419 matches found
buildah: full container escape at build time
A flaw was found in Buildah and subsequently Podman Build which allows containers to mount arbitrary locations on the host filesystem into build containers. A malicious Containerfile can use a dummy image with a symbolic link to the root filesystem as a mount source and cause the mount operation ...
CVE-2024-32599
Improper Control of Generation of Code 'Code Injection' vulnerability in Deepak anand WP Dummy Content Generator wp-dummy-content-generator.This issue affects WP Dummy Content Generator: from n/a through = 3.2.1...
CVE-2024-32599
CVE-2024-32599 is an unauthenticated code injection vulnerability in the WordPress plugin WP Dummy Content Generator up to version 3.2.1. The issue is described as an Improper Control of Generation of Code, enabling arbitrary code execution. The CVSS scope is CHANGED with a base score of 10.0, ve...
CVE-2024-32599 WordPress WP Dummy Content Generator plugin <= 3.2.1 - Arbitrary Code Execution vulnerability
Improper Control of Generation of Code 'Code Injection' vulnerability in Deepak anand WP Dummy Content Generator wp-dummy-content-generator.This issue affects WP Dummy Content Generator: from n/a through = 3.2.1...
WordPress Plugin WP Dummy Content Generator 代码注入漏洞
WordPress and WordPress plugin are both products of the WordPress Foundation.WordPress is a blogging platform developed using the PHP language. The platform supports personal blog sites on PHP and MySQL servers.WordPress plugin is an application plugin. A code injection vulnerability exists in...
PT-2024-24721 · Deepak Anand · Wp Dummy Content Generator
Name of the Vulnerable Software and Affected Versions: WP Dummy Content Generator versions 3.2.1 and earlier Description: The issue is related to an Improper Control of Generation of Code 'Code Injection' vulnerability in Deepak anand WP Dummy Content Generator. Recommendations: For WP Dummy...
WordPress WP Dummy Content Generator plugin <= 3.2.1 - Arbitrary Code Execution vulnerability
Arbitrary Code Execution vulnerability discovered by Yudistira Arya Patchstack Alliance in WordPress Plugin WP Dummy Content Generator versions = 3.2.1...
WordPress WP Dummy Content Generator Plugin <= 3.2.1 is vulnerable to Arbitrary Code Execution
Software WP Dummy Content Generator Type Plugin Vulnerable versions = 3.2.1 Fixed in 3.3.0 OWASP Top 10 A6: Vulnerable and Outdated Components Classification Arbitrary Code Execution CVE CVE-2024-32599 Patch priority Low CVSS severity Low 10 Developer Deepak Anand PSID 517305868c49 Credits...
PT-2024-21455 · Linux +2 · Linux Kernel +2
Name of the Vulnerable Software and Affected Versions: Linux kernel affected versions not specified Description: The issue is related to the x86/efistub in the Linux kernel, where the .compat section, a dummy PE section containing the address of the 32-bit entrypoint of the 64-bit kernel image, i...
Container Escape
github.com/containers/buildah is vulnerable to container escape. The vulnerability is due to improper Containerfile validation which allows a dummy image with a symbolic link to the host's root filesystem as a mount source. This flaw enabling the mount operation to incorporate the host root...
CVE-2024-24805
Missing Authorization vulnerability in Deepak anand WP Dummy Content Generator.This issue affects WP Dummy Content Generator: from n/a through 3.1.2...
CVE-2024-24805 WordPress WP Dummy Content Generator plugin <= 3.1.2 - Broken Access Control vulnerability
Missing Authorization vulnerability in Deepak anand WP Dummy Content Generator.This issue affects WP Dummy Content Generator: from n/a through 3.1.2...
CVE-2024-24805
CVE-2024-24805 : WordPress plugin WP Dummy Content Generator has a Broken Access Control/Missing Authorization vulnerability affecting versions ≤ 3.1.2. The issue allows unauthorized operations due to insufficient capability checks in wp_dummy_content_generatorDeletePosts() and wp_dummy_content_g...
CVE-2024-24805 WordPress WP Dummy Content Generator plugin <= 3.1.2 - Broken Access Control vulnerability
Missing Authorization vulnerability in Deepak anand WP Dummy Content Generator.This issue affects WP Dummy Content Generator: from n/a through 3.1.2...
WordPress Plugin WP Dummy Content Generator 安全漏洞
WordPress and WordPress plugin are both products of the WordPress Foundation.WordPress is a blogging platform developed using the PHP language. The platform supports personal blog sites on servers with PHP and MySQL.WordPress plugin is an application plugin. A security vulnerability exists in...
UBUNTU-CVE-2024-1753
A flaw was found in Buildah and subsequently Podman Build which allows containers to mount arbitrary locations on the host filesystem into build containers. A malicious Containerfile can use a dummy image with a symbolic link to the root filesystem as a mount source and cause the mount operation ...
WP Dummy Content Generator < 3.1.3 - Missing Authorization
Description The WP Dummy Content Generator plugin for WordPress is vulnerable to unauthorized modification of data due to missing capability check son the wpdummycontentgeneratorDeletePosts and wpdummycontentgeneratorAjaxGenPosts functions in versions up to, and including, 3.1.2. This makes it...
WordPress WP Dummy Content Generator Plugin <= 3.1.2 is vulnerable to Broken Access Control
Software WP Dummy Content Generator Type Plugin Vulnerable versions = 3.1.2 Fixed in 3.1.3 OWASP Top 10 A1: Broken Access Control Classification Broken Access Control CVE CVE-2024-24805 Patch priority Low CVSS severity Low 4.3 Developer Deepak Anand PSID cb426eb88b79 Credits Huynh Tien Si Require...
Improper Certificate Validation
jruby-openssl is vulnerable to Improper Certificate Validation. The vulnerability is due to incorrect hashing of certificate names in X509Name.java and insufficient checking of certificate path lengths in StoreContext.java. This allows an attacker to trick the client application into believing th...
CVE-2023-37392
Cross-Site Request Forgery CSRF vulnerability in Deepak Anand WP Dummy Content Generator plugin = 2.3.0 versions...