The vulnerability of the Twittee Text Tweet Plugin of the WordPress content management system allows a hacker to carry out cross-site scripting attacks.

The vulnerability of the Twittee Text Tweet Plugin for WordPress content management system exists due to the lack of protective measures for website structures. Exploiting this vulnerability allows a malicious actor to carry out XSS attacks remotely...

The vulnerability of the Jenkins Fortify Plugin relates to the lack of protective measures for website structures, allowing attackers to perform HTML injections.

The vulnerability of the Jenkins Fortify Plugin is related to the lack of security measures for website structures. Exploiting this vulnerability allows a malicious actor to perform HTML injection remotely...

kvm_utils3 security update

hivex libguestfs libguestfs-winsupport libiscsi libnbd libtpms libvirt 9.0.0-3.el8 - storage: Fix returning of locked objects from 'virStoragePoolObjListSearch' Peter Krempa Orabug: 35644221 CVE-2023-3750 - virpci: Resolve leak in virPCIVirtualFunctionList cleanup Tim Shearer Orabug: 35395469...

The vulnerability of the Nozomi Guardian detection and tracking tool for network activities, as well as the Nozomi Central Management Console (CMC) – a central management tool for security operations – stems from the lack of protective measures for the SQL query structure. This allows attackers to gain unauthorized access to protected information and execute arbitrary SQL queries.

The vulnerability of the Nozomi Guardian detection and tracking tool for network activities, as well as the Nozomi Central Management Console CMC, relates to the lack of protective measures taken against SQL query structures during parameter sorting. Exploiting this vulnerability could allow an...

The vulnerability of microprogrammed software in Advantech EKI-1524, EKI-1522, and EKI-1521 industrial switches stems from the lack of protective measures for website structures. This allows attackers to perform cross-site scripting attacks.

The vulnerability of microprogrammed software in Advantech EKI-1524, EKI-1522, and EKI-1521 industrial switches exists due to the lack of measures taken to protect the website structure. Exploiting this vulnerability allows a remote attacker to perform cross-site scripting attacks...

Design/Logic Flaw

A flaw in the networking code handling DNS-over-TLS queries may cause named to terminate unexpectedly due to an assertion failure. This happens when internal data structures are incorrectly reused under significant DNS-over-TLS query load. This issue affects BIND 9 versions 9.18.0 through 9.18.18...

The vulnerability of HTML objects in the software tool for managing identities and access control allows a hacker to carry out XSS attacks.

The vulnerability of HTML objects in software tools for managing identities and access control is related to deficiencies in the security measures used to protect web page structures. Exploiting this vulnerability allows a malicious actor to carry out XSS attacks remotely...

The vulnerability of the XWiki Platform, a platform for creating collaborative web applications, stems from the lack of protective measures for website structures. This allows attackers to carry out Cross-Site Scripting (XSS) attacks.

The vulnerability of the XWiki Platform lies in the lack of measures taken to protect the structure of web pages. Exploiting this vulnerability allows a malicious actor to carry out cross-site scripting attacks XSS remotely...

The vulnerability of the XWiki Platform, a platform for creating collaborative web applications, stems from the lack of protective measures for website structures. This allows attackers to carry out Cross-Site Scripting (XSS) attacks.

The vulnerability of the XWiki Platform lies in the lack of measures taken to protect the structure of web pages. Exploiting this vulnerability allows a malicious actor to carry out cross-site scripting attacks XSS remotely...

The vulnerability of the XWiki Platform, a platform for creating collaborative web applications, stems from the lack of protective measures for website structures. This allows attackers to carry out Cross-Site Scripting (XSS) attacks.

The vulnerability of the XWiki Platform lies in the lack of measures taken to protect the structure of web pages. Exploiting this vulnerability allows a malicious actor to carry out cross-site scripting attacks XSS remotely...

Exploit for Link Following in Microsoft

CVE-2023-36874 Windows Error Reporting LPE BOF Introductio...

The vulnerability of the Softing edgeAggregator data integration tool lies in its lack of protection for website structures, allowing attackers to execute arbitrary code with root privileges.

The vulnerability of the Softing edgeAggregator data integration tool is related to the lack of security measures taken to protect the website structure. Exploiting this vulnerability allows a malicious actor to execute arbitrary code with root privileges...

Envoy 资源管理错误漏洞

Envoy is an open source distributed proxy server. A resource management error vulnerability exists in Envoy versions prior to 1.27.0, which stems from the possibility that Envoy's HTTP/2 codec may leak header maps and bookkeeping structures after receiving the frame RSTSTREAM from an upstream...

Denial Of Service (DoS)

github.com/cometbft/cometbft is vulnerable to Denial of Service DoS attacks. A list and a map are the two data structures that the mempool utilizes to keep track of unfinished transactions. The same transaction may occur several times if these structures are out of sync, even though they should b...

CometBFT may duplicate transactions in the mempool's data structures

Impact The mempool maintains two data structures to keep track of outstanding transactions: a list and a map. These two data structures are supposed to be in sync all the time in the sense that the map tracks the index if any of the transaction in the list. Unfortunately, it is possible to have...

CVE-2023-34451 CometBFT may duplicate transactions in the mempool's data structures

CometBFT is a Byzantine Fault Tolerant BFT middleware that takes a state transition machine and replicates it on many machines. The mempool maintains two data structures to keep track of outstanding transactions: a list and a map. These two data structures are supposed to be in sync all the time ...

CVE-2023-34451 CometBFT may duplicate transactions in the mempool's data structures

CometBFT is a Byzantine Fault Tolerant BFT middleware that takes a state transition machine and replicates it on many machines. The mempool maintains two data structures to keep track of outstanding transactions: a list and a map. These two data structures are supposed to be in sync all the time ...

PT-2023-24887 · Cometbft · Cometbft

Name of the Vulnerable Software and Affected Versions: CometBFT versions v0.34.28 and prior, v0.37.0, v0.37.1 Description: The mempool in CometBFT maintains two data structures, a list and a map, to track outstanding transactions. These data structures are supposed to be in sync, with the map...

DEBIAN-CVE-2023-36464

pypdf is an open source, pure-python PDF library. In affected versions an attacker may craft a PDF which leads to an infinite loop if parsecontentstream is executed. That is, for example, the case if the user extracted text from such a PDF. This issue was introduced in pull request 969 and resolv...

CVE-2023-36464 Infinite Loop when a comment isn't followed by a character in pypdf

pypdf is an open source, pure-python PDF library. In affected versions an attacker may craft a PDF which leads to an infinite loop if parsecontentstream is executed. That is, for example, the case if the user extracted text from such a PDF. This issue was introduced in pull request 969 and resolv...