CVE-2021-21305

CarrierWave is an open-source RubyGem which provides a simple and flexible way to upload files from Ruby applications. In CarrierWave before versions 1.3.2 and 2.1.1, there is a code injection vulnerability. The "manipulate!" method inappropriately evals the content of mutation option:read/:write...

Security Bulletin: IBM Security Privileged Identity Manager is affected by security vulnerabilities (CVE-2020-1971, CVE-2020-15999, CVE-2017-12652)

Summary IBM Security Privileged Identity Manager has addressed several security issues as follows. Vulnerability Details CVEID: CVE-2020-1971 DESCRIPTION: OpenSSL is vulnerable to a denial of service, caused by a NULL pointer dereference. If the GENERALNAMEcmp function contain an EDIPARTYNAME, an...

Security Bulletin: IBM Security Privileged Identity Manager is affected by security vulnerabilities (CVE-2020-25684, CVE-2020-25685, CVE-2020-25686)

Summary IBM Security Privileged Identity Manager has addressed issues for dnsmasq as follows. Vulnerability Details CVEID: CVE-2020-25684 DESCRIPTION: dnsmasq is vulnerable to dns cache poisoning, caused by the failure to validate the combination of address/port and the query-id fields of DNS...

CVE-2018-1000507

WP User Groups version 2.0.0 contains a Cross ite Request Forgery CSRF vulnerability in Settings page that can result in allows anybody to modify user groups and types. This attack appear to be exploitable via Admin must click on link. This vulnerability appears to have been fixed in 2.1.1...