WP Tools Increase Maximum Limits, Repair, Server PHP Info, Javascript Errors, File Permissions, Transients, Error Log Security Vulnerabilities

PT-2021-02: Encryption bypass when downloading a firmware update in Diebold-Nixdorf RM3/CRS

PT-2021-02: Encryption bypass when downloading a firmware update in Diebold-Nixdorf RM3/CRS RM3/CRS dispenser firmware (all versions up to and including 41128 1002 RM3_CRS.BTR + 170329 2332 RM3_CRS.FRM) Severity: Severity level: High Encryption bypass when downloading a firmware update in...

PT-2021-01: Encryption bypass when downloading a firmware update in Diebold-Nixdorf CMDv5

PT-2021-01: Encryption bypass when downloading a firmware update in Diebold-Nixdorf CMDv5 CMDv5 dispenser firmware (all versions up to and including 141128 1002 CD5_ATM.BTR + 170329 2332 CD5_ATM.FRM) Severity: Severity level: High Encryption bypass when downloading a firmware update in...

CVE-2024-5590 Netentsec NS-ASG Application Security Gateway JSON Content uploadiscuser.php sql injection

A vulnerability was found in Netentsec NS-ASG Application Security Gateway 6.3. It has been declared as critical. This vulnerability affects unknown code of the file /protocol/iscuser/uploadiscuser.php of the component JSON Content Handler. The manipulation of the argument messagecontent leads to.....

CVE-2024-5589 Netentsec NS-ASG Application Security Gateway sql injection

A vulnerability was found in Netentsec NS-ASG Application Security Gateway 6.3. It has been classified as critical. This affects an unknown part of the file /admin/config_MT.php?action=delete. The manipulation of the argument Mid leads to sql injection. It is possible to initiate the attack...

SQL Injection in Harbor scan log API

Impact A user with an administrator, project_admin, or project_maintainer role could utilize and exploit SQL Injection to allow the execution of any Postgres function or the extraction of sensitive information from the database through this API: GET...

Open Redirect URL in Harbor

Description Under OIDC authentication mode, there is a redirect_url parameter exposed in the URL which is used to redirect the current user to the defined location after the successful OIDC login, This redirect_url can be an ambiguous URL and can be used to embed a phishing URL. For example: if a.....

Password confirmation stored in plain text via registration form in statamic/cms

Users registering via the user:register_form tag will have their password confirmation stored in plain text in their user file. Impact This only affects sites matching all of the following conditions: - Running Statamic versions between 5.3.0 and 5.6.1. (This version range represents only one...

Unsafe Reflection in base Component class in yiisoft/yii2

Yii2 supports attaching Behaviors to Components by setting properties having the format 'as <behaviour-name>'. Internally this is done using the __set() magic method. If the value passed to this method is not an instance of the Behavior class, a new object is instantiated using...

path traversal vulnerability was identified in the parisneo/lollms-webui

A path traversal vulnerability was identified in the parisneo/lollms-webui repository, specifically within version 9.6. The vulnerability arises due to improper handling of user-supplied input in the 'list_personalities' endpoint. By crafting a malicious HTTP request, an attacker can traverse the.....

code injection vulnerability exists in the huggingface/text-generation-inference repository

A code injection vulnerability exists in the huggingface/text-generation-inference repository, specifically within the autodocs.yml workflow file. The vulnerability arises from the insecure handling of the github.head_ref user input, which is used to dynamically construct a command for installing.....

qdrant is vulnerable to path traversal due to improper input validation in the `/collections/{name}/snapshots/upload` endpoint

qdrant/qdrant version 1.9.0-dev is vulnerable to path traversal due to improper input validation in the /collections/{name}/snapshots/upload endpoint. By manipulating the name parameter through URL encoding, an attacker can upload a file to an arbitrary location on the system, such as...

Improper Handling of Insufficient Permissions in `wagtail.contrib.settings`

Impact Due to an improperly applied permission check in the wagtail.contrib.settings module, a user with access to the Wagtail admin and knowledge of the URL of the edit view for a settings model can access and update that setting, even when they have not been granted permission over the model....

