EUVD-2024-2795

Malicious code in bioql PyPI...

WordPress Dynamic Pricing With Discount Rules for WooCommerce plugin <= 4.5.9 - Arbitrary Code Execution vulnerability

Arbitrary Code Execution vulnerability discovered by tratt Patchstack Alliance in WordPress Plugin Dynamic Pricing With Discount Rules for WooCommerce versions = 4.5.9...

Adobe Digital Editions < 4.5.10 Information Disclosure (APSB19-04) (macOS)

The version of Adobe Digital Editions installed on the remote macOS host is prior to 4.5.10. It is, therefore, affected by a vulnerability as referenced in the APSB19-04 advisory. - Adobe Digital Editions versions 4.5.9 and below have an out of bounds read vulnerability. Successful exploitation...

CVE-2024-8391

A flaw was found in the gRPC server in Eclipse Vert.x, which does not limit the maximum length of the message payload. This may lead to excessive memory consumption in a server or a client, causing a denial of service. Mitigation Mitigation for this issue is either not available or the currently...

Vertx gRPC server does not limit the maximum message size

In Eclipse Vert.x version 4.3.0 to 4.5.9, the gRPC server does not limit the maximum length of message payload Maven GAV: io.vertx:vertx-grpc-server and io.vertx:vertx-grpc-client. This is fixed in the 4.5.10 version. Note this does not affect the Vert.x gRPC server based grpc-java and Netty...

GHSA-G76F-GJFX-4RPR Vertx gRPC server does not limit the maximum message size

In Eclipse Vert.x version 4.3.0 to 4.5.9, the gRPC server does not limit the maximum length of message payload Maven GAV: io.vertx:vertx-grpc-server and io.vertx:vertx-grpc-client. This is fixed in the 4.5.10 version. Note this does not affect the Vert.x gRPC server based grpc-java and Netty...

CVE-2024-8391

In Eclipse Vert.x version 4.3.0 to 4.5.9, the gRPC server does not limit the maximum length of message payload Maven GAV: io.vertx:vertx-grpc-server and io.vertx:vertx-grpc-client. This is fixed in the 4.5.10 version. Note this does not affect the Vert.x gRPC server based grpc-java and Netty...

CVE-2024-8391 Eclipse Vert.x gRPC server does not limit the maximum message size

In Eclipse Vert.x version 4.3.0 to 4.5.9, the gRPC server does not limit the maximum length of message payload Maven GAV: io.vertx:vertx-grpc-server and io.vertx:vertx-grpc-client. This is fixed in the 4.5.10 version. Note this does not affect the Vert.x gRPC server based grpc-java and Netty...

CVE-2024-8391

CVE-2024-8391 affects Eclipse Vert.x gRPC server components (io.vertx:vertx-grpc-server and vertx-grpc-client) across Vert.x 4.3.0–4.5.9. The underlying issue is an unbounded maximum payload length in the gRPC server, which can lead to memory exhaustion and denial of service. The fix is available...

CVE-2024-8391 Eclipse Vert.x gRPC server does not limit the maximum message size

In Eclipse Vert.x version 4.3.0 to 4.5.9, the gRPC server does not limit the maximum length of message payload Maven GAV: io.vertx:vertx-grpc-server and io.vertx:vertx-grpc-client. This is fixed in the 4.5.10 version. Note this does not affect the Vert.x gRPC server based grpc-java and Netty...

PT-2022-24630 · WordPress · Wpml Multilingual Cms

Name of the Vulnerable Software and Affected Versions: WPML Multilingual CMS premium plugin versions = 4.5.10 Description: The issue allows users with subscriber or higher user roles to change the status of the translation jobs due to a Broken Access Control vulnerability in the WPML Multilingual...

PT-2022-24416 · WordPress · Wpml Multilingual Cms

Name of the Vulnerable Software and Affected Versions: WPML Multilingual CMS premium plugin versions = 4.5.10 Description: The issue allows users with a subscriber or higher user role to change plugin settings, including the selected language for legacy widgets and the default behavior for media...

Vulnerability fixed in PowerDNS recursor

PowerDNS has fixed a vulnerability in PowerDNS recursor. A remote malicious party could potentially exploit the vulnerability to cause a denial-of-service. To exploit the vulnerability, the malicious party must use use an IP address allowed by the Access Control List and the vulnerable environmen...

Ivory Search < 4.5.11 - Authenticated Reflected Cross-Site Scripting (XSS)

The setting page of Ivory Search 4.5.10 is vulnerable to reflected XSS when a logged in administrator visit a malicious link or page, as it does not sanitise or escape the GET post parameter before outputting it in a tag attribute PoC As an admin user, open:...

ownCloud 'contacts' Security Bypass Vulnerability (May 2014)

ownCloud is prone to a security bypass vulnerability. SPDX-FileCopyrightText: 2014 Greenbone AG Some text descriptions might be excerpted from a referenced sources, and are Copyright C by the respective right holders. SPDX-License-Identifier: GPL-2.0-only CPE = "cpe:/a:owncloud:owncloud"; if...

UBUNTU-CVE-2013-1963

The contacts application in ownCloud before 4.5.10 and 5.x before 5.0.5 does not properly check the ownership of contacts, which allows remote authenticated users to download arbitrary contacts via unspecified vectors...