PT-2023-29406 · Unknown · Urvanov Syntax Highlighter

Name of the Vulnerable Software and Affected Versions: Fedor Urvanov, Aram Kocharyan Urvanov Syntax Highlighter plugin versions = 2.8.33 Description: The issue is related to a Cross-Site Request Forgery CSRF vulnerability. This type of vulnerability allows an attacker to trick a user into...

WordPress plugin Urvanov Syntax Highlighter Cross-Site Request Forgery Vulnerability

WordPress and WordPress plugin are both products of the WordPress Foundation.WordPress is a blogging platform developed using the PHP language. The platform supports setting up personal blog sites on servers with PHP and MySQL.WordPress plugin is an application plugin. A cross-site request forger...

WordPress Urvanov Syntax Highlighter Plugin <= 2.8.33 is vulnerable to Cross Site Request Forgery (CSRF)

Software Urvanov Syntax Highlighter Type Plugin Vulnerable versions = 2.8.33 Fixed in 2.8.34 OWASP Top 10 A5: Broken Access Control Classification Cross Site Request Forgery CSRF CVE CVE-2023-45106 Patch priority Low CVSS severity Low 4.3 Developer Claim ownership PSID 73e06e46354c Credits Mika...

Fedora: Security Advisory for curl (FEDORA-2023-98dff7aae5)

The remote host is missing an update for the SPDX-FileCopyrightText: 2023 Greenbone AG Some text descriptions might be excerpted from a referenced sources, and are Copyright C by the respective right holders. SPDX-License-Identifier: GPL-2.0-only ifdescription...

[SECURITY] Fedora 39 Update: curl-8.2.1-2.fc39

curl is a command line tool for transferring data with URL syntax, supporting FTP, FTPS, HTTP, HTTPS, SCP, SFTP, TFTP, TELNET, DICT, LDAP, LDAPS, FILE, IMA P, SMTP, POP3 and RTSP. curl supports SSL certificates, HTTP POST, HTTP PUT, FTP uploading, HTTP form based upload, proxies, cookies,...

Dynmx - Signature-based Detection Of Malware Features Based On Windows API Call Sequences

dynmx spoken dynamics is a signature-based detection approach for behavioural malware features based on Windows API call sequences. In a simplified way, you can think of dynmx as a sort of YARA for API call traces so called function logs originating from malware sandboxes. Hence, the data basis f...

The vulnerability of the web page rendering modules in WebKitGTK and WPE WebKit lies in errors in the processing of input data during syntax analysis of code. This allows an attacker to execute arbitrary code.

The vulnerability of the Web page rendering modules in WebKitGTK and WPE WebKit is related to errors in processing input data during syntax analysis of the code. Exploiting this vulnerability allows an attacker to execute arbitrary code remotely...

Oracle Linux 9 : thunderbird (ELSA-2023-4955)

The remote Oracle Linux 9 host has a package installed that is affected by multiple vulnerabilities as referenced in the ELSA-2023-4955 advisory. 102.15.0-1.0.1 - Update to 102.15.0 build1 Tenable has extracted the preceding description block directly from the Oracle Linux security advisory. Note...

Fedora: Security Advisory (FEDORA-2023-845edc1181)

The remote host is missing an update for the SPDX-FileCopyrightText: 2023 Greenbone AG Some text descriptions might be excerpted from a referenced sources, and are Copyright C by the respective right holders. SPDX-License-Identifier: GPL-2.0-only ifdescription...

acme-rs (>=0.1.0 <=0.2.0), apkeep (>=0.6.0 <=0.13.0) +23 more potentially affected by CVE-2023-39914 via bcder (>=0.1.0 <=0.6.1)

bcder CARGO version =0.1.0, =0.1.0, =0.6.0, =0.1.0, =0.8.0, =0.1.0, =0.1.0, =0.1.0, =0.1.1, =0.1.0, =1.0.0, =0.1.0, =0.1.0, =0.1.5, =0.3.0, =0.19.0, =0.20.0 and more Source cves: CVE-2023-39914 Source advisory: OSV:RUSTSEC-2023-0062...

CVE-2023-4893

The Crayon Syntax Highlighter plugin for WordPress is vulnerable to Server Side Request Forgery via the 'crayon' shortcode in versions up to, and including, 2.8.4. This can allow authenticated attackers with contributor-level permissions or above to make web requests to arbitrary locations...

CVE-2023-4893

The Crayon Syntax Highlighter plugin for WordPress is vulnerable to Server Side Request Forgery via the 'crayon' shortcode in versions up to, and including, 2.8.4. This can allow authenticated attackers with contributor-level permissions or above to make web requests to arbitrary locations...

Server side request forgery (ssrf)

The Crayon Syntax Highlighter plugin for WordPress is vulnerable to Server Side Request Forgery via the 'crayon' shortcode in versions up to, and including, 2.8.4. This can allow authenticated attackers with contributor-level permissions or above to make web requests to arbitrary locations...

CVE-2023-4893 Crayon Syntax Highlighter <= 2.8.4 - Authenticated (Contributor+) Server Side Request Forgery

The Crayon Syntax Highlighter plugin for WordPress is vulnerable to Server Side Request Forgery via the 'crayon' shortcode in versions up to, and including, 2.8.4. This can allow authenticated attackers with contributor-level permissions or above to make web requests to arbitrary locations...

CVE-2023-4893 Crayon Syntax Highlighter <= 2.8.4 - Authenticated (Contributor+) Server Side Request Forgery

The Crayon Syntax Highlighter plugin for WordPress is vulnerable to Server Side Request Forgery via the 'crayon' shortcode in versions up to, and including, 2.8.4. This can allow authenticated attackers with contributor-level permissions or above to make web requests to arbitrary locations...

CVE-2023-4893

The CVE-2023-4893 entry concerns the Crayon Syntax Highlighter WordPress plugin. A SSRF vulnerability exists via the crayon shortcode in versions up to and including 2.8.4, allowing authenticated attackers with contributor-level permissions or higher to make web requests from the affected site to...

WordPress plugin Crayon Syntax Highlighter Code Issue Vulnerability

WordPress and WordPress plugin are both products of the WordPress Foundation.WordPress is a blogging platform developed using the PHP language. The platform supports setting up personal blog sites on servers with PHP and MySQL.WordPress plugin is an application plugin. A code issue vulnerability...

WordPress Crayon Syntax Highlighter Plugin <= 2.8.4 is vulnerable to Server Side Request Forgery (SSRF)

Software Crayon Syntax Highlighter Type Plugin Vulnerable versions = 2.8.4 Fixed in N/A OWASP Top 10 A1: Broken Access Control Classification Server Side Request Forgery SSRF CVE CVE-2023-4893 Patch priority Low CVSS severity Low 6.4 Developer Claim ownership PSID 21b930dce2bc Credits Lana Codes...

Crayon Syntax Highlighter <= 2.8.4 - Contributor+ Server Side Request Forgery

Description The plugin is vulnerable to Server Side Request Forgery via the 'crayon' shortcode in versions up to, and including, 2.8.4. This can allow authenticated attackers with contributor-level permissions or above to make web requests to arbitrary locations originating from the web applicati...

CVE-2023-4578

When calling JS::CheckRegExpSyntax a Syntax Error could have been set which would end in calling convertToRuntimeErrorAndClear. A path in the function could attempt to allocate memory when none is available which would have caused a newly created Out of Memory exception to be mishandled as a Synt...