Slack integration leaks sensitive information in logs

Impact Sentry's Slack integration incorrectly records the incoming request body in logs. This request data can contain sensitive information, including the deprecated Slack verification token. With this verification token, it is possible under specific configurations, an attacker can forge...

Sensitive Data Disclosure Vulnerability in Connection Configuration Endpoints

The Fides webserver has a number of endpoints that retrieve ConnectionConfiguration records and their associated secrets which can contain sensitive data (e.g. passwords, private keys, etc.). These secrets are stored encrypted at rest (in the application database), and the associated endpoints are....

Reflected Cross-site Scripting in yiisoft/yii2 Debug mode

During the internal penetration testing of our product based on Yii2, we discovered an XSS vulnerability within the framework itself. This issue is relevant for the latest version of Yii2 (2.0.49.3). Conditions for vulnerability reproduction The framework is in debug mode (YII_DEBUG set to true)......

CVE-2022-31629 affecting package php 7.4.14-3

CVE-2022-31629 affecting package php 7.4.14-3. This CVE either no longer is or was never...

CVE-2017-9120 affecting package php 7.4.14-3

CVE-2017-9120 affecting package php 7.4.14-3. This CVE either no longer is or was never...

CVE-2017-8923 affecting package php 7.4.14-3

CVE-2017-8923 affecting package php 7.4.14-3. This CVE either no longer is or was never...

CVE-2021-21704 affecting package php 7.4.14-3

CVE-2021-21704 affecting package php 7.4.14-3. This CVE either no longer is or was never...

CVE-2007-3205 affecting package php 7.4.14-3

CVE-2007-3205 affecting package php 7.4.14-3. This CVE either no longer is or was never...

CVE-2022-31628 affecting package php 7.4.14-3

CVE-2022-31628 affecting package php 7.4.14-3. This CVE either no longer is or was never...

CVE-2017-9118 affecting package php 7.4.14-3

CVE-2017-9118 affecting package php 7.4.14-3. This CVE either no longer is or was never...

CVE-2020-7071 affecting package php 7.4.14-3

CVE-2020-7071 affecting package php 7.4.14-3. This CVE either no longer is or was never...

CVE-2022-31626 affecting package php 7.4.14-3

CVE-2022-31626 affecting package php 7.4.14-3. This CVE either no longer is or was never...

CVE-2021-21705 affecting package php 7.4.14-3

CVE-2021-21705 affecting package php 7.4.14-3. This CVE either no longer is or was never...

CVE-2021-21703 affecting package php 7.4.14-3

CVE-2021-21703 affecting package php 7.4.14-3. This CVE either no longer is or was never...

CVE-2007-3205 affecting package php 8.1.28-1

CVE-2007-3205 affecting package php 8.1.28-1. No patch is available...

CVE-2021-21707 affecting package php 7.4.14-3

CVE-2021-21707 affecting package php 7.4.14-3. This CVE either no longer is or was never...

CVE-2022-31625 affecting package php 7.4.14-3

CVE-2022-31625 affecting package php 7.4.14-3. This CVE either no longer is or was never...

CVE-2021-21708 affecting package php 7.4.14-3

CVE-2021-21708 affecting package php 7.4.14-3. This CVE either no longer is or was never...

CVE-2021-21702 affecting package php 7.4.14-3

CVE-2021-21702 affecting package php 7.4.14-3. This CVE either no longer is or was never...

CVE-2023-39325 affecting package cri-tools for versions less than 1.28.0-2

CVE-2023-39325 affecting package cri-tools for versions less than 1.28.0-2. An upgraded version of the package is available that resolves this...

CVE-2023-44487 affecting package cri-tools for versions less than 1.28.0-2

CVE-2023-44487 affecting package cri-tools for versions less than 1.28.0-2. An upgraded version of the package is available that resolves this...

CVE-2023-44487 vulnerabilities

Vulnerabilities for packages: fuse-overlayfs-snapshotter, goreleaser, bom, slsa-verifier, external-dns, prometheus, dynamic-localpv-provisioner, envoy-ratelimit, gke-gcloud-auth-plugin, weaviate, kubescape, keda, aws-efs-csi-driver, secrets-store-csi-driver-provider-gcp, grpcurl, conftest,...

