Trend Micro Apex One, Trend Micro OfficeScan (OSCE), Trend Micro Worry-Free Business Security (WFBS) Security Vulnerabilities

OpenFGA denial of service in github.com/openfga/openfga

OpenFGA denial of service in...

Go package github.com/notaryproject/notation configured with permissive trust policies potentially susceptible to rollback attack from compromised registry

Go package github.com/notaryproject/notation configured with permissive trust policies potentially susceptible to rollback attack from compromised...

Apache Answer Race Condition vulnerability in github.com/apache/incubator-answer

Apache Answer Race Condition vulnerability in...

Mattermost notified all users in the channel when using WebSockets to respond individually in github.com/mattermost/mattermost-server

Mattermost notified all users in the channel when using WebSockets to respond individually in...

Moby (Docker Engine) Insufficiently restricted permissions on data directory in github.com/docker/docker

Moby (Docker Engine) Insufficiently restricted permissions on data directory in...

Teleport Access List owners can escalate their privileges in github.com/gravitational/teleport

Teleport Access List owners can escalate their privileges in...

Ingress-nginx code injection via nginx.ingress.kubernetes.io/permanent-redirect annotation in k8s.io/ingress-nginx

Ingress-nginx code injection via nginx.ingress.kubernetes.io/permanent-redirect annotation in...

Mattermost race condition in github.com/mattermost/mattermost-server

Mattermost race condition in...

Rancher permissions on 'namespaces' in any API group grants 'edit' permissions on namespaces in 'core' in github.com/rancher/rancher

Rancher permissions on 'namespaces' in any API group grants 'edit' permissions on namespaces in 'core' in...

Improper Restriction of Excessive Authentication Attempts in github.com/greenpau/caddy-security

Improper Restriction of Excessive Authentication Attempts in...

Etcd embed auto compaction retention negative value causing a compaction loop or a crash in go.etcd.io/etcd

Etcd embed auto compaction retention negative value causing a compaction loop or a crash in...

Dex discarding TLSconfig and always serves deprecated TLS 1.0/1.1 and insecure ciphers in github.com/dexidp/dex

Dex discarding TLSconfig and always serves deprecated TLS 1.0/1.1 and insecure ciphers in...

Mattermost Cross-site Scripting vulnerability in github.com/mattermost/mattermost-server

Mattermost Cross-site Scripting vulnerability in...

Mattermost allows attackers access to posts in channels they are not a member of in github.com/mattermost/mattermost-server

Mattermost allows attackers access to posts in channels they are not a member of in...

Mattermost allows demoted guests to change group names in github.com/mattermost/mattermost-server

Mattermost allows demoted guests to change group names in...

Mattermost viewing archived public channels permissions vulnerability in github.com/mattermost/mattermost-server

Mattermost viewing archived public channels permissions vulnerability in...

Improper Neutralization of HTTP Headers in github.com/greenpau/caddy-security

Improper Neutralization of HTTP Headers in...

Server-Side Request Forgery in github.com/greenpau/caddy-security

Server-Side Request Forgery in...

Authentik vulnerable to PKCE downgrade attack in goauthentik.io

Authentik vulnerable to PKCE downgrade attack in...

Cross-site Scripting in github.com/greenpau/caddy-security

Cross-site Scripting in...

CubeFS leaks magic secret key when starting Blobstore access service in github.com/cubefs/cubefs

CubeFS leaks magic secret key when starting Blobstore access service in...

CubeFS timing attack can leak user passwords in github.com/cubefs/cubefs

CubeFS timing attack can leak user passwords in...

Minio unsafe default: Access keys inherit `admin` of root user, allowing privilege escalation in github.com/minio/minio

Minio unsafe default: Access keys inherit admin of root user, allowing privilege escalation in...

Classic builder cache poisoning in github.com/docker/docker

Classic builder cache poisoning in...

Grafana information disclosure in github.com/grafana/grafana

Grafana information disclosure in...

