8 matches found
WordPress Download Manager plugin <= 3.3.49 - Missing Authorization to Authenticated (Subscriber+) User Email Enumeration via 'user' Parameter vulnerability
Missing Authorization to Authenticated Subscriber+ User Email Enumeration via 'user' Parameter vulnerability discovered by Quốc Huy jtwings - Puramu in WordPress Plugin Download Manager versions = 3.3.49...
[BSA-121] Security Update for python-django
Colin Watson uploaded new packages for python-django which fixed the following security problems: CVE-2024-45230 Potential denial-of-service vulnerability in django.utils.html.urlize. urlize and urlizetrunc were subject to a potential denial-of-service attack via very large inputs with a specific...
openSUSE Security Advisory (SUSE-SU-2024:3161-1)
The remote host is missing an update for the SPDX-FileCopyrightText: 2024 Greenbone AG Some text descriptions might be excerpted from a referenced sources, and are Copyright C by the respective right holders. SPDX-License-Identifier: GPL-2.0-only ifdescription...
SUSE SLES15 / openSUSE 15 Security Update : python-Django (SUSE-SU-2024:3161-1)
The remote SUSE Linux SLES15 / openSUSE 15 host has a package installed that is affected by multiple vulnerabilities as referenced in the SUSE-SU-2024:3161-1 advisory. - CVE-2024-45230: Fixed potential denial-of-service vulnerability in django.utils.html.urlize. bsc1229823 - CVE-2024-45231: Fixed...
Django 4.x < 4.2.16, 5.0.x < 5.0.9, 5.1.x < 5.1.1 Multiple Vulnerabilities - Linux
Django is prone to multiple vulnerabilities. SPDX-FileCopyrightText: 2024 Greenbone AG Some text descriptions might be excerpted from a referenced sources, and are Copyright C by the respective right holders. SPDX-License-Identifier: GPL-2.0-only CPE = "cpe:/a:djangoproject:django"; if descriptio...
SUSE-SU-2024:3139-1 Security update for python-Django
This update for python-Django fixes the following issues: - CVE-2024-45230: Fixed potential denial-of-service vulnerability in django.utils.html.urlize. bsc1229823 - CVE-2024-45231: Fixed potential user email enumeration via response status on password reset. bsc1229824...
GHSA-JFCH-M2X3-2V66 Liferay Portal and Liferay DXP insecure default configuration
Insecure default configuration in portal services implementation before 5.11.0 in Liferay Portal 6.2.3 through 7.3.2, and Liferay DXP before 7.3, allows remote attackers to enumerate user email address via the forgot password functionality. The portal.property login.secure.forgot.password should ...
MODX CMS 2.x < 2.5.7 Multiple Vulnerabilities
MODX CMS is prone to multiple vulnerabilities. SPDX-FileCopyrightText: 2017 Greenbone AG Some text descriptions might be excerpted from a referenced sources, and are Copyright C by the respective right holders. SPDX-License-Identifier: GPL-2.0-only CPE = "cpe:/a:modx:revolution"; if description...