Security
Headlines
HeadlinesLatestCVEs

Source

CVE

CVE-2022-46337

A cleverly devised username might bypass LDAP authentication checks. In LDAP-authenticated Derby installations, this could let an attacker fill up the disk by creating junk Derby databases. In LDAP-authenticated Derby installations, this could also allow the attacker to execute malware which was visible to and executable by the account which booted the Derby server. In LDAP-protected databases which weren't also protected by SQL GRANT/REVOKE authorization, this vulnerability could also let an attacker view and corrupt sensitive data and run sensitive database functions and procedures. Mitigation: Users should upgrade to Java 21 and Derby 10.17.1.0. Alternatively, users who wish to remain on older Java versions should build their own Derby distribution from one of the release families to which the fix was backported: 10.16, 10.15, and 10.14. Those are the releases which correspond, respectively, with Java LTS versions 17, 11, and 8.

CVE
Open in Source
#sql#vulnerability#java#ldap#auth
CVE-2023-3379: VDE-2023-015 | CERT@VDE

Wago web-based management of multiple products has a vulnerability which allows an local authenticated attacker to change the passwords of other non-admin users and thus to escalate non-root privileges.

CVE-2023-5341: cve-details

A heap use-after-free flaw was found in coders/bmp.c in ImageMagick.

CVE-2023-41129: WordPress Patreon WordPress plugin <= 1.8.6 - Cross Site Request Forgery (CSRF) vulnerability - Patchstack

Cross-Site Request Forgery (CSRF) vulnerability in Patreon Patreon WordPress.This issue affects Patreon WordPress: from n/a through 1.8.6.

CVE-2023-32514: WordPress Google Site Verification plugin using Meta Tag plugin <= 1.2 - Cross Site Request Forgery (CSRF) vulnerability - Patchstack

Cross-Site Request Forgery (CSRF) vulnerability in Himanshu Parashar Google Site Verification plugin using Meta Tag.This issue affects Google Site Verification plugin using Meta Tag: from n/a through 1.2.

CVE-2023-32504: WordPress Wise Chat plugin <= 3.1.3 - Cross Site Request Forgery (CSRF) vulnerability - Patchstack

Cross-Site Request Forgery (CSRF) vulnerability in Kainex Wise Chat.This issue affects Wise Chat: from n/a through 3.1.3.

CVE-2023-32245: WordPress Essential Addons for Elementor Pro plugin <= 5.4.8 - Unauthenticated Server Side Request Forgery (SSRF) vulnerability - Patchstack

Cross-Site Request Forgery (CSRF) vulnerability in WPDeveloper Essential Addons for Elementor Pro.This issue affects Essential Addons for Elementor Pro: from n/a through 5.4.8.

CVE-2023-31089: WordPress Video XML Sitemap Generator plugin <= 1.0.0 - Cross Site Request Forgery (CSRF) vulnerability - Patchstack

Cross-Site Request Forgery (CSRF) vulnerability in Tradebooster Video XML Sitemap Generator.This issue affects Video XML Sitemap Generator: from n/a through 1.0.0.

CVE-2023-31075: WordPress Easy Hide Login plugin <= 1.0.8 - Cross Site Request Forgery (CSRF) vulnerability - Patchstack

Cross-Site Request Forgery (CSRF) vulnerability in Arshid Easy Hide Login.This issue affects Easy Hide Login: from n/a through 1.0.8.

CVE-2023-28780: WordPress Yoast SEO: Local plugin <= 14.8 - Cross Site Request Forgery (CSRF) vulnerability - Patchstack

Cross-Site Request Forgery (CSRF) vulnerability in Yoast Yoast Local Premium.This issue affects Yoast Local Premium: from n/a through 14.8.