4369 matches found
IP2Location Country Blocker < 2.26.5 - Subscriber+ Arbitrary Country Ban
The plugin does not have authorisation and CSRF checks in the ip2locationcountryblockersaverules AJAX action, allowing any authenticated users, such as subscriber to call it and block arbitrary country, or block all of them at once, preventing users from accessing the frontend. v2.26.5 added...
The vulnerability of the browser’s Background Fetch API programming interface in Google Chrome allows a perpetrator to gain unauthorized access to protected information.
The vulnerability of the Google Chrome browser’s software interface is related to the disclosure of information in the erroneous data area. Exploiting this vulnerability can allow an attacker, operating remotely, to gain unauthorized access to protected information...
Security update for chromium (important)
openSUSE Security Update: Security update for chromium Announcement ID: openSUSE-SU-2021:1632-1 Rating: important References: 1192310 1192734 1193519 1193713 Cross-References: CVE-2021-38005 CVE-2021-38006 CVE-2021-38007 CVE-2021-38008 CVE-2021-38009 CVE-2021-38010 CVE-2021-38011 CVE-2021-38012...
GSD-2021-1002729 bpf: Fix kernel address leakage in atomic fetch
bpf: Fix kernel address leakage in atomic fetch This is an automated ID intended to aid in discovery of potential security vulnerabilities. The actual impact and attack plausibility have not yet been proven. This ID is fixed in Linux Kernel version v5.15.11 by commit...
DEBIAN-CVE-2021-3621
A flaw was found in SSSD, where the sssctl command was vulnerable to shell command injection via the logs-fetch and cache-expire subcommands. This flaw allows an attacker to trick the root user into running a specially crafted sssctl command, such as via sudo, to gain root access. The highest...
DEBIAN-CVE-2021-38016
Insufficient policy enforcement in background fetch in Google Chrome prior to 96.0.4664.45 allowed a remote attacker to bypass same origin policy via a crafted HTML page...
CVE-2021-38016
Insufficient policy enforcement in background fetch in Google Chrome prior to 96.0.4664.45 allowed a remote attacker to bypass same origin policy via a crafted HTML page...
UBUNTU-CVE-2021-38016
Insufficient policy enforcement in background fetch in Google Chrome prior to 96.0.4664.45 allowed a remote attacker to bypass same origin policy via a crafted HTML page...
CVE-2021-38016
CVE-2021-38016 stems from insufficient policy enforcement in Chromium’s background fetch component, allowing a remote attacker to bypass the same-origin policy via a crafted HTML page. The CVE affects Chromium-based browsers before version 96.0.4664.45 (notably Chrome/Chromium builds referenced i...
CVE-2021-38016
Insufficient policy enforcement in background fetch in Google Chrome prior to 96.0.4664.45 allowed a remote attacker to bypass same origin policy via a crafted HTML page...
Event Calendar < 1.1.51 - Subscriber+ Event Creation
The plugin does not have proper authorisation and CSRF checks in the addcalendarevent AJAX actions, allowing users with a role as low as subscriber to create events Adding calendar events: fetch"https://example.com/wp-admin/admin-ajax.php", "headers": "content-type":...
Bazaar Web PHP Social Listings Shell Upload Vulnerability
-- Exploit Title: Bazaar Web PHP Social Listings Arbitrary File Upload Exploit Author: Sohel Yousef - email protected Software Link: https://codecanyon.net/item/bazaar-social-listing-shopping-web-php-template/23207913 Software Demo :https://xserver.app/apps/bazaar-web/index.php Category: webapps ...
cxf: OAuth 2 authorization service vulnerable to DDos attacks
CXF supports via JwtRequestCodeFilter passing OAuth 2 parameters via a JWT token as opposed to query parameters see: The OAuth 2.0 Authorization Framework: JWT Secured Authorization Request JAR. Instead of sending a JWT token as a "request" parameter, the spec also supports specifying a URI from...
Remote Code Execution (RCE)
moodle/moodle is vulnerable to remote code execution. The vulnerability exists due to an insecure direct object reference, allowing an attacker to fetch other users' calendar action events...
Chromium: CVE-2021-38016 Insufficient policy enforcement in background fetch
This CVE was assigned by Chrome. Microsoft Edge Chromium-based ingests Chromium, which addresses this vulnerability. Please see Google Chrome Releases for more information...
chromium -- multiple vulnerabilities
Chrome Releases reports: This release contains 25 security fixes, including: 1263620 High CVE-2021-38008: Use after free in media. Reported by Marcin Towalski of Cisco Talos on 2021-10-26 1260649 High CVE-2021-38009: Inappropriate implementation in cache. Reported by Luan Herrera @lbherrera on...
Huawei EulerOS: Security Advisory for sssd (EulerOS-SA-2021-2675)
The remote host is missing an update for the Huawei EulerOS SPDX-FileCopyrightText: 2021 Greenbone AG Some text descriptions might be excerpted from a referenced sources, and are Copyright C by the respective right holders. SPDX-License-Identifier: GPL-2.0-only ifdescription...
PDF2JSON buffer overflow vulnerability
PDF2JSON is a Java-based code library that interacts PDF files with Json files. PDF2JSON has a buffer overflow vulnerability hole, which stems from a stack buffer overflow found in the component XRef::fetch. No detailed vulnerability details are currently available...
Mozilla Firefox Security Advisory (MFSA2015-115) - Linux
This host is missing a security update for Mozilla Firefox. Copyright C 2021 Greenbone Networks GmbH Some text descriptions might be excerpted from a referenced sources, and are Copyright C by the respective right holders. SPDX-License-Identifier: GPL-2.0-or-later This program is free software; y...
Mozilla Firefox Security Advisory (MFSA2015-110) - Linux
This host is missing a security update for Mozilla Firefox. Copyright C 2021 Greenbone Networks GmbH Some text descriptions might be excerpted from a referenced sources, and are Copyright C by the respective right holders. SPDX-License-Identifier: GPL-2.0-or-later This program is free software; y...