389-ds-base security update

2.4.5-8 - Bump version to 2.4.5-8 - Fix License tag 2.4.5-7 - Bump version to 2.4.5-7 - Resolves: RHEL-34819 - redhat-ds:11/389-ds-base: Malformed userPassword may cause crash at domodify in slapd/modify.c - Resolves: RHEL-34825 - redhat-ds:11/389-ds-base: potential denial of service via speciall...

PT-2024-4177 · Adobe · Commerce

Name of the Vulnerable Software and Affected Versions: Adobe Commerce versions 2.4.7, 2.4.6-p5, 2.4.5-p7, 2.4.4-p8 and earlier Description: The issue is related to an Unrestricted Upload of File with Dangerous Type, which could result in arbitrary code execution. A high-privilege attacker could...

exempi security update

2.4.5-4 - Fix CVE-2020-18652 - Resolves: RHEL-5416 2.4.5-3 - Fix CVE-2020-18651 - Resolves: RHEL-5415...

CVE-2024-31105

CVE-2024-31105 is a Cross-Site Request Forgery (CSRF) vulnerability in the WordPress plugin Tax Rate Upload that enables Reflected XSS. The entry lists affected software as Tax Rate Upload (n/a) up to version 2.4.5. Reported metrics (CVSS v3.1 base score 7.1, HIGH) indicate network attack vector,...

HT Mega – Absolute Addons For Elementor < 2.4.5 - Contributor+ Stored Cross-Site Scripting via Post Carousel Widget

Description The plugin is vulnerable to Stored Cross-Site Scripting via the ‘bordertype’ attribute of the Post Carousel widget in all versions up to, and including, 2.4.4 due to insufficient input sanitization and output escaping. This makes it possible for authenticated attackers, with...

PT-2024-1794

Name of the Vulnerable Software and Affected Versions Adobe Commerce versions 2.4.6-p3, 2.4.5-p5, 2.4.4-p6 and earlier Description The issue is related to an improper neutralization of special elements used in an OS command, which could lead to arbitrary code execution by an attacker. This...

Adobe Commerce 资源管理错误漏洞

Adobe Commerce is the United States of America Odobie Adobe company's a business and brand-oriented global leader in digital commerce solutions. A resource management error vulnerability exists in Adobe Commerce version 2.4.6-p3 and prior to versions 2.4.5-p5 and 2.4.4-p6, which stems from the...

PT-2023-9137 · Adobe · Commerce

Name of the Vulnerable Software and Affected Versions: Adobe Commerce versions 2.4.6-p4, 2.4.5-p6, 2.4.4-p7, 2.4.7-beta3 and earlier Description: The issue is related to a stored Cross-Site Scripting XSS vulnerability that could be abused by a high-privileged attacker to inject malicious scripts...

SQL Injection

Overview magento/community-edition is a modern cloud eCommerce platform. Affected versions of this package are vulnerable to SQL Injection due to improper neutralization of special elements used in an SQL command. An attacker can execute arbitrary code by injecting SQL commands without user...

Sql injection

Adobe Commerce versions 2.4.7-beta1 and earlier, 2.4.6-p2 and earlier, 2.4.5-p4 and earlier and 2.4.4-p5 and earlier are affected by an Improper Neutralization of Special Elements used in an SQL Command 'SQL Injection' vulnerability that could lead in arbitrary code execution by an admin-privileg...

Adobe Commerce Security Breach

Adobe Commerce is a leading global digital commerce solution for merchants and brands from Adobe. A security vulnerability exists in Adobe Commerce that stems from the presence of an improper access control vulnerability. A low-privileged attacker could exploit the vulnerability to access other...

PT-2023-25939 · Radiustheme · Radiustheme Classified Listing Plugin

Name of the Vulnerable Software and Affected Versions: RadiusTheme Classified Listing plugin versions 2.4.5 and earlier Description: The issue is related to a Cross-Site Request Forgery CSRF vulnerability. This type of vulnerability allows an attacker to trick a user into performing unintended...

WordPress Classified Listing Plugin <= 2.4.5 is vulnerable to Cross Site Request Forgery (CSRF)

Software Classified Listing Type Plugin Vulnerable versions = 2.4.5 Fixed in 2.4.6 OWASP Top 10 A5: Broken Access Control Classification Cross Site Request Forgery CSRF CVE CVE-2023-37387 Patch priority Low CVSS severity Low 5.4 Developer Claim ownership PSID 58373c58e878 Credits István Márton...

SUSE CVE-2023-34241

OpenPrinting CUPS is a standards-based, open source printing system for Linux and other Unix-like operating systems. Starting in version 2.0.0 and prior to version 2.4.6, CUPS logs data of free memory to the logging service AFTER the connection has been closed, when it should have logged the data...

Incorrect Authorization

Overview magento/community-edition is a modern cloud eCommerce platform. Affected versions of this package are vulnerable to Incorrect Authorization due to improper handling of authorization logic. An attacker can bypass security measures and access sensitive user data without requiring user...

XML Injection

Overview magento/community-edition is a modern cloud eCommerce platform. Affected versions of this package are vulnerable to XML Injection through the XML processing mechanism. An attacker can bypass security features by sending a specially crafted XML script. Remediation Upgrade...

Adobe Commerce 输入验证错误漏洞

Adobe Commerce is a leading global digital commerce solution for merchants and brands from Adobe. An input validation error vulnerability exists in Adobe Commerce that stems from the presence of incorrect input validation, resulting in security features being bypassed. Affected products and...

JIZHICMS 代码问题漏洞

Extreme Networks Technology JIZHICMS Extreme CMS is an open source content management system CMS from China's Extreme Networks Technology Company. A code issue vulnerability exists in JIZHICMS version 2.4.5, which stems from a problem with the file TemplateController.php, where manipulation of th...

PT-2023-22228 · Jizhicms · Jizhicms

Name of the Vulnerable Software and Affected Versions: JIZHICMS version 2.4.5 Description: A critical issue has been found, affecting the index function of the TemplateController.php file. The manipulation of the webapi argument leads to server-side request forgery, allowing for remote attacks...

DEBIAN-CVE-2023-29197

guzzlehttp/psr7 is a PSR-7 HTTP message library implementation in PHP. Affected versions are subject to improper header parsing. An attacker could sneak in a newline \n into both the header names and values. While the specification states that \r\n\r\n is used to terminate the header list, many...