Malicious code in trips-pwa-localization (npm)

--- -= Per source details. Do not edit below this line.=- Source: ghsa-malware 2711cf5153838983e0237668dc1baaa1ad85959278de51e6e06702482099b582 Any computer that has this package installed or running should be considered fully compromised. All secrets and keys stored on that computer should be...

MAL-2024-7997 Malicious code in trips-pwa-localization (npm)

--- -= Per source details. Do not edit below this line.=- Source: ghsa-malware 2711cf5153838983e0237668dc1baaa1ad85959278de51e6e06702482099b582 Any computer that has this package installed or running should be considered fully compromised. All secrets and keys stored on that computer should be...

CVE-2024-39303 Weblate vulnerabler to improper sanitization of project backups

Weblate is a web based localization tool. Prior to version 5.6.2, Weblate didn't correctly validate filenames when restoring project backup. It may be possible to gain unauthorized access to files on the server using a crafted ZIP file. This issue has been addressed in Weblate 5.6.2. As a...

CVE-2024-39303

CVE-2024-39303 affects Weblate, a web-based localization tool. The issue, present before Weblate 5.6.2, was improper validation of filenames when restoring project backups, which could allow unauthorized access to server files via a crafted ZIP file. The vulnerability is addressed in Weblate 5.6....

CVE-2024-39303 Weblate vulnerabler to improper sanitization of project backups

Weblate is a web based localization tool. Prior to version 5.6.2, Weblate didn't correctly validate filenames when restoring project backup. It may be possible to gain unauthorized access to files on the server using a crafted ZIP file. This issue has been addressed in Weblate 5.6.2. As a...

GHSA-772M-43F3-HMF8 TYPO3 Broken Access Control in Localization Handling

It has been discovered that backend users having limited access to specific languages are capable of modifying and creating pages in the default language which actually should be disallowed. A valid backend user account is needed in order to exploit this vulnerability...

TYPO3 Broken Access Control in Localization Handling

It has been discovered that backend users having limited access to specific languages are capable of modifying and creating pages in the default language which actually should be disallowed. A valid backend user account is needed in order to exploit this vulnerability...

GHSA-9RX9-7FMH-GJ3G TYPO3 Broken Access Control in Localization Handling

It has been discovered that backend users having limited access to specific languages are capable of modifying and creating pages in the default language which actually should be disallowed. A valid backend user account is needed in order to exploit this vulnerability...

TYPO3 Broken Access Control in Localization Handling

It has been discovered that backend users having limited access to specific languages are capable of modifying and creating pages in the default language which actually should be disallowed. A valid backend user account is needed in order to exploit this vulnerability...

Security Bulletin: Common Vulnerabilities in Cloudera Data Platform Private Cloud Base 7.1.9.

Summary Common vulnerabilities reported in Cloudera Data Platform Private Cloud Base 7.1.9 have been addressed, and are available in Hotfix 2. Vulnerability Details CVEID:CVE-2015-1772 DESCRIPTION: Apache Hive could allow a remote attacker to bypass security restrictions, caused by an error in th...

CVE-2024-32466

Tolgee is an open-source localization platform. For the /v2/projects/translations and /v2/projects/projectId/translations endpoints, translation data was returned even when API key was missing translation.view scope. However, it was impossible to fetch the data when user was missing this scope. S...

CVE-2024-32470

Tolgee is an open-source localization platform. When API key created by admin user is used it bypasses the permission check at all. This error was introduced in v3.57.2 and immediately fixed in v3.57.4...

CVE-2024-32470

Tolgee (open-source localization platform) contains a vulnerability in versions 3.57.2 through 3.57.3 where an API key created by a server/admin user can bypass permission checks. The issue enables elevated access without proper authorization, as admin-created API keys bypass the normal authoriza...

CVE-2024-32466 Tolgee's API key scopes not checked when querying translation data

Tolgee is an open-source localization platform. For the /v2/projects/translations and /v2/projects/projectId/translations endpoints, translation data was returned even when API key was missing translation.view scope. However, it was impossible to fetch the data when user was missing this scope. S...

CVE-2024-32466

Tolgee's CVE-2024-32466 affects the Tolgee localization platform. The vulnerability concerns the /v2/projects/translations and /v2/projects/{projectId}/translations endpoints, where translation data could be returned when the API key lacked the translation.view scope, potentially exposing data to...

CVE-2024-32466 Tolgee's API key scopes not checked when querying translation data

Tolgee is an open-source localization platform. For the /v2/projects/translations and /v2/projects/projectId/translations endpoints, translation data was returned even when API key was missing translation.view scope. However, it was impossible to fetch the data when user was missing this scope. S...

CVE-2024-32466 Tolgee's API key scopes not checked when querying translation data

Tolgee is an open-source localization platform. For the /v2/projects/translations and /v2/projects/projectId/translations endpoints, translation data was returned even when API key was missing translation.view scope. However, it was impossible to fetch the data when user was missing this scope. S...

April 2, 2024, update for Access 2016 (KB5002525)

April 2, 2024, update for Access 2016 KB5002525 This article describes update 5002525 for Microsoft Access 2016 that was released on April 2, 2024.Be aware that the update in the Microsoft Download Center applies to the Microsoft Installer .msi-based edition of Office 2016. It doesn't apply to th...

GHSA-39FP-MQMM-GXJ6 CodeIgniter4 DoS Vulnerability

Impact A vulnerability was found in the Language class that allowed DoS attacks. This vulnerability can be exploited by an attacker to consume a large amount of memory on the server. Patches Upgrade to v4.4.7 or later. See upgrading guide. Workarounds - Disabling Auto Routing prevents a known...

CodeIgniter4 DoS Vulnerability

Impact A vulnerability was found in the Language class that allowed DoS attacks. This vulnerability can be exploited by an attacker to consume a large amount of memory on the server. Patches Upgrade to v4.4.7 or later. See upgrading guide. Workarounds - Disabling Auto Routing prevents a known...