PT-2022-26977 · Ibm · Ibm Content Navigator

Name of the Vulnerable Software and Affected Versions: IBM Content Navigator versions 3.0.0 through 3.0.12 Description: The issue is related to missing authorization, which could allow an authenticated user to load external plugins and execute code. Recommendations: For IBM Content Navigator...

IBM Content Navigator 缓冲区错误漏洞

IBM Content Navigator is a Web client from International Business Machines IBM. The product supports searching and processing documents stored in content servers from a Web browser. A security vulnerability exists in IBM Content Navigator, which originates from its susceptibility to loss of...

Build App Online < 1.0.19 - Unauthenticated SQL Injection

The plugin does not properly sanitise and escape some parameters before using them in a SQL statement via an AJAX action available to unauthenticated users, leading to a SQL injection Additional plugins required: https://wordpress.org/plugins/wc-multivendor-marketplace/...

CVE-2022-3677

The Advanced Import WordPress plugin before 1.3.8 does not have CSRF check when installing and activating plugins, which could allow attackers to make a logged in admin install arbitrary plugins from WordPress.org, and activate arbitrary ones from the blog via CSRF attacks...

CVE-2022-3677 Advanced Import < 1.3.8 - Arbitrary Plugin Installation & Activation via CSRF

The Advanced Import WordPress plugin before 1.3.8 does not have CSRF check when installing and activating plugins, which could allow attackers to make a logged in admin install arbitrary plugins from WordPress.org, and activate arbitrary ones from the blog via CSRF attacks...

CVE-2022-24441

The package snyk before 1.1064.0 are vulnerable to Code Injection when analyzing a project. An attacker who can convince a user to scan a malicious project can include commands in a build file such as build.gradle or gradle-wrapper.jar, which will be executed with the privileges of the applicatio...

CVE-2022-24441

The package snyk before 1.1064.0 are vulnerable to Code Injection when analyzing a project. An attacker who can convince a user to scan a malicious project can include commands in a build file such as build.gradle or gradle-wrapper.jar, which will be executed with the privileges of the applicatio...

Code injection

The package snyk before 1.1064.0 are vulnerable to Code Injection when analyzing a project. An attacker who can convince a user to scan a malicious project can include commands in a build file such as build.gradle or gradle-wrapper.jar, which will be executed with the privileges of the applicatio...

Snyk CLI 操作系统命令注入漏洞

Snyk CLI is a build-time tool from Snyk USA for finding and fixing known vulnerabilities in your project. Snyk CLI before 1.1064.0, snyk-mvn-plugin before 2.31.3, snyk-gradle-plugin before 3.24.5, snyk-cocoapods-plugin before 2.5.3, snyk-sbt-plugin before 2.16.2 versions, snyk-python-plugin befor...

CVE-2022-24441 Code Injection

The package snyk before 1.1064.0 are vulnerable to Code Injection when analyzing a project. An attacker who can convince a user to scan a malicious project can include commands in a build file such as build.gradle or gradle-wrapper.jar, which will be executed with the privileges of the applicatio...

CVE-2022-24441 Code Injection

The package snyk before 1.1064.0 are vulnerable to Code Injection when analyzing a project. An attacker who can convince a user to scan a malicious project can include commands in a build file such as build.gradle or gradle-wrapper.jar, which will be executed with the privileges of the applicatio...

GHSA-WQG7-MX6P-2RW3 Command injection in Apache DolphinScheduler Alert Plugins

Alarm instance management has command injection when there is a specific command configured. It is only for logged-in users. We recommend you upgrade to version 2.0.6 or higher...

Command injection in Apache DolphinScheduler Alert Plugins

Alarm instance management has command injection when there is a specific command configured. It is only for logged-in users. We recommend you upgrade to version 2.0.6 or higher...

acceldata-o2a (=1.0.0), acryl-datahub-airflow-plugin (>=0.8.44.4 <=1.3.1.post1) +128 more potentially affected by CVE-2022-40189 via apache-airflow (>=1.8.2 <=2.2.5)

apache-airflow PYPI version =1.8.2, =0.8.44.4, =1.4.0.3.post4, =1.4.0.3.post3, =0.1.0rc3, =0.1.0, =0.4.0, =0.1.0a1, =0.6.0, =0.1.1, =0.1.1, =0.2.0, =0.11.0 and more Source cves: CVE-2022-40189 Source advisory: OSV:GHSA-RMF2-PWFQ-H75J...

SUSE SLES15 Security Update : cni-plugins (SUSE-SU-2022:4151-1)

The remote SUSE Linux SLES15 / SLESSAP15 host has a package installed that is affected by multiple vulnerabilities as referenced in the SUSE-SU-2022:4151-1 advisory. - A vulnerability was found in all versions of containernetworking/plugins before version 0.8.6, that allows malicious containers i...

SUSE: Security Advisory (SUSE-SU-2022:4151-1)

The remote host is missing an update for the SPDX-FileCopyrightText: 2022 Greenbone AG Some text descriptions might be excerpted from a referenced sources, and are Copyright C by the respective right holders. SPDX-License-Identifier: GPL-2.0-only ifdescription...

SUSE-SU-2022:4151-1 Security update for cni-plugins

This update for cni-plugins fixes the following issues: - CVE-2021-20206: Fixed arbitrary path injection via type field in CNI configuration bsc1181961...

CVE-2022-41685

Multiple Cross-Site Request Forgery CSRF vulnerabilities in Viszt Péter's Integration for Szamlazz.hu & WooCommerce plugin = 5.6.3.2 and Csomagpontok és szállítási címkék WooCommerce-hez plugin = 1.9.0.2 on WordPress...

CVE-2022-41685

Multiple Cross-Site Request Forgery CSRF vulnerabilities in Viszt Péter's Integration for Szamlazz.hu & WooCommerce plugin = 5.6.3.2 and Csomagpontok és szállítási címkék WooCommerce-hez plugin = 1.9.0.2 on WordPress...

Rocky Linux 8 : gstreamer1-plugins-good (RLSA-2022:7618)

The remote Rocky Linux 8 host has packages installed that are affected by a vulnerability as referenced in the RLSA-2022:7618 advisory. - GStreamer before 1.18.4 might access already-freed memory in error code paths when demuxing certain malformed Matroska files. CVE-2021-3497 Note that Nessus ha...