Improper Access Control in Shopware

### Impact Permissions set to sales channel context by admin-api are still useable within normal user session ### Patches We recommend updating to the current version You can get the update ...

Continue Reading
Denial of Service in http-swagger

### Impact Allows an attacker to perform a DOS attack consisting of memory exhaustion on the host system. ### Patches Yes. Please upgrade to v1.2.6. ### Workarounds A workaround is to restrict the pat ...

Continue Reading
Incorrect Default Permissions in CRI-O

### Impact A bug was found in CRI-O where containers were incorrectly started with non-empty inheritable Linux process capabilities, creating an atypical Linux environment and enabling programs with i ...

Continue Reading
Git LFS can execute a binary from the current directory on Windows

### Impact On Windows, if Git LFS operates on a malicious repository with a `..exe` file as well as a file named `git.exe`, and `git.exe` is not found in `PATH`, the `..exe` program will be executed, ...

Continue Reading

ASUS WebStorage has a hardcoded API Token in the APP source code. An unauthenticated remote attacker can use this token to establish connections with the server and carry out login attempts to general ...

Continue Reading

The CVEProject/cve-services is an open source project used to operate the CVE services api. In versions up to and including 1.1.1 the `org.conroller.js` code would erroneously log user secrets. This h ...

Continue Reading

A reflected XSS issue exists in the Management Console of several WSO2 products. This affects API Manager 2.2.0, 2.5.0, 2.6.0, 3.0.0, 3.1.0, 3.2.0, and 4.0.0; API Manager Analytics 2.2.0, 2.5.0, and 2 ...

Continue Reading

Shopware is an open commerce platform based on Symfony Framework and Vue. Permissions set to sales channel context by admin-api are still usable within normal user session. Users are advised to update ...

Continue Reading

Back to Main

Subscribe for the latest news:
Generated by Feedzy