CVE-2024-41305

WonderCMS v3.4.3 contains a Server-Side Request Forgery (SSRF) in the Plugins Page disclosed across multiple sources. The vulnerability arises from unvalidated input in the pluginThemeUrl parameter, enabling an attacker to coerce the application into making arbitrary outgoing requests. Impact det...

WonderCMS 安全漏洞

WonderCMS is a PHP-based open source content management system CMS from WonderCMS. A server-side request forgery vulnerability exists in WonderCMS version 3.4.3, which stems from a failure to properly validate user input in the Plugins Page, and can be exploited by an attacker to force the...

CVE-2024-41305

A Server-Side Request Forgery SSRF in the Plugins Page of WonderCMS v3.4.3 allows attackers to force the application to make arbitrary requests via injection of crafted URLs into the pluginThemeUrl parameter...

PT-2024-29352 · Wondercms · Wondercms

Name of the Vulnerable Software and Affected Versions: WonderCMS version 3.4.3 Description: A Server-Side Request Forgery SSRF issue in the Plugins Page allows attackers to force the application to make arbitrary requests via injection of crafted URLs into the pluginThemeUrl parameter...

The Aftermath of the WordPress.org Supply Chain Attack: New Malware and Techniques Emerge

On Monday June 24th, 2024 the Wordfence Threat Intelligence team was made aware of the presence of malware in the Social Warfare repository plugin. After adding the malicious code to our Threat Intelligence Database and examining it, we discovered additional affected plugins and continued...

Improper Authentication

github.com/moby/moby is vulnerable to Improper Authentication. The vulnerability is due to the Docker Engine handling of specially-crafted API requests, which causes authorization plugins to receive requests or responses without the body. Attackers can use this flaw to bypass AuthZ plugins and...

SUSE CVE-2024-41110

Moby is an open-source project created by Docker for software containerization. A security vulnerability has been detected in certain versions of Docker Engine, which could allow an attacker to bypass authorization plugins AuthZ under specific circumstances. The base likelihood of this being...

CVE-2024-41110

A vulnerability was found in Authorization plugins in Docker Engine AuthZ. Using a specially-crafted API request, an Engine API client could make the daemon forward a request or response to an authorization plugin without the body. In certain circumstances, the authorization plugin may allow a...

Critical Docker Engine Flaw Allows Attackers to Bypass Authorization Plugins

Docker is warning of a critical flaw impacting certain versions of Docker Engine that could allow an attacker to sidestep authorization plugins AuthZ under specific circumstances. Tracked as CVE-2024-41110, the bypass and privilege escalation vulnerability carries a CVSS score of 10.0, indicating...

AlmaLinux 9 : containernetworking-plugins (ALSA-2024:4761)

The remote AlmaLinux 9 host has a package installed that is affected by a vulnerability as referenced in the ALSA-2024:4761 advisory. golang-fips/openssl: Memory leaks in code encrypting and decrypting RSA payloads CVE-2024-1394 Tenable has extracted the preceding description block directly from...

DEBIAN-CVE-2024-41110

Moby is an open-source project created by Docker for software containerization. A security vulnerability has been detected in certain versions of Docker Engine, which could allow an attacker to bypass authorization plugins AuthZ under specific circumstances. The base likelihood of this being...

UBUNTU-CVE-2024-41110

Moby is an open-source project created by Docker for software containerization. A security vulnerability has been detected in certain versions of Docker Engine, which could allow an attacker to bypass authorization plugins AuthZ under specific circumstances. The base likelihood of this being...

CVE-2024-41110 Moby authz zero length regression

Moby is an open-source project created by Docker for software containerization. A security vulnerability has been detected in certain versions of Docker Engine, which could allow an attacker to bypass authorization plugins AuthZ under specific circumstances. The base likelihood of this being...

CVE-2024-41110

Moby is an open-source project created by Docker for software containerization. A security vulnerability has been detected in certain versions of Docker Engine, which could allow an attacker to bypass authorization plugins AuthZ under specific circumstances. The base likelihood of this being...

CVE-2024-41110 Moby authz zero length regression

Moby is an open-source project created by Docker for software containerization. A security vulnerability has been detected in certain versions of Docker Engine, which could allow an attacker to bypass authorization plugins AuthZ under specific circumstances. The base likelihood of this being...

CVE-2024-41110

Moby is an open-source project created by Docker for software containerization. A security vulnerability has been detected in certain versions of Docker Engine, which could allow an attacker to bypass authorization plugins AuthZ under specific circumstances. The base likelihood of this being...

CVE-2024-41110

CVE-2024-41110 affects Docker Engine/AuthZ: an Engine API request could be forwarded to an authorization plugin without the body, potentially allowing actions the plugin would deny if the body were present, enabling privilege escalation under certain conditions. The issue was fixed in Docker Engi...

CVE-2024-41110 Moby authz zero length regression

Moby is an open-source project created by Docker for software containerization. A security vulnerability has been detected in certain versions of Docker Engine, which could allow an attacker to bypass authorization plugins AuthZ under specific circumstances. The base likelihood of this being...

containernetworking-plugins security update

1:1.4.0-4 - rebuild for CVE-2024-1394 - Resolves: RHEL-40809...

Oracle Linux 9 : containernetworking-plugins (ELSA-2024-4761)

The remote Oracle Linux 9 host has a package installed that is affected by a vulnerability as referenced in the ELSA-2024-4761 advisory. - rebuild for CVE-2024-1394 Tenable has extracted the preceding description block directly from the Oracle Linux security advisory. Note that Nessus has not...