Security
Headlines
HeadlinesLatestCVEs

Tag

#auth

CVE-2021-39008: Security Bulletin: IBM QRadar Wincollect is vulnerable to using components with known vulnerabilities

IBM QRadar WinCollect Agent 10.0 through 10.1.7 could allow a privileged user to obtain sensitive information due to missing best practices. IBM X-Force ID: 213551.

CVE
Open in Source
#vulnerability#windows#dos#nodejs#js#auth#ibm#ssl
GHSA-75w2-qv55-x7fv: openssl npm package vulnerable to command execution

The openssl (aka node-openssl) NPM package through 2.0.0 was characterized as "a nonsense wrapper with no real purpose" by its author, and accepts an opts argument that contains a verb field (used for command execution). NOTE: This vulnerability only affects products that are no longer supported by the maintainer.

CVE-2023-47529: WordPress Cloud Templates & Patterns collection plugin <= 1.2.2 - Sensitive Data Exposure via Log File vulnerability - Patchstack

Exposure of Sensitive Information to an Unauthorized Actor vulnerability in ThemeIsle Cloud Templates & Patterns collection.This issue affects Cloud Templates & Patterns collection: from n/a through 1.2.2.

CVE-2023-47244: WordPress Email Marketing for WooCommerce by Omnisend plugin <= 1.13.8 - Sensitive Data Exposure vulnerability - Patchstack

Exposure of Sensitive Information to an Unauthorized Actor vulnerability in Omnisend Email Marketing for WooCommerce by Omnisend.This issue affects Email Marketing for WooCommerce by Omnisend: from n/a through 1.13.8.

CVE-2023-49210: Package openssl: Function exec is called (#41) and a single argument ("command") is passed to the function, enabling the injection of commands. The package's exported openssl() function (see index.js

The openssl (aka node-openssl) NPM package through 2.0.0 was characterized as "a nonsense wrapper with no real purpose" by its author, and accepts an opts argument that contains a verb field (used for command execution). NOTE: This vulnerability only affects products that are no longer supported by the maintainer.

CVE-2023-49208: Check key length before parsing it in FIDO2 attestation registration · babelouest/glewlwyd@f9d8c06

scheme/webauthn.c in Glewlwyd SSO server before 2.7.6 has a possible buffer overflow during FIDO2 credentials validation in webauthn registration.

Telekopye Toolkit Used as Telegram Bot to Scam Marketplace Users

By Deeba Ahmed Telekopye Toolkit was previously identified in August 2023 as being leveraged for a phishing scam by Russian cybercriminals. This is a post from HackRead.com Read the original post: Telekopye Toolkit Used as Telegram Bot to Scam Marketplace Users

CVE-2022-44010: Security Changelog | ClickHouse Docs

An issue was discovered in ClickHouse before 22.9.1.2603. An attacker could send a crafted HTTP request to the HTTP Endpoint (usually listening on port 8123 by default), causing a heap-based buffer overflow that crashes the process. This does not require authentication. The fixed versions are 22.9.1.2603, 22.8.2.11, 22.7.4.16, 22.6.6.16, and 22.3.12.19.

CVE-2022-44011: Fast Open-Source OLAP DBMS - ClickHouse

An issue was discovered in ClickHouse before 22.9.1.2603. An authenticated user (with the ability to load data) could cause a heap buffer overflow and crash the server by inserting a malformed CapnProto object. The fixed versions are 22.9.1.2603, 22.8.2.11, 22.7.4.16, 22.6.6.16, and 22.3.12.19.

CVE-2023-41786

Exposure of Sensitive Information to an Unauthorized Actor vulnerability in Pandora FMS on all allows File Discovery. This vulnerability allows users with low privileges to download database backups. This issue affects Pandora FMS: from 700 through 772.