1073 matches found
USN-6768-1: GLib vulnerability
Alicia Boya García discovered that GLib incorrectly handled signal subscriptions. A local attacker could use this issue to spoof D-Bus signals resulting in a variety of impacts including possible privilege escalation...
CVE-2024-29320
Wallos before 1.15.3 is vulnerable to SQL Injection via the category and payment parameters to /subscriptions/get.php...
CVE-2024-29320
Wallos before 1.15.3 is vulnerable to SQL Injection via the category and payment parameters to /subscriptions/get.php...
PT-2024-22861 · Wallos · Wallos
Name of the Vulnerable Software and Affected Versions: Wallos versions prior to 1.15.3 Description: The issue is related to SQL Injection via the category and payment parameters to the "/subscriptions/get.php" API endpoint. This allows for potential exploitation. Recommendations: For versions pri...
Wallos SQL注入漏洞
Wallos is an open source personal subscription tracker by the individual developer Miguel Ribeiro. A SQL injection vulnerability exists in Wallos versions prior to 1.15.3, which originates from an easy SQL injection via the category and payment parameters of /subscriptions/get.php...
CVE-2024-29320
Wallos is affected by a SQL injection in versions prior to 1.15.3. The vulnerability stems from unsanitized input in the category and payment parameters to /subscriptions/get.php, enabling potentially unauthorized data access. Affected product: Wallos (open source personal subscription tracker); ...
BIT-GITLAB-2024-4006 Incorrect Authorization in GitLab
An issue has been discovered in GitLab CE/EE affecting all versions starting from 16.7 before 16.9.6, all versions starting from 16.10 before 16.10.4, all versions starting from 16.11 before 16.11.1 where personal access scopes were not honored by GraphQL subscriptions...
CVE-2024-4006
An issue has been discovered in GitLab CE/EE affecting all versions starting from 16.7 before 16.9.6, all versions starting from 16.10 before 16.10.4, all versions starting from 16.11 before 16.11.1 where personal access scopes were not honored by GraphQL subscriptions...
CVE-2024-4006
An issue has been discovered in GitLab CE/EE affecting all versions starting from 16.7 before 16.9.6, all versions starting from 16.10 before 16.10.4, all versions starting from 16.11 before 16.11.1 where personal access scopes were not honored by GraphQL subscriptions...
CVE-2024-4006
An issue has been discovered in GitLab CE/EE affecting all versions starting from 16.7 before 16.9.6, all versions starting from 16.10 before 16.10.4, all versions starting from 16.11 before 16.11.1 where personal access scopes were not honored by GraphQL subscriptions...
UBUNTU-CVE-2024-4006
An issue has been discovered in GitLab CE/EE affecting all versions starting from 16.7 before 16.9.6, all versions starting from 16.10 before 16.10.4, all versions starting from 16.11 before 16.11.1 where personal access scopes were not honored by GraphQL subscriptions...
CVE-2024-4006
CVE-2024-4006 affects GitLab CE/EE: personal access scopes were not honored by GraphQL subscriptions, exposing authorization checks to GraphQL-based access. Affected versions are 16.7 up to 16.9.6 (pre-16.9.6), 16.10 up to 16.10.4 (pre-16.10.4), and 16.11 up to 16.11.1 (pre-16.11.1). The issue ha...
CVE-2024-4006 Incorrect Authorization in GitLab
An issue has been discovered in GitLab CE/EE affecting all versions starting from 16.7 before 16.9.6, all versions starting from 16.10 before 16.10.4, all versions starting from 16.11 before 16.11.1 where personal access scopes were not honored by GraphQL subscriptions...
CVE-2024-4006 Incorrect Authorization in GitLab
An issue has been discovered in GitLab CE/EE affecting all versions starting from 16.7 before 16.9.6, all versions starting from 16.10 before 16.10.4, all versions starting from 16.11 before 16.11.1 where personal access scopes were not honored by GraphQL subscriptions...
The vulnerability of the AlertUtil::validateExpression (/api/v1/events/subscriptions) method of the OpenMetadata metadata management platform allows a perpetrator to execute arbitrary code.
The vulnerability of the AlertUtil::validateExpression /api/v1/events/subscriptions method of the OpenMetadata platform is related to improper handling of code generation. Exploiting this vulnerability could allow an attacker to execute arbitrary code...
GHSA-8P5R-6MVV-2435 OpenMetadata vulnerable to a SpEL Injection in `PUT /api/v1/events/subscriptions` (`GHSL-2023-251`)
SpEL Injection in PUT /api/v1/events/subscriptions GHSL-2023-251 Please note, only authenticated users have access to PUT / POST APIS for /api/v1/policies. Non authenticated users will not be able to access these APIs to exploit the vulnerability. A user must exist in OpenMetadata and have...
OpenMetadata vulnerable to a SpEL Injection in `PUT /api/v1/events/subscriptions` (`GHSL-2023-251`)
SpEL Injection in PUT /api/v1/events/subscriptions GHSL-2023-251 Please note, only authenticated users have access to PUT / POST APIS for /api/v1/policies. Non authenticated users will not be able to access these APIs to exploit the vulnerability. A user must exist in OpenMetadata and have...
CVE-2024-32728
Cross-Site Request Forgery CSRF vulnerability in Cozmoslabs Paid Member Subscriptions.This issue affects Paid Member Subscriptions: from n/a through 2.11.0...
CVE-2024-32728 WordPress Paid Membership Subscriptions plugin <= 2.11.0 - Cross Site Request Forgery (CSRF) vulnerability
Cross-Site Request Forgery CSRF vulnerability in Cozmoslabs Paid Member Subscriptions.This issue affects Paid Member Subscriptions: from n/a through 2.11.0...
CVE-2024-32728 WordPress Paid Membership Subscriptions plugin <= 2.11.0 - Cross Site Request Forgery (CSRF) vulnerability
Cross-Site Request Forgery CSRF vulnerability in Cozmoslabs Paid Member Subscriptions.This issue affects Paid Member Subscriptions: from n/a through 2.11.0...