154 matches found
GHSA-C6MM-2G84-V4M7 Mage-ai missing user authentication
Impact You may be impacted if you're using Mage with user authentication enabled. The terminal could be accessed by users who are not signed in or do not have editor permissions. Patches The vulnerability has been resolved in Mage version 0.8.72...
PT-2023-23176 · Mage Ai · Mage Ai
Name of the Vulnerable Software and Affected Versions: mage-ai versions 0.8.34 through 0.8.71 Description: The issue affects mage-ai, an open-source data pipeline tool, when used with user authentication enabled. It allows the terminal to be accessed by users who are not signed in or do not have...
OpenMage Magento Lts 安全漏洞
OpenMage Magento Lts Magento is an e-commerce system organized by OpenMage. A security vulnerability exists in OpenMage LTS versions prior to 19.4.22, 20.0.19 and prior to 20.0.19, which stems from the inclusion of an infinite loop in the malicious code filter...
Fedora: Security Advisory for golang-github-magefile-mage (FEDORA-2022-ea8f4e232d)
The remote host is missing an update for the SPDX-FileCopyrightText: 2022 Greenbone AG Some text descriptions might be excerpted from a referenced sources, and are Copyright C by the respective right holders. SPDX-License-Identifier: GPL-2.0-only ifdescription...
[SECURITY] Fedora 36 Update: golang-github-magefile-mage-1.11.0-6.fc36
A Make/rake-like dev tool using Go...
Fedora: Security Advisory for golang-github-magefile-mage (FEDORA-2022-3969b64d4b)
The remote host is missing an update for the Copyright C 2022 Greenbone Networks GmbH Some text descriptions might be excerpted from a referenced sources, and are Copyright C by the respective right holders. SPDX-License-Identifier: GPL-2.0-or-later This program is free software; you can...
The Benefits of Including Static Data Masking in Your Security Arsenal
Static data masking SDM is defined as, “The act of permanently replacing sensitive data at rest with a realistic fictional equivalent for the purpose of protecting data from unwanted disclosure.” Industry analysts characterize SDM as a must-have data protection layer capable of protecting large...
Fedora: Security Advisory for golang-github-magefile-mage (FEDORA-2022-fae3ecee19)
The remote host is missing an update for the Copyright C 2022 Greenbone Networks GmbH Some text descriptions might be excerpted from a referenced sources, and are Copyright C by the respective right holders. SPDX-License-Identifier: GPL-2.0-or-later This program is free software; you can...
CVE-2021-28556
Magento versions 2.4.2 and earlier, 2.4.1-p1 and earlier and 2.3.6-p1 and earlier are affected by a DOM-based Cross-Site Scripting vulnerability on mage-messages cookies. Successful exploitation could lead to arbitrary JavaScript execution by an unauthenticated attacker. User interaction is...
PT-2021-3404 · Adobe · Magento
Name of the Vulnerable Software and Affected Versions: Magento versions 2.4.2 and earlier Magento versions 2.4.1-p1 and earlier Magento versions 2.3.6-p1 and earlier Description: The issue is related to a DOM-based Cross-Site Scripting vulnerability on mage-messages cookies. Successful exploitati...
Magento Marketplace Suffers Data Breach Exposing Users' Account Info
If you have ever registered an account with the official Magento marketplace to bought or sold any extension, plugin, or e-commerce website theme, you must change your password immediately. Adobe—the company owning Magento e-commerce platform—today disclosed a new data breach incident that expose...
Mage And Minions - Dangerous filesystem permissions, WebView code execution vulnerabilities
HackApp vulnerability scanner discovered that application Mage And Minions published at the 'play' market has multiple vulnerabilities...
VulnCheck KEV: CVE-2015-1399
PHP remote file inclusion vulnerability in the fetchView function in the MageCoreBlockTemplateZend class in Magento Community Edition CE 1.9.1.0 and Enterprise Edition EE 1.14.1.0 allows remote administrators to execute arbitrary PHP code via a URL in unspecified vectors involving the...
allegrodos.txt
The description made it easy to create this one. Needed this to confirm if some 2.10-branded products were in fact patched and warranted replacing. Considering there was four years of warning and there are still tons of boxes with this problem, please, people, get your systems pen-tested...