1065 matches found
JVN#87751554: Multiple vulnerabilities in pfSense
pfSense software provided by Netgate contains multiple vulnerabilities listed below. Cross-site scripting CWE-79 - CVE-2021-20729 Version| Vector| Score ---|---|--- CVSS v3| CVSS:3.0/AV:N/AC:L/PR:N/UI:R/S:C/C:L/I:L/A:N| Base Score: 6.1 CVSS v2| AV:N/AC:M/Au:N/C:N/I:P/A:N| Base Score: 4.3 Improper...
DLA-2945-1 tryton-server - security update
Bulletin has no description...
WordPress Profile Builder plugin <= 3.6.7 - Stored Cross-Site Scripting (XSS) vulnerability
Stored Cross-Site Scripting XSS vulnerability discovered by Abhinav Porwal in WordPress Profile Builder plugin versions = 3.6.7. Solution Update the WordPress Profile Builder plugin to the latest available version at least 3.6.8...
DLA-2933-1 firefox-esr - security update
Bulletin has no description...
DLA-2935-1 expat - security update
Bulletin has no description...
WordPress Gallery Plugin – Limb Image Gallery plugin <= 1.5.1 - Toggle The Debug Mode via Cross-Site Request Forgery (CSRF) vulnerability
Toggle The Debug Mode via Cross-Site Request Forgery CSRF vulnerability discovered in WordPress Gallery Plugin – Limb Image Gallery plugin versions = 1.5.1. Solution Update the WordPress Gallery Plugin – Limb Image Gallery plugin to the latest available version at least 1.5.2...
WordPress Product Options and Price Calculation Formulas for WooCommerce – Uni CPO plugin < 4.9.14 - Toggle The Debug Mode via Cross-Site Request Forgery (CSRF) vulnerability
Toggle The Debug Mode via Cross-Site Request Forgery CSRF vulnerability discovered in WordPress Product Options and Price Calculation Formulas for WooCommerce – Uni CPO plugin versions 4.9.14. Solution Update the WordPress Product Options and Price Calculation Formulas for WooCommerce – Uni CPO...
WordPress AnyWhere Elementor plugin < 1.2.5 - Toggle The Debug Mode via Cross-Site Request Forgery (CSRF) vulnerability
Toggle The Debug Mode via Cross-Site Request Forgery CSRF vulnerability discovered in WordPress AnyWhere Elementor plugin versions 1.2.5. Solution Update the WordPress AnyWhere Elementor plugin to the latest available version at least 1.2.5...
DSA-5080-1 snapd - security update
Bulletin has no description...
DSA-5071-1 samba - security update
Bulletin has no description...
DLA-2917-1 openjdk-8 - security update
Bulletin has no description...
SUSE-SU-2022:0355-1 Security update for elasticsearch, elasticsearch-kit, kafka, kafka-kit, logstash, openstack-monasca-agent, openstack-monasca-log-metrics, openstack-monasca-log-persister, openstack-monasca-log-transformer, openstack-monasca-persister-java, openstack-monasca-persister-java-kit, openstack-monasca-thresh, openstack-monasca-thresh-kit, spark, spark-kit, venv-openstack-monasca, zookeeper, zookeeper-kit
This update for elasticsearch, elasticsearch-kit, kafka, kafka-kit, logstash, openstack-monasca-agent, openstack-monasca-log-metrics, openstack-monasca-log-persister, openstack-monasca-log-transformer, openstack-monasca-persister-java, openstack-monasca-persister-java-kit, openstack-monasca-thres...
JVN#95898697: Multiple ESET products for macOS vulnerable to improper server certificate verification
Multiple ESET products for macOS are vulnerable to improper server certificate verification CWE-295. Impact A man-in-the-middle attack may allow an attacker to alter the data received by the affected products. Solution Update the software Update the software to the latest version according to the...
GHSA-P435-W4XM-JJ8X Hadoop token in temp file visible to all users in Apache Gobblin
In Apache Gobblin, the Hadoop token is written to a temp file that is visible to all local users on Unix-like systems. This affects versions = 0.15.0. Users should update to version 0.16.0 which addresses this issue...
DLA-2906-1 python-django - security update
Bulletin has no description...
DLA-2905-1 apache-log4j1.2 - security update
Bulletin has no description...
DLA-2898-1 nss - security update
Bulletin has no description...
DSA-5054-1 chromium - security update
Bulletin has no description...
DSA-5052-1 usbview - security update
Bulletin has no description...
DLA-2885-1 qtsvg-opensource-src - security update
Bulletin has no description...