CVE-2021-29483

ManageWiki is an extension to the MediaWiki project. The ‘wikiconfig’ API leaked the value of private configuration variables set through the ManageWiki variable to all users. This has been patched by https://github.com/miraheze/ManageWiki/compare/99f3b2c8af18…befb83c66f5b.patch. If you are unabl...

CVE-2021-31550

An issue was discovered in the CommentBox extension for MediaWiki through 1.35.2. Via crafted configuration variables, a malicious actor could introduce XSS payloads into various layers...

CVE-2021-31550

An issue was discovered in the CommentBox extension for MediaWiki through 1.35.2. Via crafted configuration variables, a malicious actor could introduce XSS payloads into various layers...

PT-2021-19421 · Mediawiki +1 · Commentbox Extension +2

Name of the Vulnerable Software and Affected Versions: MediaWiki versions through 1.35.2 CommentBox extension for MediaWiki versions through 1.35.2 Description: An issue was discovered that allows a malicious actor to introduce XSS payloads into various layers via crafted configuration variables...

MediaWiki 跨站脚本漏洞

MediaWiki is a suite of free and freely available web-based Wiki engines from the MediaWiki Foundation. It can be used to deploy in-house knowledge management and content management systems. A cross-site scripting vulnerability exists in MediaWiki version 1.35.2 and prior versions, which stems fr...

mariadb: writable system variables allows a database user with SUPER privilege to execute arbitrary code as the system mysql user

A vulnerability was found in mariadb and in the mysql wsrep patch that allows remote code execution. A user with SUPER privileges could execute arbitrary shell commands in the context of the mariadb server process...

RLSA-2021:1242 Important: mariadb:10.3 and mariadb-devel:10.3 security update

MariaDB is a multi-user, multi-threaded SQL database server that is binary compatible with MySQL. The following packages have been upgraded to a later upstream version: mariadb 10.3.28, galera 25.3.32. Security Fixes: mariadb: writable system variables allows a database user with SUPER privilege ...

SUSE: Security Advisory (SUSE-SU-2017:2264-1)

The remote host is missing an update for the SPDX-FileCopyrightText: 2021 Greenbone AG Some text descriptions might be excerpted from a referenced sources, and are Copyright C by the respective right holders. SPDX-License-Identifier: GPL-2.0-only ifdescription...

SUSE: Security Advisory (SUSE-SU-2014:1259-1)

The remote host is missing an update for the SPDX-FileCopyrightText: 2021 Greenbone AG Some text descriptions might be excerpted from a referenced sources, and are Copyright C by the respective right holders. SPDX-License-Identifier: GPL-2.0-only ifdescription...

Codecov Discloses Supply Chain Compromise

The following blog was co-authored by Curt Barnard and Caitlin Condon. On April 15, 2021, code coverage and testing company Codecov announced a supply chain compromise in which a malicious party gained access to their Bash Uploader script and modified it without authorization, enabling the...

openSUSE: Security Advisory for flatpak, (openSUSE-SU-2021:0520-1)

The remote host is missing an update for the Copyright C 2021 Greenbone Networks GmbH Some text descriptions might be excerpted from a referenced sources, and are Copyright C by the respective right holders. SPDX-License-Identifier: GPL-2.0-or-later This program is free software; you can...

CVE-2021-24226

In the AccessAlly WordPress plugin before 3.5.7, the file "resource/frontend/product/product-shortcode.php" responsible for the accessallyorderform shortcode is dumping serialize$SERVER, which contains all environment variables. The leakage occurs on all public facing pages containing the...

Design/Logic Flaw

In the AccessAlly WordPress plugin before 3.5.7, the file "resource/frontend/product/product-shortcode.php" responsible for the accessallyorderform shortcode is dumping serialize$SERVER, which contains all environment variables. The leakage occurs on all public facing pages containing the...

CVE-2021-24226 AccessAlly < 3.5.7 - $_SERVER Superglobal Leakage

In the AccessAlly WordPress plugin before 3.5.7, the file "resource/frontend/product/product-shortcode.php" responsible for the accessallyorderform shortcode is dumping serialize$SERVER, which contains all environment variables. The leakage occurs on all public facing pages containing the...

WordPress 插件信息泄露漏洞

WordPress is a set of blogging platforms developed using the PHP language by the WordPress Wordpress Foundation. The platform supports setting up personal blog sites on servers with PHP and MySQL. An information disclosure vulnerability exists in the AccessAlly WordPress plugin prior to version...

openSUSE Security Update : flatpak / libostree / xdg-desktop-portal / etc (openSUSE-2021-520)

This update for flatpak, libostree, xdg-desktop-portal, xdg-desktop-portal-gtk fixes the following issues : libostree : Update to version 2020.8 - Enable LTO. bsc1133120 - This update contains scalability improvements and bugfixes. - Caching-related HTTP headers are now supported on summaries and...

OPENSUSE-SU-2021:0520-1 Security update for flatpak, libostree, xdg-desktop-portal, xdg-desktop-portal-gtk

This update for flatpak, libostree, xdg-desktop-portal, xdg-desktop-portal-gtk fixes the following issues: libostree: Update to version 2020.8 - Enable LTO. bsc1133120 - This update contains scalability improvements and bugfixes. - Caching-related HTTP headers are now supported on summaries and...

SUSE SLED15 / SLES15 Security Update : flatpak, libostree, xdg-desktop-portal, xdg-desktop-portal-gtk (SUSE-SU-2021:1094-1)

This update for flatpak, libostree, xdg-desktop-portal, xdg-desktop-portal-gtk fixes the following issues : libostree : Update to version 2020.8 Enable LTO. bsc1133120 This update contains scalability improvements and bugfixes. Caching-related HTTP headers are now supported on summaries and...

Format string

An issue was discovered in the Linux kernel before 5.11.11. The BPF subsystem does not properly consider that resolvedids and resolvedsizes are intentionally uninitialized in the vmlinux BPF Type Format BTF, which can cause a system crash upon an unexpected access attempt in mapcreate in...

Important: Red Hat Security Advisory: mariadb security update

An update for mariadb is now available for Red Hat OpenStack Platform 13 Queens. Red Hat Product Security has rated this update as having a security impact of Important. A Common Vulnerability Scoring System CVSS base score, which gives a detailed severity rating, is available for each...