PT-2022-25776 · Sap · Sap Basis

Name of the Vulnerable Software and Affected Versions: SAP BASIS versions 731, 740, 750, 751, 752, 753, 754, 755, 756, 757, 789, 790, 791 Description: The issue allows an authenticated non-administrator attacker to access a system class and execute any of its public methods with parameters provid...

CVE-2022-3946

The Welcart e-Commerce WordPress plugin before 2.8.4 does not have authorisation and CSRF in an AJAX action, allowing any logged-in user to create, update and delete shipping methods...

CVE-2022-3946

The Welcart e-Commerce WordPress plugin before 2.8.4 does not have authorisation and CSRF in an AJAX action, allowing any logged-in user to create, update and delete shipping methods...

Cross site request forgery (csrf)

The Welcart e-Commerce WordPress plugin before 2.8.4 does not have authorisation and CSRF in an AJAX action, allowing any logged-in user to create, update and delete shipping methods...

CVE-2022-3946 Welcart e-Commerce < 2.8.4 - Subscriber+ Arbitrary Shipping Method Creation/Update/Deletion

The Welcart e-Commerce WordPress plugin before 2.8.4 does not have authorisation and CSRF in an AJAX action, allowing any logged-in user to create, update and delete shipping methods...

usbguard: Fix unauthorized access via D-Bus

A flaw was found in usbguard. The vulnerability occurs due to the No default access control listACL on some D-Bus methods and leads to unauthorized access. This flaw allows an attacker to access and escape policy configuration...

Fedora: Security Advisory for librime (FEDORA-2022-18023b665f)

The remote host is missing an update for the Copyright C 2022 Greenbone Networks GmbH Some text descriptions might be excerpted from a referenced sources, and are Copyright C by the respective right holders. SPDX-License-Identifier: GPL-2.0-or-later This program is free software; you can...

Security Bulletin: Security bypass vulnerability in IBM Java SDK affects IBM Security Guardium (CVE-2021-41041)

Summary There is a vulnerability in IBM® SDK Java™ Technology Edition, Version 8 used by IBM Security Guardium. This issue was disclosed as part of the IBM Java SDK updates in April 2022 and includes the Oracle® April 2022 CPU. Vulnerability Details CVEID:CVE-2021-41041 DESCRIPTION: Eclipse Openj...

Updated dropbear packages fix security vulnerability

Updated dropbear package fixes a security vulnerability in dbclient:. Due to a non-RFC-compliant check of the available authentication methods in the client-side SSH code, it is possible for an SSH server to change the login process in its favor. This attack can bypass additional security measure...

CVE-2022-38115

Insecure method vulnerability in which allowed HTTP methods are disclosed. E.g., OPTIONS, DELETE, TRACE, and PUT...

CVE-2022-38115

Insecure method vulnerability in which allowed HTTP methods are disclosed. E.g., OPTIONS, DELETE, TRACE, and PUT...

Design/Logic Flaw

Insecure method vulnerability in which allowed HTTP methods are disclosed. E.g., OPTIONS, DELETE, TRACE, and PUT...

CVE-2022-38115 Insecure Methods Vulnerability

Insecure method vulnerability in which allowed HTTP methods are disclosed. E.g., OPTIONS, DELETE, TRACE, and PUT...

CVE-2022-38115

CVE-2022-38115 concerns SolarWinds Security Event Manager (SEM) and is described as an insecure-method vulnerability where HTTP methods (e.g., OPTIONS, DELETE, TRACE, PUT) are disclosed. Connected sources indicate SEM versions 2022.2 and prior are affected. The CVSSv3.1 base score is 5.3 (Medium)...

SolarWinds Security Event Manager 安全漏洞

SolarWinds Security Event Manager SolarWinds SEM is an American SolarWinds, Inc. for forensics and troubleshooting, as well as a tool to help you manage log data. A security vulnerability exists in SolarWinds Security Event Manager 2022.2 and prior versions that stems from disclosing HTTP methods...

CVE-2022-38115 Insecure Methods Vulnerability

Insecure method vulnerability in which allowed HTTP methods are disclosed. E.g., OPTIONS, DELETE, TRACE, and PUT...

PT-2022-24209 · Solarwinds · Solarwinds Sem +1

Name of the Vulnerable Software and Affected Versions: No specific software or versions are mentioned. Description: The issue concerns an insecure method vulnerability where allowed HTTP methods are disclosed, including OPTIONS, DELETE, TRACE, and PUT. Recommendations: At the moment, there is no...

hsqldb: Untrusted input may lead to RCE attack

A flaw was found in the HSQLDB package. This flaw allows untrusted inputs to execute remote code due to any static method of any Java class in the classpath, resulting in code execution by default...

ZTE ZXHN-H108NS Authentication Bypass Vulnerability

ZTE ZXHN-H108NS router with firmware version H108NSV1.0.7uZRDGR2A68 suffers from an authentication bypass vulnerability when alternate HTTP methods are leveraged. Exploit Title: Router ZTE-H108NS - Authentication Bypass Exploit Author: George Tsimpidas Vendor: https://www.zte.com.cn/global/...

Security update for tumbler (moderate)

openSUSE Security Update: Security update for tumbler Announcement ID: openSUSE-SU-2022:10207-1 Rating: moderate References: 1203644 1205210 Affected Products: openSUSE Backports SLE-15-SP4 An update that contains security fixes can now be installed. Description: This update for tumbler fixes the...