apiconnect (>=1.0.1 <=4.0.29), apiconnect-cli-test-support (=3.0.0) +3 more potentially affected by CVE-2020-7633 via apiconnect-cli-plugins (>=1.1.1 <=5.0.1)

apiconnect-cli-plugins NPM version =1.1.1, =1.0.1, =1.1.6, =2.8.29, =1.0.5, =2.2.11 Source cves: CVE-2020-7633 Source advisory: OSV:GHSA-C9M9-48PW-6MPV...

apiconnect-cli-plugins vulnerable to OS Command Injection

apiconnect-cli-plugins through 6.0.1 is vulnerable to Command Injection. It allows execution of arbitrary commands via the pluginUri argument. PoC js var root = require"apiconnect-cli-plugins"; var payload = "& touch Song &"; root.pluginLoader.installPluginpayload, ""; The injection point is...

Improper Neutralization of Special Elements in Output Used by a Downstream Component ('Injection')

In Helm before versions 2.16.11 and 3.3.2 plugin names are not sanitized properly. As a result, a malicious plugin author could use characters in a plugin name that would result in unexpected behavior, such as duplicating the name of another plugin or spoofing the output to helm --help. This issu...

CVE-2020-23765

A file upload vulnerability was discovered in the file path /bl-plugins/backup/plugin.php on Bludit version 3.12.0. If an attacker is able to gain Administrator rights they will be able to use unsafe plugins to upload a backup file and control the server...

CVE-2020-23765

A file upload vulnerability was discovered in the file path /bl-plugins/backup/plugin.php on Bludit version 3.12.0. If an attacker is able to gain Administrator rights they will be able to use unsafe plugins to upload a backup file and control the server...

CVE-2020-23765

A file upload vulnerability was discovered in the file path /bl-plugins/backup/plugin.php on Bludit version 3.12.0. If an attacker is able to gain Administrator rights they will be able to use unsafe plugins to upload a backup file and control the server...

WordPress plugin authorization issue vulnerability (CNVD-2021-36537)

WordPress is the Wordpress Foundation's set of blogging platform developed using the PHP language . The platform supports PHP and MySQL servers to set up a personal blog site.WordPress Plugin is a WordPress open source application plugin . An authorization issue vulnerability exists in versions o...

WordPress plugin authorization issue vulnerability (CNVD-2021-36535)

WordPress is the Wordpress Foundation's set of blogging platform developed using the PHP language . The platform supports PHP and MySQL servers to set up a personal blog site.WordPress Plugin is a WordPress open source application plugin . WordPress plugin 2.9 prior to the version Login Protectio...

WordPress plugin authorization issue vulnerability (CNVD-2021-36538)

WordPress is the Wordpress Foundation's set of blogging platform developed using the PHP language . The platform supports PHP and MySQL servers to set up a personal blog site.WordPress Plugin is a WordPress open source application plugin . An authorization issue vulnerability exists in versions o...

WordPress Authorization Issues Vulnerability (CNVD-2021-44301)

WordPress is the Wordpress Foundation's set of blogging platform developed using the PHP language . The platform supports PHP and MySQL servers to set up a personal blog site.WordPress Plugin is a WordPress open source application plugin . WP Maintenance Mode & Site Under Construction An...

Ubuntu: Security Advisory (USN-4959-1)

The remote host is missing an update for the SPDX-FileCopyrightText: 2021 Greenbone AG Some text descriptions might be excerpted from a referenced sources, and are Copyright C by the respective right holders. SPDX-License-Identifier: GPL-2.0-only ifdescription...

USN-4959-1: GStreamer Base Plugins vulnerability

It was discovered that GStreamer Base Plugins incorrectly handled certain inputs. An attacker could possibly use this issue to expose sensitive information...

USN-4959-1 gst-plugins-base1.0 vulnerability

It was discovered that GStreamer Base Plugins incorrectly handled certain inputs. An attacker could possibly use this issue to expose sensitive information...

CVE-2021-22117

RabbitMQ installers on Windows prior to version 3.8.16 do not harden plugin directory permissions, potentially allowing attackers with sufficient local filesystem permissions to add arbitrary plugins...

Mediator - An Extensible, End-To-End Encrypted Reverse Shell With A Novel Approach To Its Architecture

Mediator is an end-to-end encrypted reverse shell in which the operator and the shell connect to a "mediator" server that bridges the connections. This removes the need for the operator/handler to set up port forwarding in order to listen for the connection. Mediator also allows you to create...

new module: container-tools:3.0

An update is available for fuse-overlayfs, container-selinux, udica, toolbox, podman, conmon, skopeo, crun, libslirp, oci-seccomp-bpf-hook, slirp4netns, containernetworking-plugins, buildah, criu, cockpit-podman. This update affects Rocky Linux 8. A Common Vulnerability Scoring System CVSS base...

container-tools:2.0 bug fix and enhancement update

An update is available for fuse-overlayfs, container-selinux, udica, toolbox, podman, conmon, skopeo, python-podman-api, slirp4netns, containernetworking-plugins, buildah, criu, cockpit-podman. This update affects Rocky Linux 8. A Common Vulnerability Scoring System CVSS base score, which gives a...

ALSA-2021:1887 Moderate: dovecot security and bug fix update

Dovecot is an IMAP server for Linux and other UNIX-like systems, written primarily with security in mind. It also contains a small POP3 server, and supports e-mail in either the maildir or mbox format. The SQL drivers and authentication plug-ins are provided as subpackages. Security Fixes: doveco...

dnf bug fix and enhancement update

An update is available for libcomps, dnf-plugins-core, dnf, libdnf. This update affects Rocky Linux 8. A Common Vulnerability Scoring System CVSS base score, which gives a detailed severity rating, is available for each vulnerability from the CVE list For detailed information on changes in this...

Pivotal Software RabbitMQ 代码注入漏洞

Pivotal Software RabbitMQ is a suite of open source message broker software from Pivotal Software, USA, that implements the Advanced Message Queuing Protocol AMQP. A code injection vulnerability exists in RabbitMQ that stems from the RabbitMQ installer on Windows not hardening the plugin director...