18 matches found
CVE-2023-23937
Pimcore is an Open Source Data & Experience Management Platform: PIM, MDM, CDP, DAM, DXP/CMS & Digital Commerce. The upload functionality for updating user profile does not properly validate the file content-type, allowing any authenticated user to bypass this security check by adding a valid...
CVE-2023-23937
Pimcore is an Open Source Data & Experience Management Platform: PIM, MDM, CDP, DAM, DXP/CMS & Digital Commerce. The upload functionality for updating user profile does not properly validate the file content-type, allowing any authenticated user to bypass this security check by adding a valid...
Design/Logic Flaw
Pimcore is an Open Source Data & Experience Management Platform: PIM, MDM, CDP, DAM, DXP/CMS & Digital Commerce. The upload functionality for updating user profile does not properly validate the file content-type, allowing any authenticated user to bypass this security check by adding a valid...
CVE-2023-23937
CVE-2023-23937 affects Pimcore/pimcore. The issue is in the upload functionality for updating a user profile, where content-type validation is insufficient, allowing an authenticated user to bypass checks by supplying a valid signature (e.g., GIF89) and sending mismatched content-type. This can e...
CVE-2023-23937 Missing file upload type validation in pimcore/pimcore
Pimcore is an Open Source Data & Experience Management Platform: PIM, MDM, CDP, DAM, DXP/CMS & Digital Commerce. The upload functionality for updating user profile does not properly validate the file content-type, allowing any authenticated user to bypass this security check by adding a valid...
Security Bulletin: CVE-2022-27452
Summary MariaDB Server v10.9 and below was discovered to contain a segmentation fault via the component sql/itemcmpfunc.cc, which is backported and fixed in 10.5.16 Vulnerability Details CVEID:CVE-2022-27452 DESCRIPTION: MariaDB Server is vulnerable to a denial of service, caused by a flaw in the...
MariaDB DoS Vulnerability (MDEV-26412) - Windows
MariaDB is prone to a denial of service DoS vulnerability. SPDX-FileCopyrightText: 2022 Greenbone AG Some text descriptions might be excerpted from a referenced sources, and are Copyright C by the respective right holders. SPDX-License-Identifier: GPL-2.0-only CPE = "cpe:/a:mariadb:mariadb"; if...
MariaDB DoS Vulnerability (MDEV-26047 - 2) - Windows
MariaDB is prone to a denial of service DoS vulnerability. SPDX-FileCopyrightText: 2022 Greenbone AG Some text descriptions might be excerpted from a referenced sources, and are Copyright C by the respective right holders. SPDX-License-Identifier: GPL-2.0-only CPE = "cpe:/a:mariadb:mariadb"; if...
MariaDB DoS Vulnerability (MDEV-28080) - Linux
MariaDB is prone to a denial of service DoS vulnerability. SPDX-FileCopyrightText: 2022 Greenbone AG Some text descriptions might be excerpted from a referenced sources, and are Copyright C by the respective right holders. SPDX-License-Identifier: GPL-2.0-only CPE = "cpe:/a:mariadb:mariadb"; if...
MariaDB Multiple Use-After-Free Vulnerabilities (MDEV-28099) - Linux
MariaDB is prone to multiple use-after-free vulnerabilities. SPDX-FileCopyrightText: 2022 Greenbone AG Some text descriptions might be excerpted from a referenced sources, and are Copyright C by the respective right holders. SPDX-License-Identifier: GPL-2.0-only CPE = "cpe:/a:mariadb:mariadb"; if...
SUSE-SU-2022:2003-1 Security update for mariadb
This update for mariadb fixes the following issues: Update to 10.5.16 bsc1199928: - CVE-2021-46669 bsc1199928 - CVE-2022-27376 bsc1198628 - CVE-2022-27377 bsc1198603 - CVE-2022-27378 bsc1198604 - CVE-2022-27379 bsc1198605 - CVE-2022-27380 bsc1198606 - CVE-2022-27381 bsc1198607 - CVE-2022-27382...
MariaDB DoS Vulnerability (MDEV-26423) - Linux
MariaDB is prone to a denial of service DoS vulnerability. SPDX-FileCopyrightText: 2022 Greenbone AG Some text descriptions might be excerpted from a referenced sources, and are Copyright C by the respective right holders. SPDX-License-Identifier: GPL-2.0-only CPE = "cpe:/a:mariadb:mariadb"; if...
MariaDB Use-After-Free Vulnerability (MDEV-26323) - Windows
MariaDB is prone to a use-after-free vulnerability. SPDX-FileCopyrightText: 2022 Greenbone AG Some text descriptions might be excerpted from a referenced sources, and are Copyright C by the respective right holders. SPDX-License-Identifier: GPL-2.0-only CPE = "cpe:/a:mariadb:mariadb"; if...
MariaDB DoS Vulnerability (MDEV-26406) - Linux
MariaDB is prone to a denial of service DoS vulnerability. SPDX-FileCopyrightText: 2022 Greenbone AG Some text descriptions might be excerpted from a referenced sources, and are Copyright C by the respective right holders. SPDX-License-Identifier: GPL-2.0-only CPE = "cpe:/a:mariadb:mariadb"; if...
MariaDB Use-After-Free Vulnerability (MDEV-26354) - Windows
MariaDB is prone to a use-after-free vulnerability. SPDX-FileCopyrightText: 2022 Greenbone AG Some text descriptions might be excerpted from a referenced sources, and are Copyright C by the respective right holders. SPDX-License-Identifier: GPL-2.0-only CPE = "cpe:/a:mariadb:mariadb"; if...
MariaDB DoS Vulnerability (MDEV-26061) - Windows
MariaDB is prone to a denial of service DoS vulnerability. SPDX-FileCopyrightText: 2022 Greenbone AG Some text descriptions might be excerpted from a referenced sources, and are Copyright C by the respective right holders. SPDX-License-Identifier: GPL-2.0-only CPE = "cpe:/a:mariadb:mariadb"; if...
MariaDB DoS Vulnerability (MDEV-26280) - Windows
MariaDB is prone to a denial of service DoS vulnerability. SPDX-FileCopyrightText: 2022 Greenbone AG Some text descriptions might be excerpted from a referenced sources, and are Copyright C by the respective right holders. SPDX-License-Identifier: GPL-2.0-only CPE = "cpe:/a:mariadb:mariadb"; if...
MariaDB Use-After-Free Vulnerability (MDEV-26281) - Windows
MariaDB is prone to a use-after-free vulnerability. SPDX-FileCopyrightText: 2022 Greenbone AG Some text descriptions might be excerpted from a referenced sources, and are Copyright C by the respective right holders. SPDX-License-Identifier: GPL-2.0-only CPE = "cpe:/a:mariadb:mariadb"; if...