CVE-2024-0656 Password Protected <= 2.6.6 - Authenticated (Admin+) Stored Cross-Site Scripting

The Password Protected – Ultimate Plugin to Password Protect Your WordPress Content with Ease plugin for WordPress is vulnerable to Stored Cross-Site Scripting via the Google Captcha Site Key in all versions up to, and including, 2.6.6 due to insufficient input sanitization and output escaping...

GHSA-43H9-P3J4-39HM Liferay Portal defaults to a low work factor for the default password hashing algorithm

The default password hashing algorithm PBKDF2-HMAC-SHA1 in Liferay Portal 7.2.0 through 7.4.3.15, and older unsupported versions, and Liferay DXP 7.4 before update 16, 7.3 before update 4, 7.2 before fix pack 17, and older unsupported versions defaults to a low work factor, which allows attackers...

WordPress Passster – Password Protection Plugin <= 4.2.6.2 is vulnerable to Broken Access Control

Software Passster – Password Protection Type Plugin Vulnerable versions = 4.2.6.2 Fixed in 4.2.6.3 OWASP Top 10 A5: Broken Access Control Classification Broken Access Control CVE CVE-2024-0616 Patch priority Low CVSS severity Low 5.3 Developer Patrick Posner PSID d02bdb5fa3cb Credits Francesco...

@lobehub/chat vulnerable to unauthorized access to plugins

Description: When the application is password-protected deployed with the ACCESSCODE option, it is possible to access plugins without proper authorization without password. Proof-of-Concept: Let’s suppose that application has been deployed with following command: sudo docker run -d -p 3210:3210 -...

CVE-2024-24566

CVE-2024-24566 affects Lobe Chat: improper access control lets users access plugins without password when ACCESS_CODE is used. Documented PoC shows exploitation via /api/plugin/gateway; impact is unauthorized plugin access. The issue is patched in version 0.122.4; remediation is to upgrade to 0.1...

Moderate: Red Hat Security Advisory: grub2 security update

An update for grub2 is now available for Red Hat Enterprise Linux 9.0 Extended Update Support. Red Hat Product Security has rated this update as having a security impact of Moderate. A Common Vulnerability Scoring System CVSS base score, which gives a detailed severity rating, is available for ea...

Moderate: Red Hat Security Advisory: grub2 security update

An update for grub2 is now available for Red Hat Enterprise Linux 9. Red Hat Product Security has rated this update as having a security impact of Moderate. A Common Vulnerability Scoring System CVSS base score, which gives a detailed severity rating, is available for each vulnerability from the...

Moderate: Red Hat Security Advisory: grub2 security update

An update for grub2 is now available for Red Hat Enterprise Linux 9.2 Extended Update Support. Red Hat Product Security has rated this update as having a security impact of Moderate. A Common Vulnerability Scoring System CVSS base score, which gives a detailed severity rating, is available for ea...

ALSA-2024:0468 Moderate: grub2 security update

The grub2 packages provide version 2 of the Grand Unified Boot Loader GRUB, a highly configurable and customizable boot loader with modular architecture. The packages support a variety of kernel formats, file systems, computer architectures, and hardware devices. Security Fixes: grub2: bypass the...

RHEL 9 : grub2 (RHSA-2024:0456)

The remote Redhat Enterprise Linux 9 host has packages installed that are affected by a vulnerability as referenced in the RHSA-2024:0456 advisory. The grub2 packages provide version 2 of the Grand Unified Boot Loader GRUB, a highly configurable and customizable boot loader with modular...

Moderate: grub2 security update

The grub2 packages provide version 2 of the Grand Unified Boot Loader GRUB, a highly configurable and customizable boot loader with modular architecture. The packages support a variety of kernel formats, file systems, computer architectures, and hardware devices. Security Fixes: grub2: bypass the...

CVE-2023-6447

The EventPrime WordPress plugin before 3.3.6 is vulnerable due to lack of authentication and authorization, allowing unauthenticated users to access private and password-protected events by guessing the numeric ID or event name. Affected versions: prior to 3.3.6. Impact: exposure of private event...

OPENSUSE-SU-2024:0021-1 Security update for perl-Spreadsheet-ParseXLSX

This update for perl-Spreadsheet-ParseXLSX fixes the following issues: Updated to 0.29: see /usr/share/doc/packages/perl-Spreadsheet-ParseXLSX/Changes 0.29: - Fix for 'Argument '' isn't numeric in addition + at /usr/local/shar… - Incorrect cell values due to phonetic data doy72 - Fix die message ...

CVE-2023-4001

An authentication bypass flaw was found in GRUB due to the way that GRUB uses the UUID of a device to search for the configuration file that contains the password hash for the GRUB password protection feature. An attacker capable of attaching an external drive such as a USB stick containing a fil...

CVE-2023-4001

An authentication bypass flaw was found in GRUB due to the way that GRUB uses the UUID of a device to search for the configuration file that contains the password hash for the GRUB password protection feature. An attacker capable of attaching an external drive such as a USB stick containing a fil...

CVE-2023-4001

An authentication bypass flaw was found in GRUB due to the way that GRUB uses the UUID of a device to search for the configuration file that contains the password hash for the GRUB password protection feature. An attacker capable of attaching an external drive such as a USB stick containing a fil...

CVE-2023-4001

An authentication bypass flaw was found in GRUB due to the way that GRUB uses the UUID of a device to search for the configuration file that contains the password hash for the GRUB password protection feature. An attacker capable of attaching an external drive such as a USB stick containing a fil...

PT-2024-1073 · Grub2 +4 · Grub2 +4

Name of the Vulnerable Software and Affected Versions: GRUB2 versions affected versions not specified Description: An authentication bypass flaw was found in GRUB due to the way that GRUB uses the UUID of a device to search for the configuration file that contains the password hash for the GRUB...

CVE-2023-28786

URL Redirection to Untrusted Site 'Open Redirect' vulnerability in SolidWP Solid Security – Password, Two Factor Authentication, and Brute Force Protection.This issue affects Solid Security – Password, Two Factor Authentication, and Brute Force Protection: from n/a through 8.1.4...

PT-2023-21961 · Unknown · Solid Security

Name of the Vulnerable Software and Affected Versions: Solid Security – Password, Two Factor Authentication, and Brute Force Protection versions n/a through 8.1.4 Description: The issue is related to a URL Redirection to Untrusted Site, also known as an 'Open Redirect' vulnerability. This...