CVE-2021-37709

Shopware is an open source eCommerce platform. Versions prior to 6.4.3.1 contain a vulnerability involving an insecure direct object reference of log files of the Import/Export feature. Version 6.4.3.1 contains a patch. As workarounds for older versions of 6.1, 6.2, and 6.3, corresponding securit...

acceldata-o2a (=1.0.0), acryl-datahub-airflow-plugin (>=0.9.5.1rc1 <=1.3.1.post1) +118 more potentially affected by CVE-2021-35936 via apache-airflow (>=1.8.2 <=2.1.1)

apache-airflow PYPI version =1.8.2, =0.9.5.1rc1, =1.4.0.3.post4, =1.4.0.3.post3, =0.1.0rc3, =0.1.0, =0.4.0, =0.1.0a1, =0.6.0, =0.1.1, =0.1.1, =0.10.2, =0.11.0 - airflow-ditto =0.0.1.2 and more Source cves: CVE-2021-35936 Source advisory: OSV:PYSEC-2021-122...

Multiple Plugins - CSRF Bypass

Multiple plugins are affected by CSRF issues due to a logic flaw in their CSRF checks, which could allow attackers to make users perform unwanted actions rucy = 0.4.4 wp-backgrounds-lite = 2.3 wp-security-questions = 1.0.5 event-espresso-decaf = 4.10.11.decaf photo-contest = 1.0.6 opal-estate =...

Raider - Web Authentication Testing Framework

This is a framework designed to test authentication for web applications. While web proxies like ZAProxy and Burpsuite allow authenticated tests, they don't provide features to test the authentication process itself, i.e. manipulating the relevant input fields to identify broken authentication...

Cross-site Scripting (XSS)

jenkins-2-plugins is vulnerable to cross-site scripting. The vulnerability exists due to the lack of sanitization on a view it provides, resulting in a reflected cross-site scripting XSS vulnerability...

Fedora: Security Advisory for containernetworking-plugins (FEDORA-2021-07e4d20196)

The remote host is missing an update for the Copyright C 2021 Greenbone Networks GmbH Some text descriptions might be excerpted from a referenced sources, and are Copyright C by the respective right holders. SPDX-License-Identifier: GPL-2.0-or-later This program is free software; you can...

Fedora: Security Advisory for containernetworking-plugins (FEDORA-2021-54f88bebd4)

The remote host is missing an update for the Copyright C 2021 Greenbone Networks GmbH Some text descriptions might be excerpted from a referenced sources, and are Copyright C by the respective right holders. SPDX-License-Identifier: GPL-2.0-or-later This program is free software; you can...

CVE-2021-32808 Cross-site scripting in ckeditor via abuse of undo functionality

ckeditor is an open source WYSIWYG HTML editor with rich content support. A vulnerability has been discovered in the clipboard Widget plugin if used alongside the undo feature. The vulnerability allows a user to abuse undo functionality using malformed widget HTML, which could result in executing...

CVE-2020-24742

Qt5 versions up to qt 5.12.7, qt 5.14.1, qt 5.15.0 allows plugins to be loaded from current working directory, this can lead to compromised plugins to loaded leading to possible arbitrary code execution...

CVE-2020-24741

Qt5 versions up to qt 5.12.7, qt 5.14.1, qt 5.15.0 allows plugins to be loaded from current working directory, this can lead to compromised plugins to loaded leading to possible arbitrary code execution...

CVE-2021-37697

tmerc-cogs are a collection of open source plugins for the Red Discord bot. A vulnerability has been found in the code that allows any user to access sensitive information by crafting a specific membership event message. Issue is patched in commit d63c49b4cfc30c795336e4fff08cba3795e0fcc0. As a...

CVE-2021-37697

The CVE-2021-37697 issue affects tmerc-cogs, a set of open-source plugins for the Red Discord bot. A vulnerability in the Welcome cog allows any user to access sensitive information by crafting a specific membership event message. Remediation per the disclosures is to apply the patch from commit ...

[SECURITY] Fedora 34 Update: containernetworking-plugins-1.0.0-0.3.rc1.fc34

The CNI Container Network Interface project consists of a specification and libraries for writing plugins to configure network interfaces in Linux containers, along with a number of supported plugins. CNI concerns itself only with network connectivity of containers and removing allocated resource...

[SECURITY] Fedora 33 Update: containernetworking-plugins-1.0.0-0.3.rc1.fc33

The CNI Container Network Interface project consists of a specification and libraries for writing plugins to configure network interfaces in Linux containers, along with a number of supported plugins. CNI concerns itself only with network connectivity of containers and removing allocated resource...

CVE-2021-32768

TYPO3 is an open source PHP based web content management system released under the GNU GPL. In affected versions failing to properly parse, sanitize and encode malicious rich-text content, the content rendering process in the website frontend is vulnerable to cross-site scripting. Corresponding...

Cross site scripting

TYPO3 is an open source PHP based web content management system released under the GNU GPL. In affected versions failing to properly parse, sanitize and encode malicious rich-text content, the content rendering process in the website frontend is vulnerable to cross-site scripting. Corresponding...

CVE-2021-32768 Cross-Site Scripting via Rich-Text Content

TYPO3 is an open source PHP based web content management system released under the GNU GPL. In affected versions failing to properly parse, sanitize and encode malicious rich-text content, the content rendering process in the website frontend is vulnerable to cross-site scripting. Corresponding...

container-tools:rhel8 security, bug fix, and enhancement update

An update is available for fuse-overlayfs, container-selinux, udica, runc, toolbox, podman, conmon, skopeo, crun, libslirp, oci-seccomp-bpf-hook, slirp4netns, containernetworking-plugins, buildah, criu, cockpit-podman. This update affects Rocky Linux 8. A Common Vulnerability Scoring System CVSS...

PT-2021-4174 · Typo3 · Typo3

Name of the Vulnerable Software and Affected Versions: TYPO3 versions prior to 7.6.53 ELTS TYPO3 versions prior to 8.7.42 ELTS TYPO3 versions prior to 9.5.29 TYPO3 versions prior to 10.4.19 TYPO3 versions prior to 11.3.2 Description: The content rendering process in the website frontend is...

Use 3rd-party plugins at your own risk

SonarQube has always had a rich plugin Marketplace, with much of SonarQubes functionality originally delivered as plugins and many additional needs being met by community-maintained plugins. But since October 2019, all SonarSource-provided functionality is bundled with SonarQube. That means any...