Apache ServiceComb Service-Center Server-Side Request Forgery vulnerability in github.com/apache/servicecomb-service-center

Apache ServiceComb Service-Center Server-Side Request Forgery vulnerability in...

Rancher 'Audit Log' leaks sensitive information in github.com/rancher/rancher

Rancher 'Audit Log' leaks sensitive information in...

Mattermost Jira Plugin does not properly check security levels in github.com/mattermost/mattermost-plugin-jira

Mattermost Jira Plugin does not properly check security levels in...

Mattermost denial of service through long emoji value in github.com/mattermost/mattermost-server

Mattermost denial of service through long emoji value in...

Mattermost fails to check the "invite_guest" permission in github.com/mattermost/mattermost-server

Mattermost fails to check the "invite_guest" permission in...

Mattermost fails to properly restrict the access of files attached to posts in github.com/mattermost/mattermost-server

Mattermost fails to properly restrict the access of files attached to posts in...

SFTP is possible on the Proxy server for any user with SFTP access in github.com/gravitational/teleport

SFTP is possible on the Proxy server for any user with SFTP access in...

Etcd pkg Insecure ciphers are allowed by default in go.etcd.io/etcd/client/pkg/v3

Etcd pkg Insecure ciphers are allowed by default in...

Moby Docker cp broken with debian containers in github.com/moby/moby

Moby Docker cp broken with debian containers in...

Apache ServiceComb Service-Center Exposure of Sensitive Information to an Unauthorized Actor vulnerability in github.com/apache/servicecomb-service-center

Apache ServiceComb Service-Center Exposure of Sensitive Information to an Unauthorized Actor vulnerability in...

Authenticated users can crash the CubeFS servers with maliciously crafted requests in github.com/cubefs/cubefs

Authenticated users can crash the CubeFS servers with maliciously crafted requests in...

Nginx-UI vulnerable to authenticated RCE through injecting into the application config via CRLF in github.com/0xJacky/Nginx-UI

Nginx-UI vulnerable to authenticated RCE through injecting into the application config via CRLF in...

Mattermost vulnerable to denial of service via large number of emoji reactions in github.com/mattermost/mattermost-server

Mattermost vulnerable to denial of service via large number of emoji reactions in...

Insufficient Session Expiration in github.com/greenpau/caddy-security

Insufficient Session Expiration in...

Mattermost fails to limit the number of role names in github.com/mattermost/mattermost-server

Mattermost fails to limit the number of role names in...

Insecure random string generator used for sensitive data in github.com/cubefs/cubefs

Insecure random string generator used for sensitive data in...

The DES/3DES cipher was used as part of the TLS protocol by installation tools in github.com/karmada-io/karmada

The DES/3DES cipher was used as part of the TLS protocol by installation tools in...

Evmos is missing precompile checks in github.com/evmos/evmos

Evmos is missing precompile checks in...

Rancher's External RoleTemplates can lead to privilege escalation in github.com/rancher/rancher

Rancher's External RoleTemplates can lead to privilege escalation in...

Rancher's RKE1 Encryption Config kept in plain-text within cluster AppliedSpec in github.com/rancher/rancher

Rancher's RKE1 Encryption Config kept in plain-text within cluster AppliedSpec in...

Argo-cd authenticated users can enumerate clusters by name in github.com/argoproj/argo-cd

Argo-cd authenticated users can enumerate clusters by name in...

SpiceDB exclusions can result in no permission returned when permission expected in github.com/authzed/spicedb

SpiceDB exclusions can result in no permission returned when permission expected in...

ACME DNS: Azure Identity Libraries Elevation of Privilege Vulnerability in github.com/traefik/traefik

ACME DNS: Azure Identity Libraries Elevation of Privilege Vulnerability in...

AdGuardHome privilege escalation vulnerability in github.com/AdguardTeam/AdGuardHome

AdGuardHome privilege escalation vulnerability in...

Openshift/telemeter: iss check during jwt authentication can be bypassed in github.com/openshift/telemeter

Openshift/telemeter: iss check during jwt authentication can be bypassed in...