Lucene search
K

154 matches found

OSV
OSV
added 2023/05/05 11:10 p.m.50 views

GHSA-C6MM-2G84-V4M7 Mage-ai missing user authentication

Impact You may be impacted if you're using Mage with user authentication enabled. The terminal could be accessed by users who are not signed in or do not have editor permissions. Patches The vulnerability has been resolved in Mage version 0.8.72...

8.2CVSS7.5AI score0.00659EPSS
Exploits0References5
Positive Technologies
Positive Technologies
added 2023/05/05 12:0 a.m.25 views

PT-2023-23176 · Mage Ai · Mage Ai

Name of the Vulnerable Software and Affected Versions: mage-ai versions 0.8.34 through 0.8.71 Description: The issue affects mage-ai, an open-source data pipeline tool, when used with user authentication enabled. It allows the terminal to be accessed by users who are not signed in or do not have...

9.8CVSS9.4AI score0.00659EPSS
Exploits0References10
CNNVD
CNNVD
added 2023/01/28 12:0 a.m.22 views

OpenMage Magento Lts 安全漏洞

OpenMage Magento Lts Magento is an e-commerce system organized by OpenMage. A security vulnerability exists in OpenMage LTS versions prior to 19.4.22, 20.0.19 and prior to 20.0.19, which stems from the inclusion of an infinite loop in the malicious code filter...

7.5CVSS7.3AI score0.00986EPSS
Exploits0References6
OpenVAS
OpenVAS
added 2022/07/31 12:0 a.m.8 views

Fedora: Security Advisory for golang-github-magefile-mage (FEDORA-2022-ea8f4e232d)

The remote host is missing an update for the SPDX-FileCopyrightText: 2022 Greenbone AG Some text descriptions might be excerpted from a referenced sources, and are Copyright C by the respective right holders. SPDX-License-Identifier: GPL-2.0-only ifdescription...

7.5AI score
Exploits0References2
Fedora
Fedora
added 2022/07/30 1:57 a.m.15 views

[SECURITY] Fedora 36 Update: golang-github-magefile-mage-1.11.0-6.fc36

A Make/rake-like dev tool using Go...

7.3AI score
Exploits0
OpenVAS
OpenVAS
added 2022/07/18 12:0 a.m.14 views

Fedora: Security Advisory for golang-github-magefile-mage (FEDORA-2022-3969b64d4b)

The remote host is missing an update for the Copyright C 2022 Greenbone Networks GmbH Some text descriptions might be excerpted from a referenced sources, and are Copyright C by the respective right holders. SPDX-License-Identifier: GPL-2.0-or-later This program is free software; you can...

9.3CVSS8.9AI score0.05994EPSS
Exploits4References2
Imperva Blog
Imperva Blog
added 2022/07/07 1:36 p.m.15 views

The Benefits of Including Static Data Masking in Your Security Arsenal

Static data masking SDM is defined as, “The act of permanently replacing sensitive data at rest with a realistic fictional equivalent for the purpose of protecting data from unwanted disclosure.” Industry analysts characterize SDM as a must-have data protection layer capable of protecting large...

0.2AI score
Exploits0
OpenVAS
OpenVAS
added 2022/07/06 12:0 a.m.13 views

Fedora: Security Advisory for golang-github-magefile-mage (FEDORA-2022-fae3ecee19)

The remote host is missing an update for the Copyright C 2022 Greenbone Networks GmbH Some text descriptions might be excerpted from a referenced sources, and are Copyright C by the respective right holders. SPDX-License-Identifier: GPL-2.0-or-later This program is free software; you can...

9.3CVSS8.9AI score0.05994EPSS
Exploits4References2
ATTACKERKB
ATTACKERKB
added 2021/05/11 11:0 p.m.3 views

CVE-2021-28556

Magento versions 2.4.2 and earlier, 2.4.1-p1 and earlier and 2.3.6-p1 and earlier are affected by a DOM-based Cross-Site Scripting vulnerability on mage-messages cookies. Successful exploitation could lead to arbitrary JavaScript execution by an unauthenticated attacker. User interaction is...

6.9CVSS5.8AI score0.01397EPSS
Exploits0References2
Positive Technologies
Positive Technologies
added 2021/05/11 12:0 a.m.5 views

PT-2021-3404 · Adobe · Magento

Name of the Vulnerable Software and Affected Versions: Magento versions 2.4.2 and earlier Magento versions 2.4.1-p1 and earlier Magento versions 2.3.6-p1 and earlier Description: The issue is related to a DOM-based Cross-Site Scripting vulnerability on mage-messages cookies. Successful exploitati...

6.9CVSS5.2AI score0.01397EPSS
Exploits0References10
The Hacker News
The Hacker News
added 2019/11/28 2:49 a.m.5 views

Magento Marketplace Suffers Data Breach Exposing Users' Account Info

If you have ever registered an account with the official Magento marketplace to bought or sold any extension, plugin, or e-commerce website theme, you must change your password immediately. Adobe—the company owning Magento e-commerce platform—today disclosed a new data breach incident that expose...

5.8AI score
Exploits0
hackapp
hackapp
added 2016/04/01 10:3 a.m.10 views

Mage And Minions - Dangerous filesystem permissions, WebView code execution vulnerabilities

HackApp vulnerability scanner discovered that application Mage And Minions published at the 'play' market has multiple vulnerabilities...

0.5AI score
Exploits0References1Affected Software1
VulnCheck KEV
VulnCheck KEV
added 2016/01/22 12:0 a.m.5 views

VulnCheck KEV: CVE-2015-1399

PHP remote file inclusion vulnerability in the fetchView function in the MageCoreBlockTemplateZend class in Magento Community Edition CE 1.9.1.0 and Enterprise Edition EE 1.14.1.0 allows remote administrators to execute arbitrary PHP code via a URL in unspecified vectors involving the...

6.5CVSS6.1AI score0.10071EPSS
Exploits1References1
Packet Storm
Packet Storm
added 2004/05/24 12:0 a.m.29 views

allegrodos.txt

The description made it easy to create this one. Needed this to confirm if some 2.10-branded products were in fact patched and warranted replacing. Considering there was four years of warning and there are still tons of boxes with this problem, please, people, get your systems pen-tested...

7.4AI score
Exploits0
Rows per page
Query Builder