WordPress Device Wrapper Plugin < 1.1.1 is vulnerable to Cross Site Scripting (XSS)

Software Device Wrapper Type Plugin Vulnerable versions 1.1.1 Fixed in 1.1.1 OWASP Top 10 A3: Injection Classification Cross Site Scripting XSS CVE CVE-2023-33999 Patch priority Medium CVSS severity Medium 7.1 Developer Claim ownership PSID dffe70065f07 Credits Rafie Muhammad Patchstack Required...

Mozilla: Potential use-after-free from compartment mismatch in SpiderMonkey

The Mozilla Foundation Security Advisory describes this flaw as: Cross-compartment wrappers wrapping a scripted proxy could have caused objects from other compartments to be stored in the main compartment resulting in a use-after-free...

Security Bulletin: IBM® Db2® federated server is vulnerable to a denial of service when using a specially crafted wrapper using certain options. (CVE-2023-30442)

Summary IBM® Db2® federated server is vulnerable to a denial of service as the server may crash when using a specially crafted wrapper using certain options. Vulnerability Details CVEID:CVE-2023-30442 DESCRIPTION: IBM DB2 for Linux, UNIX and Windows includes Db2 Connect Server federated server is...

CVE-2023-30442

IBM Db2 for Linux, UNIX and Windows includes Db2 Connect Server 11.1 and 11.5 federated server is vulnerable to a denial of service as the server may crash when using a specially crafted wrapper using certain options. IBM X-Force ID: 253202...

Design/Logic Flaw

IBM Db2 for Linux, UNIX and Windows includes Db2 Connect Server 11.1 and 11.5 federated server is vulnerable to a denial of service as the server may crash when using a specially crafted wrapper using certain options. IBM X-Force ID: 253202...

CVE-2023-30442 IBM Db2 denial of service

IBM Db2 for Linux, UNIX and Windows includes Db2 Connect Server 11.1 and 11.5 federated server is vulnerable to a denial of service as the server may crash when using a specially crafted wrapper using certain options. IBM X-Force ID: 253202...

CVE-2023-35863

In MADEFORNET HTTP Debugger through 9.12, the Windows service does not set the seclevel registry key before launching the driver. Thus, it is possible for an unprivileged application to obtain a handle to the NetFilterSDK wrapper before the service obtains exclusive access...

CVE-2023-35863

In MADEFORNET HTTP Debugger through 9.12, the Windows service does not set the seclevel registry key before launching the driver. Thus, it is possible for an unprivileged application to obtain a handle to the NetFilterSDK wrapper before the service obtains exclusive access...

CVE-2023-35863

In MADEFORNET HTTP Debugger through 9.12, the Windows service does not set the seclevel registry key before launching the driver. Thus, it is possible for an unprivileged application to obtain a handle to the NetFilterSDK wrapper before the service obtains exclusive access...

PT-2023-25352 · Madefornet · Madefornet Http Debugger

Name of the Vulnerable Software and Affected Versions: MADEFORNET HTTP Debugger versions 9.12 and earlier Description: The issue arises because the Windows service in MADEFORNET HTTP Debugger does not set the seclevel registry key before launching the driver. This allows an unprivileged applicati...

CVE-2023-35863

In MADEFORNET HTTP Debugger through 9.12, the Windows service does not set the seclevel registry key before launching the driver. Thus, it is possible for an unprivileged application to obtain a handle to the NetFilterSDK wrapper before the service obtains exclusive access...

UBUNTU-CVE-2023-35169

PHP-IMAP is a wrapper for common IMAP communication without the need to have the php-imap module installed / enabled. Prior to version 5.3.0, an unsanitized attachment filename allows any unauthenticated user to leverage a directory traversal vulnerability, which results in a remote code executio...

CVE-2023-35169 php-imap vulnerable to RCE through a directory traversal vulnerability

PHP-IMAP is a wrapper for common IMAP communication without the need to have the php-imap module installed / enabled. Prior to version 5.3.0, an unsanitized attachment filename allows any unauthenticated user to leverage a directory traversal vulnerability, which results in a remote code executio...

Missing store revert in case of swap error can lead to loss of funds

Lines of code Vulnerability details Impact The module is expected to have no state changes in case a swap failed, and continue to the conversion phase. It was implemented by swallowing the error with a log and continuing with the flow erc20 conversion, etc. This is the relevant code section:...

TOPdesk 安全漏洞

TOPdesk is a comprehensive terminal management software product from TOPdesk, Inc. A security vulnerability exists in TOPdesk version v12.10.12, which originates from an XML Signature Wrapper XSW in the SAML-based Single Sign-On functionality, that allows an attacker to impersonate any TOPdesk us...

CLSA-2023-1686859492 php: Fix of 3 CVEs

CVE-2022-31628: Fix potential infinite recursion in phar wrapper when using quine gzip file - CVE-2022-31629: Add cookie integrity validation - CVE-2022-31631: Fix integer overflow that could cause PDO::quote to return an improperly quoted string...

CLSA-2023-1686858853 php: Fix of 3 CVEs

CVE-2022-31628: Fix potential infinite recursion in phar wrapper when using quine gzip file - CVE-2022-31629: Add cookie integrity validation - CVE-2022-31631: Fix integer overflow that could cause PDO::quote to return an improperly quoted string...

Code Injection

nuxt is vulnerable to Code Injection. The vulnerability exists due to a lack of user input path validation in test-component-wrapper.ts which allows an attacker to inject and execute malicious code. Note that this vulnerability is only applicable if the server is ran on dev mode...

GHSA-X32C-59V5-H7FG Langchain OS Command Injection vulnerability

Langchain before v0.0.225 was discovered to contain a remote code execution RCE vulnerability in the component JiraAPIWrapper aka the JIRA API wrapper. This vulnerability allows attackers to execute arbitrary code via crafted input. As noted in the "releases/tag" reference, a fix is available...

CVE-2023-34540

Langchain before v0.0.225 was discovered to contain a remote code execution RCE vulnerability in the component JiraAPIWrapper aka the JIRA API wrapper. This vulnerability allows attackers to execute arbitrary code via crafted input. As noted in the "releases/tag" reference, a fix is available...