GO-2022-0189 Remote command execution via "go get" with "-u" flag in cmd/go

The "go get" command is vulnerable to remote code execution when executed with the -u flag and the import path of a malicious Go package, or a package that imports it directly or indirectly. Specifically, it is only vulnerable in GOPATH mode, but not in module mode the distinction is documented a...

SUSE SLES15 Security Update : booth (SUSE-SU-2022:2608-1)

The remote SUSE Linux SLES15 / SLESSAP15 host has a package installed that is affected by a vulnerability as referenced in the SUSE-SU-2022:2608-1 advisory. - The authfile directive in the booth config file is ignored, preventing use of authentication in communications from node to node. As a...

CVE-2022-1585

The Project Source Code Download WordPress plugin through 1.0.0 does not protect its backup generation and download functionalities, which may allow any visitors on the site to download the entire site, including sensitive files like wp-config.php...

SUSE-SU-2022:2609-1 Security update for booth

This update for booth fixes the following issues: - CVE-2022-2553: authfile directive in booth config file is completely ignored bsc1201946...

SUSE-SU-2022:2608-1 Security update for booth

This update for booth fixes the following issues: - CVE-2022-2553: authfile directive in booth config file is completely ignored bsc1201946...

SUSE-SU-2022:2606-1 Security update for booth

This update for booth fixes the following issues: - CVE-2022-2553: authfile directive in booth config file is completely ignored bsc1201946...

WordPress plugin Simple Membership 安全漏洞

WordPress and WordPress plugin are both products of the WordPress Foundation.WordPress is a blogging platform developed using the PHP language. The platform supports personal blog sites on PHP and MySQL servers.WordPress plugin is an application plugin. A security vulnerability exists in the...

PrestaShop SQL注入漏洞

PrestaShop is an open source e-commerce solution from PrestaShop, Inc. in the United States. The solution provides multiple payment methods, short message alerts and product image scaling. A SQL injection vulnerability exists in PrestaShop versions 1.6.0.10 through 1.7.8.6, which stems from a...

[SECURITY] Fedora 36 Update: mqttcli-0.2.3-3.fc36

mqttcli provides two programs pub and sub that allow command-line access to an MQTT broker. sub subscribes to a topic and prints messages received to standard output. pub publishes the provided message to the provided topic. Both programs accept flags that can be provided as a config file...

CVE-2022-2553

The authfile directive in the booth config file is ignored, preventing use of authentication in communications from node to node. As a result, nodes that do not have the correct authentication key are not prevented from communicating with other nodes in the cluster...

CVE-2022-2553

The authfile directive in the booth config file is ignored, preventing use of authentication in communications from node to node. As a result, nodes that do not have the correct authentication key are not prevented from communicating with other nodes in the cluster...

CVE-2022-2553

The authfile directive in the booth config file is ignored, preventing use of authentication in communications from node to node. As a result, nodes that do not have the correct authentication key are not prevented from communicating with other nodes in the cluster...

CVE-2022-31213

An issue was discovered in dbus-broker before 31. Multiple NULL pointer dereferences can be found when supplying a malformed XML config file...

DEBIAN-CVE-2022-31213

An issue was discovered in dbus-broker before 31. Multiple NULL pointer dereferences can be found when supplying a malformed XML config file...

Null pointer dereference

An issue was discovered in dbus-broker before 31. Multiple NULL pointer dereferences can be found when supplying a malformed XML config file...

CVE-2022-2222

The Download Monitor WordPress plugin before 4.5.91 does not ensure that files to be downloaded are inside the blog folders, and not sensitive, allowing high privilege users such as admin to download the wp-config.php or /etc/passwd even in an hardened environment or multisite setup...

CVE-2022-31213

An issue was discovered in dbus-broker before 31. Multiple NULL pointer dereferences can be found when supplying a malformed XML config file...

CVE-2022-31213

CVE-2022-31213 affects dbus-broker prior to 31, with multiple NULL pointer dereferences when a malformed XML config is supplied. Related advisory entries also reference CVE-2022-31212 (buffer over-read on parsing the Exec line). Impact is high (availability) per CVSS, and several distributions li...

Denial Of Service (DoS)

github.com/kubeedge/kubeedge is vulnerable to denial of service. An attacker can crash the application by sending a malicious HTTP request with a large body into the processMessage function of servicebus.go when users have enabled the ServiceBus module in the edgecore.yaml config file...

Design/Logic Flaw

KubeEdge is an open source system for extending native containerized application orchestration capabilities to hosts at Edge. Prior to versions 1.11.1, 1.10.2, and 1.9.4, the CloudCore Router does not impose a limit on the size of responses to requests made by the REST handler. An attacker could...