Security Bulletin: Apache Kafka as used by IBM QRadar SIEM is vulnerable to information disclosure (CVE-2019-12399)

Summary Apache Kafka as used by IBM QRadar SIEM is vulnerable to information disclosure . IBM has addressed the relevant vulnerability. Vulnerability Details CVEID:CVE-2019-12399 DESCRIPTION: Apache Kafka could allow a remote attacker to obtain sensitive information, caused by a flaw in the Conne...

Atlassian Crowd 3.x / 4.x < 4.4.4 / 5.x < 5.0.3 Security Bypass (CWD-5888)

The version of Atlassian Crowd installed on the remote host is 3.x, 4.x prior to 4.4.4, or 5.x prior to 5.0.3. It is, therefore, affected by a security bypass vulnerability due to security misconfiguration. An unauthenticated, remote attacker can exploit this by authenticating as the crowd...

GLPI 9.1 < 9.5.6 Rest API IP Restriction Bypass

GLPI in version 9.1 9.5.6 with API Rest enabled is vulnerable to API bypass with custom header injection. No source data...

MTN Group: Wordpress users Disclosure [ /wp-json/wp/v2/users/ ] Not Resolved ()

On this report's 735586 You closed the report and changed the status to Resolved. But it's Not Resolved The Bug It's Still there url: https://www.mtn.com/wp-json/wp/v2/users/ Sorry to say this still i can reproduce this issue please remove /wp-json/wp/v2/users/ file if your domain dont use that...

Atlassian Addresses Issues in Crowd and Bitbucket Products

Threat Level Vulnerability Report For a detailed threat advisory, download the pdf file here Summary Atlassian has two security holes that can be abused to allow arbitrary code execution. CVE-2022-43782 allows an intruder connecting from an IP address on the allow list to authenticate as the crow...

Vulnerabilities fixed in XWiki

Vulnerabilities have been fixed in XWiki. A malicious person can by importing a prepared XAR file can exploit the exploit the vulnerability to view or edit any page, whereas it should be editing, when it should not be available to the malicious party. Also, potentially sensitive information can b...

CVE-2022-45073

Cross-Site Request Forgery CSRF vulnerability in REST API Authentication plugin = 2.4.0 on WordPress...

CVE-2022-45132

In Linaro Automated Validation Architecture LAVA before 2022.11.1, remote code execution can be achieved through user-submitted Jinja2 template. The REST API endpoint for validating device configuration files in lava-server loads input as a Jinja2 template in a way that can be used to trigger...

CVE-2022-45132

In Linaro Automated Validation Architecture LAVA before 2022.11.1, remote code execution can be achieved through user-submitted Jinja2 template. The REST API endpoint for validating device configuration files in lava-server loads input as a Jinja2 template in a way that can be used to trigger...

CVE-2022-45132

In Linaro Automated Validation Architecture LAVA before 2022.11.1, remote code execution can be achieved through user-submitted Jinja2 template. The REST API endpoint for validating device configuration files in lava-server loads input as a Jinja2 template in a way that can be used to trigger...

Cross site request forgery (csrf)

Cross-Site Request Forgery CSRF vulnerability in REST API Authentication plugin = 2.4.0 on WordPress...

Remote code execution

In Linaro Automated Validation Architecture LAVA before 2022.11.1, remote code execution can be achieved through user-submitted Jinja2 template. The REST API endpoint for validating device configuration files in lava-server loads input as a Jinja2 template in a way that can be used to trigger...

CVE-2022-45073 WordPress REST API Authentication plugin <= 2.4.0 - Cross-Site Request Forgery (CSRF) vulnerability

Cross-Site Request Forgery CSRF vulnerability in REST API Authentication plugin = 2.4.0 on WordPress...

CVE-2022-45073

CVE-2022-45073 describes a CSRF vulnerability in the WordPress REST API Authentication plugin (versions ≤ 2.4.0). The issue arises from the plugin not performing CSRF checks when updating settings, potentially allowing an authenticated attacker to trigger unintended settings changes through forge...

CVE-2022-45073 WordPress REST API Authentication plugin <= 2.4.0 - Cross-Site Request Forgery (CSRF) vulnerability

Cross-Site Request Forgery CSRF vulnerability in REST API Authentication plugin = 2.4.0 on WordPress...

CVE-2022-45132

In Linaro Automated Validation Architecture LAVA before 2022.11.1, remote code execution can be achieved through user-submitted Jinja2 template. The REST API endpoint for validating device configuration files in lava-server loads input as a Jinja2 template in a way that can be used to trigger...

CVE-2022-45132

CVE-2022-45132 affects LAVA (Linaro Automated Validation Architecture) prior to 2022.11.1. The REST API endpoint that validates device configuration files loads user input as a Jinja2 template, enabling remote code execution on the LAVA server via a crafted template. Affected component: lava-serv...

WordPress plugin REST API Authentication 跨站请求伪造漏洞

WordPress and WordPress plugin are both products of the WordPress Foundation.WordPress is a blogging platform developed using the PHP language. The platform supports personal blog sites on servers running PHP and MySQL.WordPress plugin is an application plugin. A security vulnerability exists in...

CVE-2022-45132

In Linaro Automated Validation Architecture LAVA before 2022.11.1, remote code execution can be achieved through user-submitted Jinja2 template. The REST API endpoint for validating device configuration files in lava-server loads input as a Jinja2 template in a way that can be used to trigger...

CVE-2022-45132

In Linaro Automated Validation Architecture LAVA before 2022.11.1, remote code execution can be achieved through user-submitted Jinja2 template. The REST API endpoint for validating device configuration files in lava-server loads input as a Jinja2 template in a way that can be used to trigger...