Cross site request forgery (csrf)

Cross-site request forgery CSRF vulnerability in Push Notifications for WordPress Lite versions prior to 6.0.1 allows a remote attacker to hijack the authentication of an administrator and conduct an arbitrary operation via a specially crafted web page...

CVE-2021-20846

The CVE-2021-20846 entry concerns the WordPress plugin Push Notifications for WordPress (Lite) before version 6.0.1. The connected sources confirm a Cross-site Request Forgery (CSRF) vulnerability that can allow an authenticated administrator to be hijacked to perform arbitrary actions via a craf...

Clarify Content-Type handling

Impact In the OCI Distribution Specification version 1.0.0 and prior, the Content-Type header alone was used to determine the type of document during push and pull operations. Documents that contain both “manifests” and “layers” fields could be interpreted as either a manifest or an index in the...

GHSA-MC8V-MGRF-8F4M Clarify Content-Type handling

Impact In the OCI Distribution Specification version 1.0.0 and prior, the Content-Type header alone was used to determine the type of document during push and pull operations. Documents that contain both “manifests” and “layers” fields could be interpreted as either a manifest or an index in the...

Incorrect Content-type Handling

github.com/opencontainers/distribution-spec is handling content-type incorrectly. Type of the manifest during the push and pull operations was wrongly determined as it uses only Content-Type header, causing a client to interpret the resulting content differently...

AZL-44925 CVE-2021-41190 affecting package umoci 0.4.7-13

The OCI Distribution Spec project defines an API protocol to facilitate and standardize the distribution of content. In the OCI Distribution Specification version 1.0.0 and prior, the Content-Type header alone was used to determine the type of document during push and pull operations. Documents...

CVE-2021-41190

The OCI Distribution Spec project defines an API protocol to facilitate and standardize the distribution of content. In the OCI Distribution Specification version 1.0.0 and prior, the Content-Type header alone was used to determine the type of document during push and pull operations. Documents...

CVE-2021-41190

The OCI Distribution Spec project defines an API protocol to facilitate and standardize the distribution of content. In the OCI Distribution Specification version 1.0.0 and prior, the Content-Type header alone was used to determine the type of document during push and pull operations. Documents...

CVE-2021-41190 Clarify Content-Type handling in OCI spec

The OCI Distribution Spec project defines an API protocol to facilitate and standardize the distribution of content. In the OCI Distribution Specification version 1.0.0 and prior, the Content-Type header alone was used to determine the type of document during push and pull operations. Documents...

WordPress Plugin "Push Notifications for WordPress (Lite)" vulnerable to cross-site request forgery

Overview WordPress Plugin "Push Notifications for WordPress Lite" provided by Delite Studio contains a cross-site request forgery vulnerability CWE-352. Ten Katouno of Cryptography Laboratory,Department of Information and Communication Engineering,Tokyo Denki University reported and coordinated...

WordPress Push Notifications for WordPress (Lite) plugin <= 6.0 - Cross-Site Request Forgery (CSRF) leading to Settings Update

Cross-Site Request Forgery CSRF leading to Settings Update discovered by Ten Katouno in WordPress Push Notifications for WordPress Lite plugin versions = 6.0. Solution Update the WordPress Push Notifications for WordPress Lite plugin to the latest available version at least 6.0.1...

JVN#85492429: WordPress Plugin "Push Notifications for WordPress (Lite)" vulnerable to cross-site request forgery

WordPress Plugin "Push Notifications for WordPress Lite" provided by Delite Studio contains a cross-site request forgery vulnerability CWE-352. Impact If a user with an administrative privilege views a malicious page while logged in, unintended operations may be performed. Solution Update the...

Mozilla Firefox Security Advisory (MFSA2013-58) - Linux

This host is missing a security update for Mozilla Firefox. Copyright C 2021 Greenbone Networks GmbH Some text descriptions might be excerpted from a referenced sources, and are Copyright C by the respective right holders. SPDX-License-Identifier: GPL-2.0-or-later This program is free software; y...

JetBrains TeamCity has an unspecified vulnerability

TeamCity, a Java-based build management and continuous integration server from JetBrains, has a security vulnerability in the "agent push" feature in versions prior to JetBrains TeamCity 2021.1.2. No details of the vulnerability are currently available...

JetBrains TeamCity Remote Code Execution Vulnerability

TeamCity is a Java-based build management and continuous integration server from JetBrains. A remote code execution vulnerability exists in JetBrains TeamCity versions prior to 2021.1.2. The vulnerability can be exploited to achieve remote code execution via the "proxy push" feature...

CVE-2021-43200

In JetBrains TeamCity before 2021.1.2, permission checks in the Agent Push functionality were insufficient...

CVE-2021-43193

In JetBrains TeamCity before 2021.1.2, remote code execution via the agent push functionality is possible...

CVE-2021-43200

In JetBrains TeamCity before 2021.1.2, permission checks in the Agent Push functionality were insufficient...

CVE-2021-43193

In JetBrains TeamCity before 2021.1.2, remote code execution via the agent push functionality is possible...

Remote code execution

In JetBrains TeamCity before 2021.1.2, remote code execution via the agent push functionality is possible...