XML Injection

Overview magento/community-edition is a modern cloud eCommerce platform. Affected versions of this package are vulnerable to XML Injection via the processing of specially crafted XML content. An attacker can read arbitrary files on the system by injecting malicious XML entities. Remediation Upgra...

Incorrect Authorization

Overview magento/community-edition is a modern cloud eCommerce platform. Affected versions of this package are vulnerable to Incorrect Authorization due to improper security checks during the authorization process. A low-privileged authenticated attacker can achieve minor information disclosure b...

PT-2023-21018 · Jizhicms · Jizhicms

Name of the Vulnerable Software and Affected Versions: Jizhicms version 2.4.5 Description: A Cross-Site Request Forgery CSRF issue in the /Sys/index.html endpoint of the application allows attackers to make arbitrary configuration changes within the application. This can be exploited by attackers...

Adobe Commerce 访问控制错误漏洞

Adobe Commerce is a leading global digital commerce solution for merchants and brands from Adobe. An access control error vulnerability exists in Adobe Commerce version 2.4.4-p2 and earlier, 2.4.5-p1 and earlier, which stems from improper access control...

WordPress plugin Participants Database 跨站请求伪造漏洞

WordPress and WordPress plugin are both products of the WordPress Foundation.WordPress is a blogging platform developed using the PHP language. The platform supports personal blog sites on PHP and MySQL servers.WordPress plugin is an application plugin. A security vulnerability exists in WordPres...

SUSE CVE-2018-9264

In Wireshark 2.4.0 to 2.4.5 and 2.2.0 to 2.2.13, the ADB dissector could crash with a heap-based buffer overflow. This was addressed in epan/dissectors/packet-adb.c by checking for a length inconsistency...

CVE-2022-35698 Adobe Commerce Stored XSS Arbitrary code execution

Adobe Commerce versions 2.4.4-p1 and earlier and 2.4.5 and earlier are affected by a Stored Cross-site Scripting vulnerability. Exploitation of this issue does not require user interaction and could result in a post-authentication arbitrary code execution...

PYSEC-2022-281

Cross-Site Request Forgery CSRF in GitHub repository ikus060/rdiffweb prior to 2.4.5...

Cross site scripting

Argo CD is a declarative, GitOps continuous delivery tool for Kubernetes. Argo CD starting with 2.3.0 and prior to 2.3.6 and 2.4.5 is vulnerable to a cross-site scripting XSS bug which could allow an attacker to inject arbitrary JavaScript in the /auth/callback page in a victim's browser. This...

WordPress Maintenance Mode Plugin < 2.4.5 CSRF Vulnerability

The WordPress plugin Copyright C 2022 Greenbone Networks GmbH Some text descriptions might be excerpted from a referenced sources, and are Copyright C by the respective right holders. SPDX-License-Identifier: GPL-2.0-or-later This program is free software; you can redistribute it and/or modify it...

Design/Logic Flaw

Hyperledger Fabric is a permissioned distributed ledger framework. In affected versions if a consensus client sends a malformed consensus request to an orderer it may crash the orderer node. A fix has been added in commit 0f1835949 which checks for missing consensus messages and returns an error ...

In Expat (aka libexpat) before 2.4.5 there is an integer overflow in storeRawNames.

...

ALPINE-CVE-2022-25314

In Expat aka libexpat before 2.4.5, there is an integer overflow in copyString...

Expat 输入验证错误漏洞

Expat is a fast streaming XML parser written in C. An integer overflow vulnerability exists prior to Expat 2.4.5, which stems from the presence of an integer overflow in storeRawNames. No detailed vulnerability details are currently available...

PT-2022-1764

Name of the Vulnerable Software and Affected Versions Expat versions prior to 2.4.5 Description The issue is related to the incorrect handling of encoding validation in the xmltok impl.c component of the Expat library, specifically lacking checks for whether a UTF-8 character is valid in a certai...

pfSense < 2.4.5 Multiple Vulnerabilities

According to its self-reported version number, the remote pfSense install is to 2.4.5. It is, therefore, affected by multiple vulnerabilities, including the following: - In pfSense 2.4.4-p2 and 2.4.4-p3, if it is possible to trick an authenticated administrator into clicking on a button on a...

pfSense 2.4.x < 2.4.5-p1 Multiple Vulnerabilities

According to its self-reported version number, the remote pfSense install is a version 2.4.x prior to 2.4.5-p1. It is, therefore, affected by the following vulnerabilities in its subcomponents: - Unbound before 1.10.1 has Insufficient Control of Network Message Volume, aka an 'NXNSAttack' issue...

CVE-2020-6157

CVE-2020-6157 affects Opera Touch for iOS prior to 2.4.5, where an address bar spoofing vulnerability could cause a malicious page to display a different URL, enabling impersonation and potentially prompting users to disclose sensitive data. The available sources specify the affected product/vers...

Address bar spoofing in Opera Touch for iOS – Opera Security Advisories

Opera Touch for iOS before version 2.4.5 is vulnerable to an address bar spoofing attack. The vulnerability allows a malicious page to trick the browser into showing an address of a different page. This may allow the malicious page to impersonate another page and trick a user into providing...

CVE-2020-10797

An XSS vulnerability resides in the hostname field of the diagping.php page in pfsense before 2.4.5 version. After passing inputs to the command and executing this command, the $result variable is not sanitized before it is printed...