instances due to this example's effect on the entire protocol. I...

WordPress 5.9.2 Security Update Fixes XSS and Prototype Pollution Vulnerabilities

Last night, just after 6pm Pacific time, on Thursday March 10, 2022, the WordPress core team released WordPress version 5.9.2, which contains security patches for a high-severity vulnerability as well as two medium-severity issues. The high-severity issue affects version 5.9.0 and 5.9.1 and allow...

libyal:libfshfs_volume_fuzzer: Heap-buffer-overflow in libfshfs_catalog_btree_file_get_directory_entry_from_leaf_node_by_thread_record

Detailed Report: https://oss-fuzz.com/testcase?key=6246736336781312 Project: libyal Fuzzing Engine: honggfuzz Fuzz Target: libfshfsvolumefuzzer Job Type: honggfuzzasanlibyal Platform Id: linux Crash Type: Heap-buffer-overflow READ 1 Crash Address: 0x61c000000774 Crash State:...

harfbuzz:hb-subset-fuzzer: Use-of-uninitialized-value in bool OT::OffsetTo<OT::VariationStore, OT::IntType<unsigned int, 4u>, true>::seri

Project: https://github.com/harfbuzz/harfbuzz.git Detailed Report: https://oss-fuzz.com/testcase?key=5137462782066688 Project: harfbuzz Fuzzing Engine: libFuzzer Fuzz Target: hb-subset-fuzzer Job Type: libfuzzermsanharfbuzz Platform Id: linux Crash Type: Use-of-uninitialized-value Crash Address:...

sleuthkit:sleuthkit_fls_hfs_fuzzer: Heap-buffer-overflow in hfs_load_extended_attrs

Detailed Report: https://oss-fuzz.com/testcase?key=6246231400251392 Project: sleuthkit Fuzzing Engine: libFuzzer Fuzz Target: sleuthkitflshfsfuzzer Job Type: libfuzzerasansleuthkit Platform Id: linux Crash Type: Heap-buffer-overflow READ 1 Crash Address: 0x602000000358 Crash State:...

ots:ots-fuzzer: Use-of-uninitialized-value in ots::ParseConditionTable

Project: https://github.com/khaledhosny/ots.git Detailed Report: https://oss-fuzz.com/testcase?key=5640715984699392 Project: ots Fuzzing Engine: libFuzzer Fuzz Target: ots-fuzzer Job Type: libfuzzermsanots Platform Id: linux Crash Type: Use-of-uninitialized-value Crash Address: Crash State:...

cryptofuzz:cryptofuzz-nss: Heap-buffer-overflow in Hacl_Chacha20PolyNUMBER_256_aead_decrypt

Project: https://github.com/guidovranken/cryptofuzz.git Detailed Report: https://oss-fuzz.com/testcase?key=5091247321251840 Project: cryptofuzz Fuzzing Engine: afl Fuzz Target: cryptofuzz-nss Job Type: aflasancryptofuzz Platform Id: linux Crash Type: Heap-buffer-overflow READ 1 Crash Address:...

arrow:arrow-ipc-file-fuzz: Heap-buffer-overflow in void arrow::internal::TransferBitmap<

Project: https://github.com/apache/arrow.git Detailed Report: https://oss-fuzz.com/testcase?key=5696379421982720 Project: arrow Fuzzing Engine: afl Fuzz Target: arrow-ipc-file-fuzz Job Type: aflasanarrow Platform Id: linux Crash Type: Heap-buffer-overflow READ 8 Crash Address: 0x60a000000100 Cras...

jbig2dec:jbig2_fuzzer: Use-of-uninitialized-value in jbig2_arith_decode

Detailed Report: https://oss-fuzz.com/testcase?key=5970349664763904 Project: jbig2dec Fuzzing Engine: libFuzzer Fuzz Target: jbig2fuzzer Job Type: libfuzzermsanjbig2dec Platform Id: linux Crash Type: Use-of-uninitialized-value Crash Address: Crash State: jbig2arithdecode jbig2decoderefinementTPGR...

skia:image_filter_deserialize_width: Use-of-uninitialized-value in SkVerticesPriv::Decode

Project: https://skia.googlesource.com/skia.git Detailed Report: https://oss-fuzz.com/testcase?key=5193804545261568 Project: skia Fuzzing Engine: libFuzzer Fuzz Target: imagefilterdeserializewidth Job Type: libfuzzermsanskia Platform Id: linux Crash Type: Use-of-uninitialized-value Crash Address:...

ghostscript:gstoraster_fuzzer: Use-of-uninitialized-value in load_truetype_glyph

Detailed Report: https://oss-fuzz.com/testcase?key=6276535945527296 Project: ghostscript Fuzzing Engine: libFuzzer Fuzz Target: gstorasterfuzzer Job Type: libfuzzermsanghostscript Platform Id: linux Crash Type: Use-of-uninitialized-value Crash Address: Crash State: loadtruetypeglyph TTLoadGlyph...