4960 matches found
CGC Maintenance Mode <= 1.2 - Sensitive Information Exposure
Description The CGC Maintenance Mode plugin for WordPress is vulnerable to Sensitive Information Exposure in all versions up to, and including, 1.2 via the REST API. This makes it possible for unauthenticated attackers to view protected posts via REST API even when maintenance mode is enabled...
VolWeb - A Centralized And Enhanced Memory Analysis Platform
VolWeb is a digital forensic memory analysis platform that leverages the power of the Volatility 3 framework. It is dedicated to aiding in investigations and incident responses. Objective The goal of VolWeb is to enhance the efficiency of memory collection and forensic analysis by providing a...
CVE-2024-23449
A flaw was found in the Elasticsearch package. An uncaught exception occurs when an encrypted PDF is passed to an attachment processor through the REST API. The Elasticsearch ingest node that attempts to parse the PDF file will crash. This does not happen with password-protected PDF files or with...
CVE-2024-3078
A vulnerability was found in Qdrant up to 1.6.1/1.7.4/1.8.2 and classified as critical. This issue affects some unknown processing of the file lib/collection/src/collection/snapshots.rs of the component Full Snapshot REST API. The manipulation leads to path traversal. Upgrading to version 1.8.3 i...
CVE-2024-3078
CVE-2024-3078 affects Qdrant prior to 1.8.3 (versions up to 1.6.1, 1.7.4, 1.8.2) and stems from path traversal in the Full Snapshot REST API handler (lib/collection/src/collection/snapshots.rs). The vulnerability allows traversal of filesystem paths due to the processing logic described in multip...
CVE-2024-3078 Qdrant Full Snapshot REST API snapshots.rs path traversal
A vulnerability was found in Qdrant up to 1.6.1/1.7.4/1.8.2 and classified as critical. This issue affects some unknown processing of the file lib/collection/src/collection/snapshots.rs of the component Full Snapshot REST API. The manipulation leads to path traversal. Upgrading to version 1.8.3 i...
CVE-2024-3078 Qdrant Full Snapshot REST API snapshots.rs path traversal
A vulnerability was found in Qdrant up to 1.6.1/1.7.4/1.8.2 and classified as critical. This issue affects some unknown processing of the file lib/collection/src/collection/snapshots.rs of the component Full Snapshot REST API. The manipulation leads to path traversal. Upgrading to version 1.8.3 i...
Elasticsearch Uncaught Exception leading to crash
An uncaught exception in Elasticsearch = 8.4.0 and 8.11.1 occurs when an encrypted PDF is passed to an attachment processor through the REST API. The Elasticsearch ingest node that attempts to parse the PDF file will crash. This does not happen with password-protected PDF files or with unencrypte...
CVE-2024-23449
An uncaught exception in Elasticsearch = 8.4.0 and 8.11.1 occurs when an encrypted PDF is passed to an attachment processor through the REST API. The Elasticsearch ingest node that attempts to parse the PDF file will crash. This does not happen with password-protected PDF files or with unencrypte...
CVE-2024-23449
An uncaught exception in Elasticsearch = 8.4.0 and 8.11.1 occurs when an encrypted PDF is passed to an attachment processor through the REST API. The Elasticsearch ingest node that attempts to parse the PDF file will crash. This does not happen with password-protected PDF files or with unencrypte...
CVE-2024-23449
An uncaught exception in Elasticsearch = 8.4.0 and 8.11.1 occurs when an encrypted PDF is passed to an attachment processor through the REST API. The Elasticsearch ingest node that attempts to parse the PDF file will crash. This does not happen with password-protected PDF files or with unencrypte...
UBUNTU-CVE-2024-23449
An uncaught exception in Elasticsearch = 8.4.0 and 8.11.1 occurs when an encrypted PDF is passed to an attachment processor through the REST API. The Elasticsearch ingest node that attempts to parse the PDF file will crash. This does not happen with password-protected PDF files or with unencrypte...
CVE-2024-23449
CVE-2024-23449 affects Elasticsearch: versions 8.4.0 up to (but not including) 8.11.1 are vulnerable to an uncaught exception when an encrypted PDF is passed to the REST API’s attachment processor, causing the ingest node to crash. The issue does not occur with password-protected or unencrypted P...
CVE-2024-23449 Elasticsearch Uncaught Exception
An uncaught exception in Elasticsearch = 8.4.0 and 8.11.1 occurs when an encrypted PDF is passed to an attachment processor through the REST API. The Elasticsearch ingest node that attempts to parse the PDF file will crash. This does not happen with password-protected PDF files or with unencrypte...
Elasticsearch 8.11.1 Security Update (ESA-2024-05)
Elasticsearch Uncaught Exception ESA-2024-05 An uncaught exception in Elasticsearch = 8.4.0 and = 8.4.0 and 8.11.1 Solutions and Mitigations: The issue is resolved in version 8.11.1. This requires the attachment processor to be enabled. Users unable to upgrade can ensure that the attachment...
CVE-2024-0913
The WP ERP | Complete HR solution with recruitment & job listings | WooCommerce CRM & Accounting plugin for WordPress is vulnerable to time-based SQL Injection via the erp/v1/accounting/v1/transactions/sales REST API endpoint in all versions up to, and including, 1.12.9 due to insufficient escapi...
CVE-2024-0913
The WP ERP | Complete HR solution with recruitment & job listings | WooCommerce CRM & Accounting plugin for WordPress is vulnerable to time-based SQL Injection via the erp/v1/accounting/v1/transactions/sales REST API endpoint in all versions up to, and including, 1.13.0 due to insufficient escapi...
CVE-2024-0913
CVE-2024-0913 affects WP ERP for WordPress (WP ERP | Complete HR solution with recruitment & job listings | WooCommerce CRM & Accounting) up to version 1.12.9. The issue is a time-based SQL Injection in the erp/v1/accounting/v1/transactions/sales REST endpoint caused by insufficient escaping of u...
CVE-2024-0913 WP ERP <= 1.13.0 - Authenticated (Accounting Manager+) SQL Injection
The WP ERP | Complete HR solution with recruitment & job listings | WooCommerce CRM & Accounting plugin for WordPress is vulnerable to time-based SQL Injection via the erp/v1/accounting/v1/transactions/sales REST API endpoint in all versions up to, and including, 1.13.0 due to insufficient escapi...
Successful user login events are not added to the audit log when using a personal access token
h3. Issue Summary When users authenticate on Jira, this information should be added as new events on the audit log when full coverage is enabled for the Security category. Requests made with personal access tokens PAT for REST API won't create a new entry on the audit log. h3. Steps to Reproduce...