Code injection

Digital Watchdog DW Spectrum Server 4.2.0.32842 allows attackers to access sensitive infromation via a crafted API call...

CVE-2022-34534

Digital Watchdog DW Spectrum Server 4.2.0.32842 allows attackers to access sensitive infromation via a crafted API call...

CVE-2022-2401 Team members could access sensitive information of other users via an API call

Unrestricted information disclosure of all users in Mattermost version 6.7.0 and earlier allows team members to access some sensitive information by directly accessing the APIs...

MAL-2022-3986 Malicious code in iv-api-call-tracker (npm)

--- -= Per source details. Do not edit below this line.=- Source: ghsa-malware 8b385feaf487d9c09c11277be1320cad3f84fedf26c5d42f9483a3935a049b98 Any computer that has this package installed or running should be considered fully compromised. All secrets and keys stored on that computer should be...

Malicious code in iv-api-call-tracker (npm)

--- -= Per source details. Do not edit below this line.=- Source: ghsa-malware 8b385feaf487d9c09c11277be1320cad3f84fedf26c5d42f9483a3935a049b98 Any computer that has this package installed or running should be considered fully compromised. All secrets and keys stored on that computer should be...

Rancher Access Control Vulnerability

Rancher Labs rancher server 1.2.0+ is vulnerable to authenticated users disabling access control via an API call. This is fixed in versions rancher/server:v1.2.4, rancher/server:v1.3.5, rancher/server:v1.4.3, and rancher/server:v1.5.3...

GHSA-W3X4-9854-95X8 Rancher Access Control Vulnerability

Rancher Labs rancher server 1.2.0+ is vulnerable to authenticated users disabling access control via an API call. This is fixed in versions rancher/server:v1.2.4, rancher/server:v1.3.5, rancher/server:v1.4.3, and rancher/server:v1.5.3...

Design/Logic Flaw

Due to an insecure direct object reference vulnerability in Gitlab EE/CE affecting all versions from 11.0 prior to 14.8.6, 14.9 prior to 14.9.4, and 14.10 prior to 14.10.1, an endpoint may reveal the issue title to a user who crafted an API call with the ID of the issue from a public project that...

CVE-2022-1352

GitLab EE/CE is affected by CVE-2022-1352 due to an insecure direct object reference. Versions affected: 11.0 and newer up to but excluding 14.8.6 (i.e., 11.0–14.8.5), 14.9 until before 14.9.4 (i.e., 14.9.0–14.9.3), and 14.10 until before 14.10.1 (i.e., 14.10.0). The vulnerability allows an endpo...

CVE-2022-1352

Removed by vendor...

GHSA-H5RH-W6VM-9GHC Denial of service in Grafana

The snapshot feature in Grafana before 7.4.2 can allow an unauthenticated remote attackers to trigger a Denial of Service via a remote API call if a commonly used configuration is set. Specific Go Packages Affected github.com/grafana/grafana/pkg/middleware...

CVE-2021-39943

An authorization logic error in the External Status Check API in GitLab EE affecting all versions starting from 14.1 before 14.3.6, all versions starting from 14.4 before 14.4.4, all versions starting from 14.5 before 14.5.2, allowed a user to update the status of the check via an API call...

Authorization

An authorization logic error in the External Status Check API in GitLab EE affecting all versions starting from 14.1 before 14.3.6, all versions starting from 14.4 before 14.4.4, all versions starting from 14.5 before 14.5.2, allowed a user to update the status of the check via an API call...

CVE-2021-39943

An authorization logic error in the External Status Check API in GitLab EE affecting all versions starting from 14.1 before 14.3.6, all versions starting from 14.4 before 14.4.4, all versions starting from 14.5 before 14.5.2, allowed a user to update the status of the check via an API call...

CVE-2021-39943

Removed by vendor...

resource-agents bug fix and enhancement update

The resource-agents packages provide the Pacemaker and RGManager service managers with a set of scripts. These scripts interface with several services to allow operating in a high-availability HA environment. Bug Fixes and Enhancements: gcp-vpc-move-vip, gcp-vpc-move-route, gcp-pd-move: A failed...

resource-agents bug fix and enhancement update

An update is available for resource-agents. This update affects Rocky Linux 8. A Common Vulnerability Scoring System CVSS base score, which gives a detailed severity rating, is available for each vulnerability from the CVE list The resource-agents packages provide the Pacemaker and RGManager...

ALBA-2022:0347 resource-agents bug fix and enhancement update

The resource-agents packages provide the Pacemaker and RGManager service managers with a set of scripts. These scripts interface with several services to allow operating in a high-availability HA environment. Bug Fixes and Enhancements: gcp-vpc-move-vip, gcp-vpc-move-route, gcp-pd-move: A failed...

PT-2022-3945 · Unknown · Control Web Panel

Name of the Vulnerable Software and Affected Versions: Control Web Panel versions prior to 0.9.8.1107 Description: The issue is related to incorrect code generation management in the application. It allows a remote attacker to execute arbitrary code using a specially crafted request. Specifically...

Improper Privilege Management in heroiclabs/nakama

Description A predefined View Only user has access to the User Management function at the :7351//users endpoint. By default this is a predefined system administrator function, and no other users should be able to access this function. Proof of Concept - Create a View-only user with the...