CVE-2022-20492

In many functions of AutomaticZenRule.java, there is a possible failure to persist permissions settings due to resource exhaustion. This could lead to local escalation of privilege with no additional execution privileges needed. User interaction is not needed for exploitation.Product:...

GHSA-59QG-93JG-236F Shopware has Insufficient Session Expiration in Administration

Impact The Administration session expiration was set to one week, when an attacker has stolen the session cookie they could use it for a long period of time. Patches We added an automatic logout into the Administration, so the user will be logged out when they are inactive. References...

CVE-2023-22732

Shopware is an open source commerce platform based on Symfony Framework and Vue js. The Administration session expiration was set to one week, when an attacker has stolen the session cookie they could use it for a long period of time. In version 6.4.18.1 an automatic logout into the Administratio...

Design/Logic Flaw

Shopware is an open source commerce platform based on Symfony Framework and Vue js. The Administration session expiration was set to one week, when an attacker has stolen the session cookie they could use it for a long period of time. In version 6.4.18.1 an automatic logout into the Administratio...

CVE-2023-22732 Insufficient Session Expiration in Administration in shopware

Shopware is an open source commerce platform based on Symfony Framework and Vue js. The Administration session expiration was set to one week, when an attacker has stolen the session cookie they could use it for a long period of time. In version 6.4.18.1 an automatic logout into the Administratio...

CVE-2023-22732

Shopware administration session expiration was set to one week, enabling reuse of a stolen session cookie. The issue is documented across multiple sources (CVE-2023-22732) and is mitigated by updating to version 6.4.18.1, which adds automatic logout after inactivity. The vulnerability affects the...

CVE-2023-22732 Insufficient Session Expiration in Administration in shopware

Shopware is an open source commerce platform based on Symfony Framework and Vue js. The Administration session expiration was set to one week, when an attacker has stolen the session cookie they could use it for a long period of time. In version 6.4.18.1 an automatic logout into the Administratio...

CVE-2023-22732 Insufficient Session Expiration in Administration in shopware

Shopware is an open source commerce platform based on Symfony Framework and Vue js. The Administration session expiration was set to one week, when an attacker has stolen the session cookie they could use it for a long period of time. In version 6.4.18.1 an automatic logout into the Administratio...

Autolab path traversal vulnerability

Autolab is a course management service. Autolab supports automatic grading of programming assignments. a path traversal vulnerability exists in Autolab. An attacker could exploit this vulnerability to view the contents of a file...

PT-2023-18674 · Shopware · Shopware

Name of the Vulnerable Software and Affected Versions: Shopware versions prior to 6.4.18.1 Description: The Administration session expiration was set to one week, allowing an attacker who has stolen the session cookie to use it for a long period. An automatic logout into the Administration sessio...

gnome-settings-daemon bug fix and enhancement update

An update is available for gnome-settings-daemon. This update affects Rocky Linux 8. A Common Vulnerability Scoring System CVSS base score, which gives a detailed severity rating, is available for each vulnerability from the CVE list The gnome-settings-daemon packages contain a daemon to share...

Security Updates for Microsoft Office Products C2R (January 2023)

The Microsoft Office Products are missing a security update. It is, therefore, affected by multiple remote code execution vulnerabilities. Note that Nessus has not tested for these issues but has instead relied only on the application's self-reported version number. %NASLMINLEVEL 80900 C Tenable,...

DotDumper - An Automatic Unpacker And Logger For DotNet Framework Targeting Files

An automatic unpacker and logger for DotNet Framework targeting files! This tool has been unveiled at Black Hat USA 2022. The automatic detection and classification of any given file in a reliable manner is often considered the holy grail of malware analysis. The trials and tribulations to get...

CVE-2022-46594

TRENDnet TEW755AP 1.13B01 was discovered to contain a stack overflow via the updatefilename parameter in the autoupfw sub420A04 function...

Mozilla Firefox permission permission and access control issue vulnerability (CNVD-2023-05211)

Mozilla Firefox is an open source Web browser from the Mozilla Foundation in the U.S. A permission permission and access control issue vulnerability exists in Mozilla Firefox, which stems from the way Firefox handles extension updates. An attacker could use the vulnerability to trick victims into...

TRENDnet TEW-755AP 缓冲区错误漏洞

The TRENDnet TEW-755AP is a router from TRENDnet. The TRENDnet TEW-755AP suffers from a stack overflow vulnerability that stems from a lack of size checking of input data in the updatefilename parameter of the autoupfw sub420A04 function, which can be exploited by an attacker to execute arbitrary...

openssl: the c_rehash script allows command injection

A flaw was found in OpenSSL. The issue in CVE-2022-1292 did not find other places in the crehash script where it possibly passed the file names of certificates being hashed to a command executed through the shell. Some operating systems distribute this script in a manner where it is automatically...

openssl: c_rehash script allows command injection

A flaw was found in OpenSSL. The crehash script does not properly sanitize shell meta-characters to prevent command injection. Some operating systems distribute this script in a manner where it is automatically executed. This flaw allows an attacker to execute arbitrary commands with the privileg...

Information Exposure Vulnerability in JP1/Automatic Operation

Overview An information exposure vulnerability CVE-2022-34881 exists in JP1/Automatic Operation. Impact Regarding the impact of the vulnerability, please refer to the vendor advisory. Solution Please refer to the 'Vendor Information' section for the official countermeasure and take appropriate...

CVE-2022-34881

Generation of Error Message Containing Sensitive Information vulnerability in Hitachi JP1/Automatic Operation allows local users to gain sensitive information. This issue affects JP1/Automatic Operation: from 10-00 through 10-54-03, from 11-00 before 11-51-09, from 12-00 before 12-60-01...