Wire-server prior 2021-08-16 Authorization Header improper authorization

A vulnerability was found in Wire-server. It has been rated as critical. Affected by this issue is an unknown part of the component Authorization Header Handler. Upgrading to version 2021-08-16 eliminates this vulnerability. A possible mitigation has been published before and not just after the disclosure of the vulnerability.

Common Vulnerabilityies and Exposures

Contact us to get started

CVE-2024-4315 : PARISNEO LOLLMS UP TO 9.7 SANITIZE_PATH_FROM_ENDPOINT FILENAME CONTROL

CVE-2024-4315 : PARISNEO LOLLMS UP TO 9.7 SANITIZE_PATH_FROM_ENDPOINT FILENAME CONTROL

Description parisneo/lollms version 9.5 is vulnerable to Local File Inclusion (LFI) attacks due to insufficient path sanitization. The `sanitize_path_from_endpoint` function

CVE-2024-36454 : FSAS TECHNOLOGIES IPCOM EX2/IPCOM VE2 UP TO V01L07NF0201 PACKET UNINITIALIZED RESOURCE

CVE-2024-36454 : FSAS TECHNOLOGIES IPCOM EX2/IPCOM VE2 UP TO V01L07NF0201 PACKET UNINITIALIZED RESOURCE

Description Use of uninitialized resource issue exists in IPCOM EX2 Series (V01L0x Series) V01L07NF0201 and earlier, and IPCOM VE2 Series

CVE-2024-34762 : WPENGINE ADVANCED CUSTOM FIELDS PRO PLUGIN UP TO 6.2.9 ON WORDPRESS PATH TRAVERSAL

CVE-2024-34762 : WPENGINE ADVANCED CUSTOM FIELDS PRO PLUGIN UP TO 6.2.9 ON WORDPRESS PATH TRAVERSAL

Description Vulnerability discovered by executing a planned security audit. Improper Limitation of a Pathname to a Restricted Directory (‘Path Traversal’)