Discourse 安全漏洞

Discourse is an open source community discussion platform. The platform includes features such as community, email and chat rooms. A security vulnerability exists in Discourse stable 2.8.6 and earlier, Discourse beta 2.9.0.beta7 and earlier, and Discourse tests-passed 2.9.0.beta7 and earlier, whi...

Malicious code in sncicd-plugin-activate (npm)

--- -= Per source details. Do not edit below this line.=- Source: ghsa-malware 322d048a49c478b4ae2b2d141d66adb4073c2b18cba9a5f42a6d70ddca6d234e Any computer that has this package installed or running should be considered fully compromised. All secrets and keys stored on that computer should be...

MAL-2022-6191 Malicious code in sncicd-plugin-activate (npm)

--- -= Per source details. Do not edit below this line.=- Source: ghsa-malware 322d048a49c478b4ae2b2d141d66adb4073c2b18cba9a5f42a6d70ddca6d234e Any computer that has this package installed or running should be considered fully compromised. All secrets and keys stored on that computer should be...

CVE-2022-30723

Broadcasting Intent including the BluetoothDevice object without proper restriction of receivers in activateVoiceRecognitionWithDevice function of Bluetooth prior to SMR Jun-2022 Release 1 leaks MAC address of the connected Bluetooth device...

CVE-2022-30723

Broadcasting Intent including the BluetoothDevice object without proper restriction of receivers in activateVoiceRecognitionWithDevice function of Bluetooth prior to SMR Jun-2022 Release 1 leaks MAC address of the connected Bluetooth device...

CVE-2021-42969

Certain Anaconda3 2021.05 are affected by OS command injection. When a user installs Anaconda, an attacker can create a new file and write something in usercustomize.py. When the user opens the terminal or activates Anaconda, the command will be executed...

GSD-2022-1002431 mxser: fix xmit_buf leak in activate when LSR == 0xff

mxser: fix xmitbuf leak in activate when LSR == 0xff This is an automated ID intended to aid in discovery of potential security vulnerabilities. The actual impact and attack plausibility have not yet been proven. This ID is fixed in Linux Kernel version v4.14.276 by commit...

GSD-2022-1002348 mxser: fix xmit_buf leak in activate when LSR == 0xff

mxser: fix xmitbuf leak in activate when LSR == 0xff This is an automated ID intended to aid in discovery of potential security vulnerabilities. The actual impact and attack plausibility have not yet been proven. This ID is fixed in Linux Kernel version v4.19.238 by commit...

GSD-2022-1001822 mxser: fix xmit_buf leak in activate when LSR == 0xff

mxser: fix xmitbuf leak in activate when LSR == 0xff This is an automated ID intended to aid in discovery of potential security vulnerabilities. The actual impact and attack plausibility have not yet been proven. This ID is fixed in Linux Kernel version v5.15.33 by commit...

PT-2022-12349 · Reprise · Reprise License Manager

Name of the Vulnerable Software and Affected Versions: Reprise License Manager version 14.2 Description: The issue is a reflected cross-site scripting vulnerability in the "/goform/activate process" API endpoint, specifically in the count parameter, which can be exploited via GET requests. No...

LimeSurvey 5.2.4 - Remote Code Execution Exploit

Exploit Title: LimeSurvey 5.2.4 - Remote Code Execution RCE Authenticated Google Dork: inurl:limesurvey/index.php/admin/authentication/sa/login Exploit Author: Y1LD1R1M Vendor Homepage: https://www.limesurvey.org/ Software Link:...

resource-agents security update

4.1.1-98 - storage-mon: new resource agent Resolves: rhbz1509319 4.1.1-97 - podman: fix possible race during container creation Resolves: rhbz1972743 4.1.1-96 - LVM-activate: fix drop-in check to avoid re-creating drop-in Resolves: rhbz1972035 4.1.1-95 - lvmlockd: remove cmirrord support, as...

resource-agents bug fix and enhancement update

The resource-agents packages provide the Pacemaker and RGManager service managers with a set of scripts. These scripts interface with several services to allow operating in a high-availability HA environment. Bug Fixes and Enhancements: LVM-activate: Start operation always recreates drop-in file...

resource-agents bug fix and enhancement update

An update is available for resource-agents. This update affects Rocky Linux 8. A Common Vulnerability Scoring System CVSS base score, which gives a detailed severity rating, is available for each vulnerability from the CVE list The resource-agents packages provide the Pacemaker and RGManager...

ALBA-2021:3579 resource-agents bug fix and enhancement update

The resource-agents packages provide the Pacemaker and RGManager service managers with a set of scripts. These scripts interface with several services to allow operating in a high-availability HA environment. Bug Fixes and Enhancements: LVM-activate: Start operation always recreates drop-in file...

WordPress GetPaid payments plugin 2.4.6 - HTML Injection Vulnerability

Exploit Title: WordPress Plugin Payments Plugin | GetPaid 2.4.6 - HTML Injection Exploit Author: Niraj Mahajan Software Link: https://wordpress.org/plugins/invoicing/ Version: 2.4.6 Tested on Windows Steps to Reproduce: 1. Install Wordpress 5.8 2. Install and Activate "WordPress Payments Plugin |...

CVE-2021-24356

In the Simple 301 Redirects by BetterLinks WordPress plugin before 2.0.4, a lack of capability checks and insufficient nonce check on the AJAX action, simple301redirects/admin/activateplugin, made it possible for authenticated users to activate arbitrary plugins installed on vulnerable sites...

WordPress plugin authorization issue vulnerability (CNVD-2021-36537)

WordPress is the Wordpress Foundation's set of blogging platform developed using the PHP language . The platform supports PHP and MySQL servers to set up a personal blog site.WordPress Plugin is a WordPress open source application plugin . An authorization issue vulnerability exists in versions o...

WordPress plugin authorization issue vulnerability (CNVD-2021-36535)

WordPress is the Wordpress Foundation's set of blogging platform developed using the PHP language . The platform supports PHP and MySQL servers to set up a personal blog site.WordPress Plugin is a WordPress open source application plugin . WordPress plugin 2.9 prior to the version Login Protectio...

CVE-2021-24189

Low privileged users can use the AJAX action 'cppluginsdobuttonjoblatercallback' in the Captchinoo, Google recaptcha for admin login page WordPress plugin before 2.4, to install any plugin including a specific version from the WordPress repository, as well as activate arbitrary plugin from then...