472 matches found
CVE-2024-52297
Tolgee (open-source localization platform) vulnerability CVE-2024-52297: in version 3.81.1, all configuration properties were exposed publicly via PublicConfigurationDTO to users. Root cause: Public exposure of configuration data. Impact: high potential disclosure risk stated in sources; fixed in...
CVE-2024-52297 Tolgee's configuration all configuration properties leaked in public configuration DTO
Tolgee is an open-source localization platform. Tolgee 3.81.1 included the all configuration properties in the PublicConfiguratioDTO publicly exposed to users. This vulnerability is fixed in v3.81.2...
CVE-2024-49760
CVE-2024-49760 affects OpenRefine: in versions prior to 3.8.3 the load-language command does not verify the target directory, enabling a path traversal to read other JSON files on the file system. The issue is resolved in 3.8.3. Impact details and exploit information are stated in provided docume...
CVE-2024-49760 OpenRefine has a path traversal in LoadLanguageCommand
OpenRefine is a free, open source tool for working with messy data. The load-language command expects a lang parameter from which it constructs the path of the localization file to load, of the form translations-$LANG.json. But when doing so in versions prior to 3.8.3, it does not check that the...
Malicious code in localization-configuration (npm)
--- -= Per source details. Do not edit below this line.=- Source: ghsa-malware 825c642696ea5f30780f48b909d4ab3e393a8e64c037249e775b138a1d2ac838 Any computer that has this package installed or running should be considered fully compromised. All secrets and keys stored on that computer should be...
MAL-2024-7971 Malicious code in localization-configuration (npm)
--- -= Per source details. Do not edit below this line.=- Source: ghsa-malware 825c642696ea5f30780f48b909d4ab3e393a8e64c037249e775b138a1d2ac838 Any computer that has this package installed or running should be considered fully compromised. All secrets and keys stored on that computer should be...
MAL-2024-7997 Malicious code in trips-pwa-localization (npm)
--- -= Per source details. Do not edit below this line.=- Source: ghsa-malware 2711cf5153838983e0237668dc1baaa1ad85959278de51e6e06702482099b582 Any computer that has this package installed or running should be considered fully compromised. All secrets and keys stored on that computer should be...
Malicious code in trips-pwa-localization (npm)
--- -= Per source details. Do not edit below this line.=- Source: ghsa-malware 2711cf5153838983e0237668dc1baaa1ad85959278de51e6e06702482099b582 Any computer that has this package installed or running should be considered fully compromised. All secrets and keys stored on that computer should be...
CVE-2024-39303 Weblate vulnerabler to improper sanitization of project backups
Weblate is a web based localization tool. Prior to version 5.6.2, Weblate didn't correctly validate filenames when restoring project backup. It may be possible to gain unauthorized access to files on the server using a crafted ZIP file. This issue has been addressed in Weblate 5.6.2. As a...
CVE-2024-39303
CVE-2024-39303 affects Weblate, a web-based localization tool. The issue, present before Weblate 5.6.2, was improper validation of filenames when restoring project backups, which could allow unauthorized access to server files via a crafted ZIP file. The vulnerability is addressed in Weblate 5.6....
CVE-2024-39303 Weblate vulnerabler to improper sanitization of project backups
Weblate is a web based localization tool. Prior to version 5.6.2, Weblate didn't correctly validate filenames when restoring project backup. It may be possible to gain unauthorized access to files on the server using a crafted ZIP file. This issue has been addressed in Weblate 5.6.2. As a...
TYPO3 Broken Access Control in Localization Handling
It has been discovered that backend users having limited access to specific languages are capable of modifying and creating pages in the default language which actually should be disallowed. A valid backend user account is needed in order to exploit this vulnerability...
GHSA-772M-43F3-HMF8 TYPO3 Broken Access Control in Localization Handling
It has been discovered that backend users having limited access to specific languages are capable of modifying and creating pages in the default language which actually should be disallowed. A valid backend user account is needed in order to exploit this vulnerability...
GHSA-9RX9-7FMH-GJ3G TYPO3 Broken Access Control in Localization Handling
It has been discovered that backend users having limited access to specific languages are capable of modifying and creating pages in the default language which actually should be disallowed. A valid backend user account is needed in order to exploit this vulnerability...
TYPO3 Broken Access Control in Localization Handling
It has been discovered that backend users having limited access to specific languages are capable of modifying and creating pages in the default language which actually should be disallowed. A valid backend user account is needed in order to exploit this vulnerability...
Security Bulletin: Common Vulnerabilities in Cloudera Data Platform Private Cloud Base 7.1.9.
Summary Common vulnerabilities reported in Cloudera Data Platform Private Cloud Base 7.1.9 have been addressed, and are available in Hotfix 2. Vulnerability Details CVEID:CVE-2015-1772 DESCRIPTION: Apache Hive could allow a remote attacker to bypass security restrictions, caused by an error in th...
CVE-2024-32466
Tolgee is an open-source localization platform. For the /v2/projects/translations and /v2/projects/projectId/translations endpoints, translation data was returned even when API key was missing translation.view scope. However, it was impossible to fetch the data when user was missing this scope. S...
CVE-2024-32470
Tolgee is an open-source localization platform. When API key created by admin user is used it bypasses the permission check at all. This error was introduced in v3.57.2 and immediately fixed in v3.57.4...
CVE-2024-32470
Tolgee (open-source localization platform) contains a vulnerability in versions 3.57.2 through 3.57.3 where an API key created by a server/admin user can bypass permission checks. The issue enables elevated access without proper authorization, as admin-created API keys bypass the normal authoriza...
CVE-2024-32466 Tolgee's API key scopes not checked when querying translation data
Tolgee is an open-source localization platform. For the /v2/projects/translations and /v2/projects/projectId/translations endpoints, translation data was returned even when API key was missing translation.view scope. However, it was impossible to fetch the data when user was missing this scope. S...