In OpenBMC 2.9, crafted IPMI messages allow an attacker to bypass authentication and gain full control of the system. Date published : 2021-09-09 https://github.com/google/security-research/security/advisories/GHSA-gg9x-v835-m48q https://github.com/openbmc/openbmc
Pomerium is an open source identity-aware access proxy. Envoy, which Pomerium is based on, contains two authorization related vulnerabilities CVE-2021-32777 and CVE-2021-32779. This may lead to incorrect routing or authorization policy decisions. With specially...
Pomerium is an open source identity-aware access proxy. Envoy, which Pomerium is based on, incorrectly handles resetting of HTTP/2 streams with excessive complexity. This can lead to high CPU utilization when a large number...
WordPress is a free and open-source content management system written in PHP and paired with a MySQL or MariaDB database. In affected versions authenticated users who don’t have permission to view private post types/data...
WordPress is a free and open-source content management system written in PHP and paired with a MySQL or MariaDB database. In affected versions the widgets editor introduced in WordPress 5.8 beta 1 has improper...
WordPress is a free and open-source content management system written in PHP and paired with a MySQL or MariaDB database. ### Impact The issue allows an authenticated but low-privileged user (like contributor/author) to execute...
WordPress is a free and open-source content management system written in PHP and paired with a MySQL or MariaDB database. In affected versions output data of the function wp_die() can be leaked under certain...
Pomerium is an open source identity-aware access proxy. Envoy, which Pomerium is based on, can abnormally terminate if an H/2 GOAWAY and SETTINGS frame are received in the same IO event. This can lead...
FUEL CMS 1.5.0 allows SQL Injection via parameter ‘col’ in /fuel/index.php/fuel/logs/items Date published : 2021-09-09 https://github.com/daylightstudio/FUEL-CMS/issues/582 https://streamable.com/lxw3ln
Fuel CMS 1.5.0 has a brute force vulnerability in fuel/modules/fuel/controllers/Login.php Date published : 2021-09-09 https://github.com/daylightstudio/FUEL-CMS/commit/15934fdd309408640d1f2be18f93a8beadaa5e9b https://github.com/daylightstudio/FUEL-CMS/issues/581
FUEL CMS 1.5.0 allows SQL Injection via parameter ‘col’ in /fuel/index.php/fuel/pages/items Date published : 2021-09-09 https://github.com/daylightstudio/FUEL-CMS/issues/583
FUEL CMS 1.5.0 login.php contains a cross-site request forgery (CSRF) vulnerability Date published : 2021-09-09 https://github.com/daylightstudio/FUEL-CMS/commit/6164cd794674d4d74da39f8b535ff588ab006e33 https://github.com/daylightstudio/FUEL-CMS/issues/584
The variable import endpoint was not protected by authentication in Airflow >=2.0.0, =2.0.0,
A stack-based buffer overflow vulnerability in Advantech WebAccess Versions 9.02 and prior caused by a lack of proper validation of the length of user-supplied data may allow remote code execution. Date published : 2021-09-09...