CVSS: 8.8EPSS: 0%CPEs: 1EXPL: 0CVE-2023-46784 – WordPress ICS Calendar plugin <= 10.12.0.3 - SSRF and Arbitrary File Read vulnerability
https://notcve.org/view.php?id=CVE-2023-46784
Improper Limitation of a Pathname to a Restricted Directory ('Path Traversal'), Server-Side Request Forgery (SSRF) vulnerability in Room 34 Creative Services, LLC ICS Calendar ics-calendar allows Absolute Path Traversal, : Server Side Request Forgery.This issue affects ICS Calendar: from n/a through 10.12.0.3. Limitación incorrecta de un nombre de ruta a un directorio restringido ("Path Traversal"), vulnerabilidad de Server-Side Request Forgery (SSRF) en Room 34 Creative Services, LLC ICS Calendar ics-calendar permite un path traversal absoluto: Server Side Request Forgery. Este problema afecta al Calendario ICS: desde n/a hasta 10.12.0.3. The ICS Calendar plugin for WordPress is vulnerable to Path Traversal in all versions up to, and including, 10.12.0.2. This makes it possible for authenticated attackers, with contributor-level access and above, to read the contents of arbitrary files on the server, which can contain sensitive information. • https://patchstack.com/database/vulnerability/ics-calendar/wordpress-ics-calendar-plugin-10-12-0-2-ssrf-and-arbitrary-file-read-vulnerability?_s_id=cve • CWE-22: Improper Limitation of a Pathname to a Restricted Directory ('Path Traversal') CWE-918: Server-Side Request Forgery (SSRF) •
CVSS: 6.5EPSS: 0%CPEs: 3EXPL: 0CVE-2019-6473 – A packet containing a malformed DUID can cause the kea-dhcp6 server to terminate
https://notcve.org/view.php?id=CVE-2019-6473
An invalid hostname option can trigger an assertion failure in the Kea DHCPv4 server process (kea-dhcp4), causing the server process to exit. Versions affected: 1.4.0 to 1.5.0, 1.6.0-beta1, and 1.6.0-beta2. Una opción de nombre de host no válido puede desencadenar un fallo de aserción en el proceso del servidor Kea DHCPv4 (kea-dhcp4), causando que el proceso del servidor se cierre. Versiones afectadas: 1.4.0 hasta 1.5.0, 1.6.0-beta1 y 1.6.0-beta2. • https://kb.isc.org/docs/cve-2019-6473 • CWE-617: Reachable Assertion •