SUSE CVE-2014-9749

Squid 3.4.4 through 3.4.11 and 3.5.0.1 through 3.5.1, when Digest authentication is used, allow remote authenticated users to retain access by leveraging a stale nonce, aka "Nonce replay vulnerability."...

SUSE CVE-2015-5311

PowerDNS aka pdns Authoritative Server 3.4.4 before 3.4.7 allows remote attackers to cause a denial of service assertion failure and server crash via crafted query packets...

PT-2023-15172 · Unknown · Jeecg-Boot

Name of the Vulnerable Software and Affected Versions: Jeecg-boot version 3.4.4 Description: A SQL injection issue was found in the component /sys/dict/queryTableData. This allows for potential exploitation. A patch was released to address this issue. Recommendations: For Jeecg-boot version 3.4.4...

Cloudflare GoFlow vulnerable to a Denial of Service in the sflow packet handling package

Impact The sflow decode package prior to version 3.4.4 does not employ sufficient packet sanitisation which can lead to a denial of service attack. Attackers can craft malformed packets causing the process to consume huge amounts of memory resulting in a denial of service. Specific Go Packages...

PT-2022-17186 · Unknown · Sflow Decode Package

Name of the Vulnerable Software and Affected Versions: sflow decode package versions prior to 3.4.4 Description: The issue is related to insufficient packet sanitization in the sflow decode package, which can lead to a denial of service attack. Attackers can craft malformed packets, causing the...

GoFlow 资源管理错误漏洞

GoFlow is an open source NetFlow/IPFIX/sFlow collector in Go by Cloudflare. A resource management error vulnerability exists in GoFlow versions prior to 3.4.4, which stems from insufficient packet cleanup and processes consuming large amounts of memory, leading to denial of service attacks...

WordPress Plugin WP-Filebase Download Manager 跨站脚本漏洞

WordPress and WordPress plugin are both products of the WordPress Foundation. WordPress is a set of blogging platforms developed using the PHP language. WordPress plugin is an application plugin. WordPress Plugin WP-Filebase Download Manager version 3.4.4 contains a cross-site scripting...

Server side request forgery in gibbon

Gibbon v3.4.3 and below allows attackers to execute a Server-Side Request Forgery SSRF via a crafted URL. This issue has been resolved in version 3.4.4...

Gibbon 代码问题漏洞

Gibbon is a school platform that solves real-world problems that educators encounter every day. A security vulnerability exists in Gibbon version v3.4.4 and prior versions. An attacker performs server-side request forgery SSRF via a crafted URL...

WordPress WP Content Copy Protection & No Right Click Plugin < 3.4.5 CSRF Vulnerability

The WordPress plugin Copyright C 2022 Greenbone Networks GmbH Some text descriptions might be excerpted from a referenced sources, and are Copyright C by the respective right holders. SPDX-License-Identifier: GPL-2.0-or-later This program is free software; you can redistribute it and/or modify it...

OPENSUSE-SU-2022:23018-1 Security update for conmon, libcontainers-common, libseccomp, podman

This update for conmon, libcontainers-common, libseccomp, podman fixes the following issues: podman was updated to 3.4.4. Security issues fixed: - fix CVE-2021-41190 bsc1193273, opencontainers: OCI manifest and index parsing confusion - fix CVE-2021-4024 bsc1193166, podman machine spawns gvproxy...

CVE-2022-23983

Cross-Site Request Forgery CSRF vulnerability leading to plugin Settings Update discovered in WP Content Copy Protection & No Right Click WordPress plugin versions = 3.4.4...

CVE-2022-23983

Cross-Site Request Forgery CSRF vulnerability leading to plugin Settings Update discovered in WP Content Copy Protection & No Right Click WordPress plugin versions = 3.4.4...

Privilege escalation

Flask-AppBuilder is an application development framework, built on top of the Flask web framework. In affected versions there exists a user enumeration vulnerability. This vulnerability allows for a non authenticated user to enumerate existing accounts by timing the response time from the server...

PYSEC-2022-24

Flask-AppBuilder is an application development framework, built on top of the Flask web framework. In affected versions there exists a user enumeration vulnerability. This vulnerability allows for a non authenticated user to enumerate existing accounts by timing the response time from the server...

CVE-2022-21659 Observable Response Discrepancy in Flask-AppBuilder

Flask-AppBuilder is an application development framework, built on top of the Flask web framework. In affected versions there exists a user enumeration vulnerability. This vulnerability allows for a non authenticated user to enumerate existing accounts by timing the response time from the server...

Security fix for the ALT Linux 9 package wireshark version 3.4.4-alt1

3.4.4-alt1 built April 12, 2021 Anton Farygin in task 269126 March 17, 2021 Anton Farygin - 3.4.4 Fixes: CVE-2021-22191...

Uncanny Owl Tin Canny LearnDash Reporting Cross-Site Scripting Vulnerability

Uncanny Owl Tin Canny LearnDash Reporting is a plugin from Uncanny Owl Canada that provides learning record storage functionality for Wordpress. Uncanny Owl Tin Canny LearnDash Reporting before 3.4.4 has a security vulnerability that originates from the following script or parameter: searchkey GE...

Atlassian Crowd 2.1.x < 3.0.5 / 3.1.x < 3.1.6 / 3.2.x < 3.2.8 / 3.3.x < 3.3.5 / 3.4.x < 3.4.4 RCE (direct check)

The version of Atlassian Crowd installed on the remote host is affected by a remote code execution RCE vulnerability. An unauthenticated, remote attacker can exploit this, by using pdkinstall development plugin, to install arbitrary plugins, which permits remote code execution. TRUSTED...

DEBIAN-CVE-2020-1930

A command execution issue was found in Apache SpamAssassin prior to 3.4.3. Carefully crafted nefarious rule configuration .cf files can be configured to run system commands similar to CVE-2018-11805. With this bug unpatched, exploits can be injected in a number of scenarios including the same...