All Thrive Themes and Plugins - Unauthenticated Option Update

The plugins and themes register a REST API endpoint associated with Zapier functionality. While this endpoint was intended to require an API key in order to access, it was possible to access it by supplying an empty apikey parameter in vulnerable versions if Zapier was not enabled. Attackers coul...

VulnCheck KEV: CVE-2021-24219

The Thrive Optimize WordPress plugin before 1.4.13.3, Thrive Comments WordPress plugin before 1.4.15.3, Thrive Headline Optimizer WordPress plugin before 1.3.7.3, Thrive Leads WordPress plugin before 2.3.9.4, Thrive Ultimatum WordPress plugin before 2.3.9.4, Thrive Quiz Builder WordPress plugin...

[SECURITY] Fedora 34 Update: mutter-40.0~rc-1.fc34

Mutter is a window and compositing manager that displays and manages your desktop via OpenGL. Mutter combines a sophisticated display engine using the Clutter toolkit with solid window-management logic inherited from the Metacity window manager. While Mutter can be used stand-alone, it is primari...

[SECURITY] Fedora 34 Update: kwayland-integration-5.21.3-1.fc34

Provides integration plugins for various KDE Frameworks for Wayland...

CVE-2019-14850

A denial of service vulnerability was discovered in nbdkit 1.12.7, 1.14.1 and 1.15.1. An attacker could connect to the nbdkit service and cause it to perform a large amount of work in initializing backend plugins, by simply opening a connection to the service. This vulnerability could cause...

DEBIAN-CVE-2019-14850

A denial of service vulnerability was discovered in nbdkit 1.12.7, 1.14.1 and 1.15.1. An attacker could connect to the nbdkit service and cause it to perform a large amount of work in initializing backend plugins, by simply opening a connection to the service. This vulnerability could cause...

Design/Logic Flaw

A denial of service vulnerability was discovered in nbdkit 1.12.7, 1.14.1 and 1.15.1. An attacker could connect to the nbdkit service and cause it to perform a large amount of work in initializing backend plugins, by simply opening a connection to the service. This vulnerability could cause...

UBUNTU-CVE-2019-14850

A denial of service vulnerability was discovered in nbdkit 1.12.7, 1.14.1 and 1.15.1. An attacker could connect to the nbdkit service and cause it to perform a large amount of work in initializing backend plugins, by simply opening a connection to the service. This vulnerability could cause...

PT-2021-14668 · Amazon +2 · Aws Parameter Store Build Wrapper +4

Name of the Vulnerable Software and Affected Versions: Jenkins CloudBees AWS Credentials Plugin versions 1.28 and earlier Description: The issue allows attackers with Overall/Read permission to enumerate credentials IDs of AWS credentials stored in Jenkins under certain circumstances. This can...

WordPress Plugins Sensitive Files Detected

WordPress Plugins sensitive files have been detected on the target WordPress installation. This may present an attacker with sensitive information to mount further attacks, such as keys, credentials, internal host names, database tables & SQL queries, security logs, full path disclosures,...

CVE-2021-21327 Unsafe Reflection in getItemForItemtype()

GLPI is an open-source asset and IT management software package that provides ITIL Service Desk features, licenses tracking and software auditing. In GLPI before version 9.5.4 non-authenticated user can remotely instantiate object of any class existing in the GLPI environment that can be used to...

SuperStoreFinder & SuperInteractiveMaps - Unauthenticated SQL Injections

The ssf-social-action.php and sim-wp-data.php files from the respective superstorefinder-wp = 5.0.12 AND time-based blind query SLEEP Payload: action=selectwpid=1 AND SELECT 7900 FROM SELECTSLEEP5gxXh Type: UNION query Title: Generic UNION query NULL - 7 columns Payload: action=selectwpid=1 UNION...

GLPI 9.5.3 Unsafe Reflection

Exploit Title: GLPI 9.5.3 - 'fromtype' Unsafe Reflection Date: 2021-02-13 Exploit Author: Vadym Soroka @Iterasec https://iterasec.com Vendor Homepage: https://glpi-project.org Software Link: https://github.com/glpi-project/glpi/releases Version: =9.5.3 Tested on:v9.5.3, 2021-02-13 Technical...

[SECURITY] Fedora 33 Update: nagios-4.4.6-3.fc33

Nagios is a program that will monitor hosts and services on your network. It has the ability to send email or page alerts when a problem arises and when a problem is resolved. Nagios is written in C and is designed to run under Linux and some other NIX variants as a background process,...

[SECURITY] Fedora 32 Update: nagios-4.4.6-3.fc32

Nagios is a program that will monitor hosts and services on your network. It has the ability to send email or page alerts when a problem arises and when a problem is resolved. Nagios is written in C and is designed to run under Linux and some other NIX variants as a background process,...

OESA-2021-1047 gstreamer1-plugins-bad-free security update

GStreamer is a pipeline-based multi media framework that links together a wide variety of media processing systems to complete complex workflows, based on graphs of filters which operate on media data. This package contains plug-ins that are not tested well enough yet, or the code is not of good...

OESA-2021-1048 gstreamer-plugins-good security update

GStreamer is a pipeline-based multimedia framework that links together a wide variety of media processing systems to complete complex workflows, based on graphs of filters which operate on media data. GStreamer supports a wide variety of media-handling components, such as real-time sound processi...

RHEL 7 : OpenShift Container Platform 3.11.394 (RHSA-2021:0637)

The remote Redhat Enterprise Linux 7 host has packages installed that are affected by multiple vulnerabilities as referenced in the RHSA-2021:0637 advisory. Red Hat OpenShift Container Platform is Red Hat's cloud computing Kubernetes application platform solution designed for on-premise or privat...

container-tools:2.0 security update

An update is available for fuse-overlayfs, container-selinux, udica, toolbox, podman, conmon, skopeo, python-podman-api, slirp4netns, containernetworking-plugins, buildah, criu, cockpit-podman. This update affects Rocky Linux 8. A Common Vulnerability Scoring System CVSS base score, which gives a...

Multiple Plugins - CSRF Nonce Bypasses

Multiple plugins did not properly check for CRSF nonces, allowing attackers to make logged in users do unwanted actions with crafted requests not containing the related nonce parameter. Other plugins reported in the original advisory which are not here have been added individually in the last wee...