GHSA-X84C-P2G9-RQV9 vulnerabilities

Vulnerabilities for packages: grype, wolfictl, melange, harbor-scanner-trivy, k3d, policy-controller, prometheus, tekton-pipelines, docker, helm-push, kaniko, dagger, neuvector-scanner, syft, docker-compose, buf,...

CVE-2024-21885 vulnerabilities

Vulnerabilities for packages:...

GHSA-95PR-FXF5-86GV vulnerabilities

Vulnerabilities for packages: apko, goreleaser, melange, tekton-chains, policy-controller, ko, slsa-verifier, vexctl, wolfictl, zarf, skaffold, kubescape, spire-server, falco, flux-source-controller, zot, tkn, falcoctl, gitsign, neuvector-sigstore-interface,...

GHSA-2C7C-3MJ9-8FQH vulnerabilities

Vulnerabilities for packages: kyverno, tekton-chains, vault, slsa-verifier, oauth2-proxy, fulcio, traefik, terragrunt, vexctl, argo-cd, cloudflared, dex, kubescape, sops, spire-server, rekor, falco, keda, flux-source-controller, istio-pilot-discovery, kots, tkn, flux-kustomize-controller, gitsign,....

CVE-2024-29018 vulnerabilities

Vulnerabilities for packages: goreleaser, melange, ko, ctop, wolfictl, crossplane, prometheus, syft, docker-compose, kubescape, spire-server, conftest, telegraf, up, zot, buf, tkn, buildkitd, cadvisor, grype, trivy, datadog-agent, dagger, kargo, loki, kaniko,...

GHSA-MQ39-4GV4-MVPX vulnerabilities

Vulnerabilities for packages: goreleaser, melange, ko, ctop, wolfictl, crossplane, prometheus, syft, docker-compose, kubescape, spire-server, conftest, telegraf, up, zot, buf, tkn, buildkitd, cadvisor, grype, trivy, datadog-agent, dagger, kargo, loki, kaniko,...

GHSA-8R3F-844C-MC37 vulnerabilities

Vulnerabilities for packages: guac, fuse-overlayfs-snapshotter, goreleaser, melange, restic, tekton-chains, kyverno-policy-reporter, trust-manager, kine, prometheus-beat-exporter, slsa-verifier, kubernetes-csi-external-snapshotter, fulcio, kor, cfssl, external-dns, kuberay-operator,...

CVE-2023-45289 vulnerabilities

Vulnerabilities for packages: fuse-overlayfs-snapshotter, goreleaser, fq, go-licenses, bom, kyverno-policy-reporter, kine, prometheus-beat-exporter, slsa-verifier, kubernetes-csi-external-snapshotter, kor, cfssl, newrelic-prometheus-configurator, external-dns, govulncheck, kuberay-operator,...

CVE-2024-27304 vulnerabilities

Vulnerabilities for packages: temporal-server, keda, trillian, kube-bench, step-ca, telegraf, vault, src, k3s, kine, kots, spicedb, ferretdb, argo-workflows, amass,...

GHSA-MRWW-27VC-GGHV vulnerabilities

Vulnerabilities for packages: temporal-server, keda, trillian, kube-bench, step-ca, telegraf, vault, src, k3s, kine, kots, spicedb, ferretdb, argo-workflows, amass,...

GHSA-VQ7J-GX56-RXJH vulnerabilities

Vulnerabilities for packages: kind, falco,...

CVE-2024-28219 vulnerabilities

Vulnerabilities for packages: kubeflow-pipelines-visualization-server, py3-pillow,...

CVE-2024-21886 vulnerabilities

Vulnerabilities for packages:...

GHSA-49WX-9H9F-8C9G vulnerabilities

Vulnerabilities for packages:...

CVE-2024-31080 vulnerabilities

Vulnerabilities for packages:...

CVE-2024-21506 vulnerabilities

Vulnerabilities for packages: datadog-agent, py3-pymongo,...