DEBIAN-CVE-2021-47172

In the Linux kernel, the following vulnerability has been resolved: iio: adc: ad7124: Fix potential overflow due to non sequential channel numbers Channel numbering must start at 0 and then not have any holes, or it is possible to overflow the available storage. Note this bug was introduced as pa...

CVE-2021-47172

In the Linux kernel, the following vulnerability has been resolved: iio: adc: ad7124: Fix potential overflow due to non sequential channel numbers Channel numbering must start at 0 and then not have any holes, or it is possible to overflow the available storage. Note this bug was introduced as pa...

BIT-MOODLE-2022-40208

In Moodle, insufficient limitations in some quiz web services made it possible for students to bypass sequential navigation during a quiz attempt...

Cross Site Request Forgery (CSRF)

concrete5/concrete5 is vulnerable to Cross-Site Request Forgery CSRF. The vulnerability is due to the sequential and numeric nature of event IDs via /ccm/calendar/dialogs/event/delete/submit endpoint, allowing an attacker to manipulate an admin into unintentionally deleting events on the site...

Attacker can cause deposits to be locked in the Solana lockbox

Lines of code Vulnerability details Impact An attacker can cause deposits to be locked in the lockbox Proof of Concept In withdraw, if the position has 0 liquidity the execution is reverted function withdrawuint64 amount external address positionAddress =...

Qualcomm Chipsets Security Vulnerability

Qualcomm Chipsets are a family of chipsets from Qualcomm Incorporated USA. A security vulnerability exists in Qualcomm Chipsets that originates from memory corruption in audio during sequential execution of memory mapping commands in ADSP...

CVE-2023-48653

Concrete CMS before 8.5.14 and 9 before 9.2.3 allows Cross Site Request Forgery CSRF via ccm/calendar/dialogs/event/delete/submit. An attacker can force an admin to delete events on the site because the event ID is numeric and sequential...

U.S. Dept Of Defense: ███ leaking PII of tour visitors (names, email addresses, phone numbers) via misconfigured record permissions

The ████████ portal was found to be leaking sensitive personal information, including full names, email addresses, and phone numbers of its users. The issue was caused by a misconfiguration that allowed registered users to access records of other users, potentially exposing the data of hundreds o...

CVE-2023-47687

Cross-Site Request Forgery CSRF vulnerability in VJInfotech Woo Custom and Sequential Order Number plugin = 2.6.0 versions...

Cross site request forgery (csrf)

Cross-Site Request Forgery CSRF vulnerability in VJInfotech Woo Custom and Sequential Order Number plugin = 2.6.0 versions...

CVE-2023-47687

CVE-2023-47687 concerns the Woo Custom and Sequential Order Number WordPress plugin (<= 2.6.0). The vulnerability arises from missing nonce validation on the wcson_save_settings function, enabling unauthenticated attackers to modify plugin settings via forged requests (CSRF). Public sources in...

CVE-2023-47687 WordPress Woo Custom and Sequential Order Number Plugin <= 2.6.0 is vulnerable to Cross Site Request Forgery (CSRF)

Cross-Site Request Forgery CSRF vulnerability in VJInfotech Woo Custom and Sequential Order Number plugin = 2.6.0 versions...

CVE-2023-47687 WordPress Woo Custom and Sequential Order Number Plugin <= 2.6.0 is vulnerable to Cross Site Request Forgery (CSRF)

Cross-Site Request Forgery CSRF vulnerability in VJInfotech Woo Custom and Sequential Order Number plugin = 2.6.0 versions...

WordPress Plugin Woo Custom and Sequential Order Number Cross-Site Request Forgery Vulnerability

WordPress and WordPress plugin are both products of the WordPress Foundation.WordPress is a blogging platform developed using the PHP language. The platform supports personal blog sites on PHP and MySQL servers.WordPress plugin is an application plugin. A cross-site request forgery vulnerability...

WordPress Woo Custom and Sequential Order Number Plugin <= 2.6.0 is vulnerable to Cross Site Request Forgery (CSRF)

Software Woo Custom and Sequential Order Number Type Plugin Vulnerable versions = 2.6.0 Fixed in N/A OWASP Top 10 A5: Broken Access Control Classification Cross Site Request Forgery CSRF CVE CVE-2023-47687 Patch priority Low CVSS severity Low 4.3 Developer Claim ownership PSID 4ba7c776b1e8 Credit...

rubygem-activerecord: Denial of Service

A flaw was found in the rubygem-activerecord. RubyGem's ActiveRecord is vulnerable to a denial of service caused by a flaw in the PostgreSQL adapter. By sending a specially-crafted request, a remote attacker can cause a slow sequential scan, resulting in a denial of service...

Moodle 安全漏洞

Moodle is a free, open-source e-learning software platform, also known as a course management system, learning management system, or virtual learning environment. Moodle suffers from a security vulnerability that stems from an insufficient restriction that allows students to bypass sequential...

SSH Connection Failure to Linux Machine Requiring Multiple Sequential AuthenticationMethods

Challenge Connections to a Linux machine fail with the following errors: Authentication was partially successful, but server requires additional authentication with: 'password'. No suitable authentication method is supported. Supported methods: 'password'. Some tasks may not display these errors...

Improperly Controlled Sequential Memory Allocation

Overview Affected versions of this package are vulnerable to Improperly Controlled Sequential Memory Allocation due to allowing remote attackers to send malicious requests that consume all memory available to the server. Remediation Upgrade OPCFoundation.NetStandard.Opc.Ua.Server to version...

ROS-20230417-25

A vulnerability in the curl program is related to a problem when processing multiple queries resulting in the ignoring HSTS support. Exploitation of the vulnerability could allow an attacker acting remotely, to cause HSTS functionality to fail by sequentially requesting multiple URLs...