102 matches found
CVE-2024-4611 AppPresser <= 4.3.2 - Improper Missing Encryption Exception Handling to Authentication Bypass
The AppPresser plugin for WordPress is vulnerable to improper missing encryption exception handling on the 'decryptvalue' and on the 'doCookieAuth' functions in all versions up to, and including, 4.3.2. This makes it possible for unauthenticated attackers to log in as any existing user on the sit...
CVE-2022-43770
Hitachi Vantara Pentaho Business Analytics Server versions before 9.3.0.0, 9.2.0.4 and 8.3.0.27 does not correctly perform an authorization check in the dashboard editor plugin API...
Authorization
Hitachi Vantara Pentaho Business Analytics Server versions before 9.3.0.0, 9.2.0.4 and 8.3.0.27 does not correctly perform an authorization check in the dashboard editor plugin API...
SUSE CVE-2011-2996
Unspecified vulnerability in the plugin API in Mozilla Firefox 3.6.x before 3.6.23 allows remote attackers to cause a denial of service memory corruption and application crash or possibly execute arbitrary code via unknown vectors...
SUSE CVE-2013-2912
Use-after-free vulnerability in the PepperInProcessRouter::SendToHost function in content/renderer/pepper/pepperinprocessrouter.cc in the Pepper Plug-in API PPAPI in Google Chrome before 30.0.1599.66 allows remote attackers to cause a denial of service or possibly have unspecified other impact vi...
CVE-2022-41255
Jenkins CONS3RT Plugin 1.0.0 and earlier stores Cons3rt API token unencrypted in job config.xml files on the Jenkins controller where it can be viewed by users with access to the Jenkins controller file system...
USN-5182-1 roundcube vulnerabilities
It was discovered that Roundcube Webmail allowed JavaScript code to be present in the CDATA of an HTML message. A remote attacker could possibly use this issue to execute a cross-site scripting XSS attack. This issue only affected Ubuntu 16.04 ESM, Ubuntu 18.04 ESM and Ubuntu 20.04 ESM...
com.gerritforge:global-refdb (=3.2.3) potentially affected by CVE-2020-8920 via com.google.gerrit:gerrit-plugin-api (=3.2.3)
com.google.gerrit:gerrit-plugin-api MAVEN version =3.2.3 is affected by a known vulnerability. The following packages have a transitive dependency on com.google.gerrit:gerrit-plugin-api and may be impacted: - com.gerritforge:global-refdb =3.2.3 Source cves: CVE-2020-8920 Source advisory:...
com.devonfw.tools:sonar-devon-plugin (=3.0.0), com.devonfw.tools:sonar-devon4j-plugin (=3.2.0) +124 more potentially affected by CVE-2018-19413 via org.sonarsource.sonarqube:sonar-plugin-api (>=5.2 <=7.4-alpha2)
org.sonarsource.sonarqube:sonar-plugin-api MAVEN version =5.2, =0.1.0, =2.0.0, =2.0.0, =1.0.0, =1.0.0, =3.7.0, =2.0.0, =3.0.0, =1.0, =1.0, =1.0, =1.7 and more Source cves: CVE-2018-19413 Source advisory: OSV:GHSA-M643-2PFV-XWM8...
GHSA-6V39-P2XQ-G5C3 Missing authentication in ShenYu
User can access /plugin api without authentication. This issue affected Apache ShenYu 2.4.0 and 2.4.1...
Insecure Access Control
shenyu has insecure access control. The vulnerability exists due to a lack of validation of the user access via the /plugin api allowing an attacker to access the system without authentication...
CVE-2022-23944
User can access /plugin api without authentication. This issue affected Apache ShenYu 2.4.0 and 2.4.1...
Authentication flaw
User can access /plugin api without authentication. This issue affected Apache ShenYu 2.4.0 and 2.4.1...
[SECURITY] Fedora 33 Update: nbdkit-1.24.6-1.fc33
NBD is a protocol for accessing block devices hard disks and disk-like things over the network. nbdkit is a toolkit for creating NBD servers. The key features are: Multithreaded NBD server written in C with good performance. Minimal dependencies for the basic server. Liberal license BSD allows...
[SECURITY] Fedora 34 Update: nbdkit-1.26.5-1.fc34
NBD is a protocol for accessing block devices hard disks and disk-like things over the network. nbdkit is a toolkit for creating NBD servers. The key features are: Multithreaded NBD server written in C with good performance. Minimal dependencies for the basic server. Liberal license BSD allows...
[SECURITY] Fedora 33 Update: tcmu-runner-1.5.2-7.fc33
A daemon that handles the complexity of the LIO kernel target's userspace passthrough interface TCMU. It presents a C plugin API for extension modu les that handle SCSI requests in ways not possible or suitable to be handled by LIO's in-kernel backstores...
DEBIAN-CVE-2020-16014
Use after free in PPAPI in Google Chrome prior to 87.0.4280.66 allowed a remote attacker who had compromised the renderer process to potentially perform a sandbox escape via a crafted HTML page...
UBUNTU-CVE-2020-16014
Use after free in PPAPI in Google Chrome prior to 87.0.4280.66 allowed a remote attacker who had compromised the renderer process to potentially perform a sandbox escape via a crafted HTML page...
Google Chrome Security Vulnerability
Google Chrome is a web browser from Google, Inc USA. A security vulnerability exists in versions prior to Google chrome 87.0.4280.66, which originates from PPAPI...
com.erudika:para-jar (=1.31.0), com.erudika:para-server (=1.31.0) +82 more potentially affected by CVE-2020-5408 via org.springframework.security:spring-security-core (=5.1.0.RELEASE)
org.springframework.security:spring-security-core MAVEN version =5.1.0.RELEASE is affected by a known vulnerability. The following packages have a transitive dependency on org.springframework.security:spring-security-core and may be impacted: - com.erudika:para-jar =1.31.0 - com.erudika:para-serv...