CVE-2023-1289

A vulnerability was discovered in ImageMagick where a specially created SVG file loads itself and causes a segmentation fault. This flaw allows a remote attacker to pass a specially crafted SVG file that leads to a segmentation fault, generating many trash files in "/tmp," resulting in a denial o...

Atlassian Bitbucket 6.9.x < 6.9.1 Multiple Vulnerabilities

According to its self-reported version number, the Atlassian Bitbucket application running on the remote host is prior to 5.16.11, 6.0.x prior to 6.0.11, 6.1.x prior to 6.1.9, 6.2.x prior to 6.2.7, 6.3.x prior to 6.3.6, 6.4.x prior to 6.4.4, 6.5.x prior to 6.5.3, 6.6.x prior to 6.6.3, 6.7.x prior...

CVE-2022-43538

Vulnerabilities in the ClearPass Policy Manager web-based management interface allow remote authenticated users to run arbitrary commands on the underlying host. Successful exploits could allow an attacker to execute arbitrary commands as root on the underlying operating system leading to complet...

Aruba Networks ClearPass Policy Manager SQL注入漏洞

Aruba Networks ClearPass Policy Manager is an Aruba Networks application that provides a secure access management system for wireless networks. A security vulnerability exists in Aruba Networks ClearPass Policy Manager. An attacker could exploit this vulnerability to perform a SQL injection attac...

Aruba Networks ClearPass Policy Manager 操作系统命令注入漏洞

Aruba Networks ClearPass Policy Manager is an Aruba Networks application that provides a secure access management system for wireless networks. An operating system command injection vulnerability exists in Aruba Networks ClearPass Policy Manager. An attacker could use this vulnerability to run...

CVE-2022-23694

Vulnerabilities in the web-based management interface of ClearPass Policy Manager could allow an authenticated remote attacker to conduct SQL injection attacks against the ClearPass Policy Manager instance. An attacker could exploit these vulnerabilities to obtain and modify sensitive information...

CVE-2022-37878

Vulnerabilities in the ClearPass Policy Manager web-based management interface allow remote authenticated users to run arbitrary commands on the underlying host. A successful exploit could allow an attacker to execute arbitrary commands as root on the underlying operating system leading to comple...

PT-2022-24124 · Aruba · Aruba Clearpass Policy Manager

Name of the Vulnerable Software and Affected Versions: Aruba ClearPass Policy Manager versions 6.10.x through 6.10.6 Aruba ClearPass Policy Manager versions 6.9.x through 6.9.11 Description: Vulnerabilities in the ClearPass Policy Manager web-based management interface allow remote authenticated...

Command injection

A remote arbitrary command execution vulnerability was discovered in Aruba ClearPass Policy Manager versions: ClearPass Policy Manager 6.10.x prior to 6.10.2 - - ClearPass Policy Manager 6.9.x prior to 6.9.7-HF1 - - ClearPass Policy Manager 6.8.x prior to 6.8.9-HF1. Aruba has released patches for...

CVE-2021-40991

Aruba ClearPass Policy Manager is affected by CVE-2021-40991, a remote information-disclosure vulnerability. Affected versions include ClearPass Policy Manager 6.10.x prior to 6.10.2, 6.9.x prior to 6.9.7-HF1, and 6.8.x prior to 6.8.9-HF1. The issue enables unauthorized disclosure of sensitive in...

Siren Federate 安全漏洞

Siren Federate is an application from Siren Ireland. It extends the Elasticsearch API to add high performance and scalable joins. A security vulnerability exists in Siren Federate that discloses user information across thread contexts when a low-privileged user and a high-privileged user execute...

PT-2009-5434 · Symantec · Symantec Altiris Deployment Solution

Name of the Vulnerable Software and Affected Versions: Symantec Altiris Deployment Solution versions 6.9.x before 6.9 SP3 Build 430 Description: The issue is related to improper access restriction to the listening port for the DBManager service. This allows remote attackers to bypass authenticati...

Design/Logic Flaw

Unspecified vulnerability in the Agent user interface in Symantec Altiris Deployment Solution 6.8.x and 6.9.x before 6.9.176 allows local users to gain privileges via unknown attack vectors...

CVE-2008-2291

axengine.exe in Symantec Altiris Deployment Solution 6.8.x and 6.9.x before 6.9.176 generates credentials with a fixed salt or without any salt, which makes it easier for remote attackers to guess encrypted domain credentials...