4770 matches found
K000139618: MySQL vulnerabilities CVE-2024-21054, CVE-2024-21009, CVE-2024-20993, and CVE-2024-21102
Security Advisory Description CVE-2024-21054 Vulnerability in the MySQL Server product of Oracle MySQL component: Server: Optimizer. Supported versions that are affected are 8.0.36 and prior and 8.3.0 and prior. Easily exploitable vulnerability allows high privileged attacker with network access...
Vulnerability of the Server component: The Optimizer component of the Oracle MySQL Server database management system, which allows a hacker to cause a service failure.
The vulnerability of the Oracle MySQL Server component of the database management system’s optimizer is related to deficiencies in access control. Exploiting this vulnerability could allow a malicious actor to cause service interruptions using the MySQL protocol...
Vulnerability of the Server component: The Optimizer component of the Oracle MySQL Server database management system, which allows a hacker to cause a service failure.
The vulnerability of the Oracle MySQL Server component of the database management system’s optimizer is related to deficiencies in access control. Exploiting this vulnerability could allow a malicious actor to cause service interruptions using the MySQL protocol...
CVE-2024-4445
The WP Compress – Image Optimizer All-In-One plugin for WordPress is vulnerable to unauthorized modification of data due to a missing capability check on the several functions in versions up to, and including, 6.20.01. This makes it possible for authenticated attackers, with subscriber-level...
CVE-2023-6812
The WP Compress – Image Optimizer All-In-One plugin for WordPress is vulnerable to Open Redirect in all versions up to, and including, 6.20.01. This is due to insufficient validation on the redirect url supplied via the 'css' parameter. This makes it possible for unauthenticated attackers to...
CVE-2024-4445 WP Compress – Image Optimizer [All-In-One] <= 6.20.01 - Missing Authorization
The WP Compress – Image Optimizer All-In-One plugin for WordPress is vulnerable to unauthorized modification of data due to a missing capability check on the several functions in versions up to, and including, 6.20.01. This makes it possible for authenticated attackers, with subscriber-level...
CVE-2024-4445 WP Compress – Image Optimizer [All-In-One] <= 6.20.01 - Missing Authorization
The WP Compress – Image Optimizer All-In-One plugin for WordPress is vulnerable to unauthorized modification of data due to a missing capability check on the several functions in versions up to, and including, 6.20.01. This makes it possible for authenticated attackers, with subscriber-level...
CVE-2023-6812
CVE-2023-6812 affects WP Compress – Image Optimizer (All-In-One) for WordPress. The vulnerability is an Open Redirect in all versions up to and including 6.20.01, caused by insufficient validation of the redirect URL supplied via the css parameter. This can allow unauthenticated attackers to tric...
WordPress WP Compress – Image Optimizer [All-In-One] Plugin <= 6.20.01 is vulnerable to Broken Access Control
Software WP Compress – Image Optimizer All-In-One Type Plugin Vulnerable versions = 6.20.01 Fixed in 6.20.02 OWASP Top 10 A5: Broken Access Control Classification Broken Access Control CVE CVE-2024-4445 Patch priority Medium CVSS severity Medium 6.5 Developer Claim ownership PSID fbb504f543bf...
WordPress WP Compress – Image Optimizer [All-In-One] Plugin <= 6.20.01 is vulnerable to Open Redirection
Software WP Compress – Image Optimizer All-In-One Type Plugin Vulnerable versions = 6.20.01 Fixed in 6.20.02 OWASP Top 10 A1: Injection Classification Open Redirection CVE CVE-2023-6812 Patch priority Low CVSS severity Low 4.7 Developer Claim ownership PSID c5a855fed8b3 Credits Krzysztof Zając...
PT-2024-15096 · WordPress · Wp Compress – Image Optimizer
Name of the Vulnerable Software and Affected Versions: WP Compress – Image Optimizer versions up to, and including, 6.20.01 Description: The issue is related to insufficient validation on the redirect URL supplied via the css parameter, allowing unauthenticated attackers to redirect users to...
PT-2024-31156 · WordPress · Wp Compress – Image Optimizer [All-In-One]
Name of the Vulnerable Software and Affected Versions: WP Compress – Image Optimizer All-In-One versions up to, and including, 6.20.01 Description: The issue allows authenticated attackers with subscriber-level permissions and above to modify data, including editing plugin settings and storing...
WP Compress – Image Optimizer [All-In-One] < 6.20.02 - Missing Authorization
Description The WP Compress – Image Optimizer All-In-One plugin for WordPress is vulnerable to unauthorized modification of data due to a missing capability check on the several functions in versions up to, and including, 6.20.01. This makes it possible for authenticated attackers, with...
WP Compress – Image Optimizer [All-In-One] < 6.20.02 - Open Redirect via css
Description The WP Compress – Image Optimizer All-In-One plugin for WordPress is vulnerable to Open Redirect in all versions up to, and including, 6.20.01. This is due to insufficient validation on the redirect url supplied via the 'css' parameter. This makes it possible for unauthenticated...
EWWW Image Optimizer < 7.3.0 - Cross-Site Request Forgery
Description The EWWW Image Optimizer plugin for WordPress is vulnerable to Cross-Site Request Forgery in all versions up to, and including, 7.2.3. This is due to missing or incorrect nonce validation on the checkforoptin and checkforoptout functions. This makes it possible for unauthenticated...
Deserialization Of Untrusted Data
spatie/image-optimizer is vulnerable to Deserialization of Untrusted Data. The vulnerability is due to a lack of file protocol checks before it's passed to the fileexists function. This allows attackers to use the phar:// protocol to deserialize a malicious script, which results in Remote Code...
image-optimizer allows PHAR deserialization
image-optimizer before 1.7.3 allows PHAR deserialization, e.g., the phar:// protocol in arguments to fileexists...
GHSA-6PJM-HMVF-H4RR image-optimizer allows PHAR deserialization
image-optimizer before 1.7.3 allows PHAR deserialization, e.g., the phar:// protocol in arguments to fileexists...
CVE-2024-34515
image-optimizer before 1.7.3 allows PHAR deserialization, e.g., the phar:// protocol in arguments to fileexists...
CVE-2024-34515
image-optimizer before 1.7.3 allows PHAR deserialization, e.g., the phar:// protocol in arguments to fileexists...