WooCommerce Order Status Change Notifier <= 1.1.0 - Subscriber+ Arbitrary Order Status Update

The plugin does not have authorisation and CSRF when updating status orders via an AJAX action available to any authenticated users, which could allow low privilege users such as subscriber to update arbitrary order status, making them paid without actually paying for them for example Run the bel...

CVE-2022-4744

A double-free flaw was found in the Linux kernel’s TUN/TAP device driver functionality in how a user registers the device when the registernetdevice function fails NETDEVREGISTER notifier. This flaw allows a local user to crash or potentially escalate their privileges on the system...

kernel: tun: avoid double free in tun_free_netdev

A double-free flaw was found in the Linux kernel’s TUN/TAP device driver functionality in how a user registers the device when the registernetdevice function fails NETDEVREGISTER notifier. This flaw allows a local user to crash or potentially escalate their privileges on the system...

kernel: tun: avoid double free in tun_free_netdev

A double-free flaw was found in the Linux kernel’s TUN/TAP device driver functionality in how a user registers the device when the registernetdevice function fails NETDEVREGISTER notifier. This flaw allows a local user to crash or potentially escalate their privileges on the system...

SUSE CVE-2015-1304

object-observe.js in Google V8, as used in Google Chrome before 45.0.2454.101, does not properly restrict method calls on access-checked objects, which allows remote attackers to bypass the Same Origin Policy via a 1 observe or 2 getNotifier call...

SUSE CVE-2018-6791

An issue was discovered in soliduiserver/deviceserviceaction.cpp in KDE Plasma Workspace before 5.12.0. When a vfat thumbdrive that contains or $ in its volume label is plugged in and mounted through the device notifier, it's interpreted as a shell command, leading to a possibility of arbitrary...

SUSE CVE-2018-18559

In the Linux kernel through 4.19, a use-after-free can occur due to a race condition between fanoutadd from setsockopt and bind on an AFPACKET socket. This issue exists because of the 15fe076edea787807a7cdc168df832544b58eba6 incomplete fix for a race condition. The code mishandles a certain...

SUSE CVE-2021-34401

NVIDIA Linux kernel distributions contain a vulnerability in nvmap NVGPUIOCTLCHANNELSETERRORNOTIFIER, where improper access control may lead to code execution, compromised integrity, or denial of service...

SUSE CVE-2022-23950

In Keylime before 6.3.0, Revocation Notifier uses a fixed /tmp path for UNIX domain socket which can allow unprivileged users a method to prohibit keylime operations...

MAL-2023-121 Malicious code in ban-notifier (npm)

--- -= Per source details. Do not edit below this line.=- Source: ghsa-malware aecea46554ceaa591315411d0d3e279f9dab01878d3136b5f7a3e6e44974bb94 Any computer that has this package installed or running should be considered fully compromised. All secrets and keys stored on that computer should be...

Malicious code in ban-notifier (npm)

--- -= Per source details. Do not edit below this line.=- Source: ghsa-malware aecea46554ceaa591315411d0d3e279f9dab01878d3136b5f7a3e6e44974bb94 Any computer that has this package installed or running should be considered fully compromised. All secrets and keys stored on that computer should be...

GHSA-HCVF-PFRM-JXGF Cisco Spark Notifier Jenkins Plugin contains Missing Authorization

A missing permission check in Jenkins Cisco Spark Notifier Plugin 1.1.1 and earlier allows attackers with Overall/Read permission to enumerate credentials IDs of credentials stored in Jenkins...

CVE-2023-24451

A missing permission check in Jenkins Cisco Spark Notifier Plugin 1.1.1 and earlier allows attackers with Overall/Read permission to enumerate credentials IDs of credentials stored in Jenkins...

CVE-2023-24451

A missing permission check in Jenkins Cisco Spark Notifier Plugin 1.1.1 and earlier allows attackers with Overall/Read permission to enumerate credentials IDs of credentials stored in Jenkins...

Information disclosure

A missing permission check in Jenkins Cisco Spark Notifier Plugin 1.1.1 and earlier allows attackers with Overall/Read permission to enumerate credentials IDs of credentials stored in Jenkins...

Jenkins Plugin Cisco Spark Notifier 安全漏洞

Jenkins and Jenkins Plugin are both Jenkins open source products.Jenkins is a software application . An open source automation server Jenkins provides hundreds of plugins to support building, deploying, and automating any project.Jenkins Plugin is a software application. Jenkins Plugin A security...

CVE-2023-24451

A missing permission check in Jenkins Cisco Spark Notifier Plugin 1.1.1 and earlier allows attackers with Overall/Read permission to enumerate credentials IDs of credentials stored in Jenkins...

CVE-2023-24451

CVE-2023-24451 affects the Jenkins Cisco Spark Notifier Plugin, version 1.1.1 and earlier. The root cause is a missing permission check across several HTTP endpoints, enabling attackers with Overall/Read permission to enumerate credentials IDs stored in Jenkins. This can facilitate credential har...

PT-2023-2989 · Cisco +1 · Cisco Spark +1

Name of the Vulnerable Software and Affected Versions: Jenkins Cisco Spark Notifier Plugin versions 1.1.1 and earlier Description: The issue is related to a missing permission check in the Jenkins Cisco Spark Notifier Plugin, which allows attackers with Overall/Read permission to enumerate...

PT-2023-33714 · Linux · Linux Kernel

Name of the Vulnerable Software and Affected Versions: Linux Kernel versions prior to v6.0.16 Description: The issue is related to a potential security vulnerability in the Linux Kernel, specifically in the iommu/amd component. It concerns a pci device refcount leak in the ppr notifier function...