Malicious code in cmp-dossier-tracking (npm)

--- -= Per source details. Do not edit below this line.=- Source: ghsa-malware ca47cddd0ff04336d55d7da2799d42183ab77e8b7270202739f7728e7904f712 Any computer that has this package installed or running should be considered fully compromised. All secrets and keys stored on that computer should be...

Malicious code in cmp-ocr-liveness-acquisition (npm)

--- -= Per source details. Do not edit below this line.=- Source: ghsa-malware 867eeaa4b91a53b10e36a59a627a3ea2e8164a4ec9b0d9f3829fb936f71330bf Any computer that has this package installed or running should be considered fully compromised. All secrets and keys stored on that computer should be...

MAL-2025-1577 Malicious code in cmp-dossier-tracking (npm)

--- -= Per source details. Do not edit below this line.=- Source: ghsa-malware ca47cddd0ff04336d55d7da2799d42183ab77e8b7270202739f7728e7904f712 Any computer that has this package installed or running should be considered fully compromised. All secrets and keys stored on that computer should be...

CVE-2019-5099

An exploitable integer underflow vulnerability exists in the CMP-parsing functionality of LEADTOOLS 20. A specially crafted CMP image file can cause an integer underflow, potentially resulting in code execution. An attacker can specially craft a CMP image to trigger this vulnerability...

CVE-2020-36730

The CMP for WordPress is vulnerable to authorization bypass due to a missing capability check on the cmpgetpostdetail, niteoexportcsv, and cmpdisablecomingsoonajax functions in versions up to, and including, 3.8.1. This makes it possible for unauthenticated attackers to read posts, export...

CVE-2024-36066

The CMP CLI client in KeyFactor EJBCA before 8.3.1 has only 6 octets of salt, and is thus not compliant with the security requirements of RFC 4211, and might make man-in-the-middle attacks easier. CMP includes password-based MAC as one of the options for message integrity and authentication the...

CVE-2024-36066

The CMP CLI client in KeyFactor EJBCA before 8.3.1 has only 6 octets of salt, and is thus not compliant with the security requirements of RFC 4211, and might make man-in-the-middle attacks easier. CMP includes password-based MAC as one of the options for message integrity and authentication the...

CVE-2024-36066

The CMP CLI client in KeyFactor EJBCA before 8.3.1 has only 6 octets of salt, and is thus not compliant with the security requirements of RFC 4211, and might make man-in-the-middle attacks easier. CMP includes password-based MAC as one of the options for message integrity and authentication the...

CVE-2024-36066

The CVE-2024-36066 issue affects KeyFactor EJBCA’s CMP CLI client prior to version 8.3.1. The root cause is a salt length of 6 octets for the password-based MAC parameter, which does not meet RFC 4211 Section 4.4 requirements for a salt of at least 8 octets, potentially reducing resistance to dic...

CVE-2024-36066

The CMP CLI client in KeyFactor EJBCA before 8.3.1 has only 6 octets of salt, and is thus not compliant with the security requirements of RFC 4211, and might make man-in-the-middle attacks easier. CMP includes password-based MAC as one of the options for message integrity and authentication the...

CVE-2023-50374

Server-Side Request Forgery SSRF vulnerability in NiteoThemes CMP – Coming Soon & Maintenance.This issue affects CMP – Coming Soon & Maintenance: from n/a through 4.1.10...

CVE-2023-50374

CVE-2023-50374 is a reported SSRF vulnerability in the WordPress plugin CMP – Coming Soon & Maintenance by NiteoThemes. The issue affects versions from unspecified start (n/a) up to 4.1.10 . The connected Red Hat advisory RH:CVE-2023-50374 mirrors the same description and confirms the SSRF impact...

CVE-2023-50374 WordPress CMP – Coming Soon & Maintenance Plugin by NiteoThemes plugin <= 4.1.10 - Server Side Request Forgery (SSRF) vulnerability

Server-Side Request Forgery SSRF vulnerability in NiteoThemes CMP – Coming Soon & Maintenance.This issue affects CMP – Coming Soon & Maintenance: from n/a through 4.1.10...

WordPress Plugin CMP 代码问题漏洞

WordPress and WordPress plugin are both products of the WordPress Foundation.WordPress is a blogging platform developed using the PHP language. WordPress is a blogging platform developed using the PHP language, which supports personal blogs on PHP and MySQL servers.WordPress plugin is an...

WordPress CMP – Coming Soon & Maintenance Plugin <= 4.1.10 is vulnerable to Server Side Request Forgery (SSRF)

Software CMP – Coming Soon & Maintenance Type Plugin Vulnerable versions = 4.1.10 Fixed in 4.1.11 OWASP Top 10 A10: Server-Side Request Forgery SSRF Classification Server Side Request Forgery SSRF CVE CVE-2023-50374 Patch priority Low CVSS severity Low 5.5 Developer Claim ownership PSID...

BIT-EJBCA-2021-40086

An issue was discovered in PrimeKey EJBCA before 7.6.0. As part of the configuration of the aliases for SCEP, CMP, EST, and Auto-enrollment, the enrollment secret was reflected on a page that can only be viewed by an administrator. While hidden from direct view, checking the page source would...

BIT-EJBCA-2021-40087

An issue was discovered in PrimeKey EJBCA before 7.6.0. When audit logging changes to the alias configurations of various protocols that use an enrollment secret, any modifications to the secret were logged in cleartext in the audit log that can only be viewed by an administrator. This affects us...

EulerOS Virtualization 3.0.6.6 : openssl098e (EulerOS-SA-2023-3409)

According to the versions of the openssl098e package installed, the EulerOS Virtualization installation on the remote host is affected by the following vulnerabilities : - A security vulnerability has been identified in all supported versions of OpenSSL related to the verification of X.509...

EulerOS 2.0 SP8 : openssl (EulerOS-SA-2023-3141)

According to the versions of the openssl packages installed, the EulerOS installation on the remote host is affected by the following vulnerabilities : - Issue summary: Processing some specially crafted ASN.1 object identifiers or data containing them may be very slow. Impact summary: Application...

PT-2023-9516 · Openlink +4 · Virtuoso-Opensource +4

Name of the Vulnerable Software and Affected Versions: openlink virtuoso-opensource version 7.2.11 Description: The issue is related to the incorrect implementation of the sequence of actions in the cha cmp component of the Virtuoso-opensource web application development platform. Exploitation of...