CVE-2023-32482

Wyse Management Suite versions prior to 4.0 contain an improper authorization vulnerability. An authenticated malicious user with privileged access can push policies to unauthorized tenant group...

Authorization

Wyse Management Suite versions prior to 4.0 contain an improper authorization vulnerability. An authenticated malicious user with privileged access can push policies to unauthorized tenant group...

CVE-2023-32482

Dell Wyse Management Suite is affected by an improper authorization vulnerability (CVE-2023-32482) where an authenticated user with privileged access can push policies to unauthorized tenant groups. The CVE entry indicates affected software: Wyse Management Suite versions prior to 4.0; the CNVD/D...

Cross site request forgery (csrf)

The MStore API plugin for WordPress is vulnerable to Cross-Site Request Forgery due to missing nonce validation on the mstoreupdatefirebaseserverkey function. This makes it possible for unauthenticated attackers to update the firebase server key to push notification when order status changed via ...

CVE-2023-3202 MStore API <= 3.9.6 - Cross-Site Request Forgery to Firebase Server Key Update

The MStore API plugin for WordPress is vulnerable to Cross-Site Request Forgery due to missing nonce validation on the mstoreupdatefirebaseserverkey function. This makes it possible for unauthenticated attackers to update the firebase server key to push notification when order status changed via ...

CVE-2023-3202

CVE-2023-3202: The MStore API WordPress plugin is vulnerable to CSRF due to missing nonce validation on mstore_update_firebase_server_key, enabling unauthenticated attackers to alter the Firebase server key and push notifications when an order status changes via forged requests. Impact is limited...

CVE-2022-22302

A clear text storage of sensitive information CWE-312 vulnerability in both FortiGate version 6.4.0 through 6.4.1, 6.2.0 through 6.2.9 and 6.0.0 through 6.0.13 and FortiAuthenticator version 5.5.0 and all versions of 6.1 and 6.0 may allow a local unauthorized party to retrieve the Fortinet privat...

Information disclosure

A clear text storage of sensitive information CWE-312 vulnerability in both FortiGate version 6.4.0 through 6.4.1, 6.2.0 through 6.2.9 and 6.0.0 through 6.0.13 and FortiAuthenticator version 5.5.0 and all versions of 6.1 and 6.0 may allow a local unauthorized party to retrieve the Fortinet privat...

CVE-2022-22302

A clear text storage of sensitive information CWE-312 vulnerability in both FortiGate version 6.4.0 through 6.4.1, 6.2.0 through 6.2.9 and 6.0.0 through 6.0.13 and FortiAuthenticator version 5.5.0 and all versions of 6.1 and 6.0 may allow a local unauthorized party to retrieve the Fortinet privat...

June 28, 2023—KB5027292 (OS Build 22000.2124) Preview

June 28, 2023—KB5027292 OS Build 22000.2124 Preview 3/28/23 IMPORTANT Starting in April 2023, optional, non-security preview updates will release on the fourth Tuesday of the month. For more information, see Windows monthly updates explained. For information about Windows update terminology, see...

9 basic security tips for seniors

Before we get into the tips: a caveat. We know many seniors who are digitally more up to date than people 20 years younger, but for those who aren't, this guide is for you. If youre offended by the word seniors in the title, feel free to replace it with "computer illiterate people." And keep in...

Apache Traffic Server Denial of Service Vulnerability (CNVD-2023-55453)

Apache Traffic Server ATS is the United States Apache Apache Foundation's set of scalable HTTP proxy and caching server. A denial of service vulnerability exists in Apache Traffic Server due to improper input validation related to the configuration option proxy.config.http.pushmethodenabled faili...

DEBIAN-CVE-2023-30631

Improper Input Validation vulnerability in Apache Software Foundation Apache Traffic Server. The configuration option proxy.config.http.pushmethodenabled didn't function. However, by default the PUSH method is blocked in the ipallow configuration file.This issue affects Apache Traffic Server:...

CVE-2023-30631

Improper Input Validation vulnerability in Apache Software Foundation Apache Traffic Server. The configuration option proxy.config.http.pushmethodenabled didn't function. However, by default the PUSH method is blocked in the ipallow configuration file.This issue affects Apache Traffic Server:...

CVE-2023-30631

Improper Input Validation vulnerability in Apache Software Foundation Apache Traffic Server. The configuration option proxy.config.http.pushmethodenabled didn't function. However, by default the PUSH method is blocked in the ipallow configuration file.This issue affects Apache Traffic Server:...

UBUNTU-CVE-2023-30631

Improper Input Validation vulnerability in Apache Software Foundation Apache Traffic Server. The configuration option proxy.config.http.pushmethodenabled didn't function. However, by default the PUSH method is blocked in the ipallow configuration file.This issue affects Apache Traffic Server:...

CVE-2023-30631 Apache Traffic Server: Configuration option to block the PUSH method in ATS didn't work

Improper Input Validation vulnerability in Apache Software Foundation Apache Traffic Server. The configuration option proxy.config.http.pushmethodenabled didn't function. However, by default the PUSH method is blocked in the ipallow configuration file.This issue affects Apache Traffic Server:...

Apache Traffic Server 输入验证错误漏洞

Apache Traffic Server ATS is the United States Apache Apache Foundation's set of scalable HTTP proxy and caching server. A denial of service vulnerability exists in Apache Traffic Server due to improper input validation related to the configuration option proxy.config.http.pushmethodenabled faili...

PT-2023-3286 · Apache · Apache Traffic Server

Name of the Vulnerable Software and Affected Versions: Apache Traffic Server versions 8.0.0 through 9.2.0 Description: The issue is related to improper input validation in Apache Traffic Server. The configuration option proxy.config.http.push method enabled did not function as expected. However, ...

Borrower can block being defaulted or auctioned

Lines of code Vulnerability details Borrower can block being defaulted or auctioned The borrower can potentially block the liquidation and auction processed by using a contract and reverting on ETH transfers. Impact When a loan is being liquidated or auctioned, any credit still available to the...