Design/Logic Flaw

In Eclipse Mosquitto versions 2.0 to 2.0.11, when using the dynamic security plugin, if the ability for a client to make subscriptions on a topic is revoked when a durable client is offline, then existing subscriptions for that client are not revoked...

PT-2021-6512 · Eclipse +2 · Eclipse Mosquitto +2

Name of the Vulnerable Software and Affected Versions: Eclipse Mosquitto versions 2.0 through 2.0.11 Description: The issue is related to the dynamic security plugin in Eclipse Mosquitto. When the ability for a client to make subscriptions on a topic is revoked while a durable client is offline,...

CVE-2021-34434

In Eclipse Mosquitto, CVE-2021-34434 affects versions 2.0 to 2.0.11 when using the dynamic security plugin: if a client’s ability to subscribe is revoked while a durable client is offline, existing subscriptions for that client are not revoked. Multiple connected advisories confirm the issue and ...

CVE-2021-34434

In Eclipse Mosquitto versions 2.0 to 2.0.11, when using the dynamic security plugin, if the ability for a client to make subscriptions on a topic is revoked when a durable client is offline, then existing subscriptions for that client are not revoked...

CVE-2021-37708

Shopware is an open source eCommerce platform. Versions prior to 6.4.3.1 contain a command injection vulnerability in mail agent settings. Version 6.4.3.1 contains a patch. As workarounds for older versions of 6.1, 6.2, and 6.3, corresponding security measures are also available via a plugin...

PT-2021-21826 · Shopware · Shopware

Name of the Vulnerable Software and Affected Versions: Shopware versions prior to 6.4.3.1 Description: The issue is related to a command injection vulnerability in mail agent settings. This vulnerability affects Shopware, an open source eCommerce platform. There is no information provided about t...

Private files publicly accessible with Cloud Storage providers

Impact Private files publicly accessible with Cloud Storage providers when the hashed URL is known Patches We recommend first changing your configuration to set the correct visibility according to the documentation. The visibility must be at the same level as type. When the Storage is saved on...

CVE-2021-32717

Shopware is an open source eCommerce platform. In versions prior to 6.4.1.1 private files publicly accessible with Cloud Storage providers when the hashed URL is known. Users are recommend to first change their configuration to set the correct visibility according to the documentation. The...

CVE-2021-32717

Shopware is an open source eCommerce platform. In versions prior to 6.4.1.1 private files publicly accessible with Cloud Storage providers when the hashed URL is known. Users are recommend to first change their configuration to set the correct visibility according to the documentation. The...

Design/Logic Flaw

Shopware is an open source eCommerce platform. In versions prior to 6.4.1.1 private files publicly accessible with Cloud Storage providers when the hashed URL is known. Users are recommend to first change their configuration to set the correct visibility according to the documentation. The...

CVE-2021-32717 Private files publicly accessible with Cloud Storage providers

Shopware is an open source eCommerce platform. In versions prior to 6.4.1.1 private files publicly accessible with Cloud Storage providers when the hashed URL is known. Users are recommend to first change their configuration to set the correct visibility according to the documentation. The...

PT-2021-19880 · Shopware · Shopware

Name of the Vulnerable Software and Affected Versions: Shopware versions prior to 6.4.1.1 Description: The admin API has exposed some internal hidden fields when an association has been loaded with a to many reference. Users are recommended to update to version 6.4.1.1. The update to 6.4.1.1 can ...

MGASA-2021-0263 Updated gsoap packages fix security vulnerabilities

A denial-of-service vulnerability exists in the WS-Security plugin functionality of Genivia gSOAP 2.8.107. A specially crafted SOAP request can lead to denial of service. An attacker can send an HTTP request to trigger this vulnerability CVE-2020-13574. A denial-of-service vulnerability exists in...

CVE-2021-24328

The WP Login Security and History WordPress plugin through 1.0 did not have CSRF check when saving its settings, not any sanitisation or validation on them. This could allow attackers to make logged in administrators change the plugin's settings to arbitrary values, and set XSS payloads on them a...

Information leakage in Error Handler

Impact Information leakage in Error Handler Patches We recommend updating to the current version 5.6.10. You can get the update to 5.6.10 regularly via the Auto-Updater or directly via the download overview. For older versions you can use the Security Plugin:...

Authenticated Stored XSS in Administration

Impact Authenticated Stored XSS in Administration Patches We recommend updating to the current version 5.6.10. You can get the update to 5.6.10 regularly via the Auto-Updater or directly via the download overview. For older versions you can use the Security Plugin:...

GHSA-F6P7-8XFW-FJQQ Authenticated Stored XSS in Administration

Impact Authenticated Stored XSS in Administration Patches We recommend updating to the current version 5.6.10. You can get the update to 5.6.10 regularly via the Auto-Updater or directly via the download overview. For older versions you can use the Security Plugin:...

WordPress plugin cross-site scripting vulnerability (CNVD-2021-36529)

WordPress is the Wordpress Foundation's set of blogging platform developed using the PHP language . The platform supports PHP and MySQL servers to set up a personal blog site.WordPress Plugin is a WordPress open source application plugin . A cross-site scripting vulnerability exists in the...

Jenkins Templating Engine Plugin Remote Code Execution Vulnerability

Jenkins is a Jenkins open source application . An open source automation server Jenkins provides hundreds of plug-ins to support building, deploying and automating any project . Jenkins Templating Engine Plugin in version 2.1 and earlier versions of a security vulnerability , the vulnerability...

CVE-2021-21646

Jenkins Templating Engine Plugin 2.1 and earlier does not protect its pipeline configurations using Script Security Plugin, allowing attackers with Job/Configure permission to execute arbitrary code in the context of the Jenkins controller JVM...