CVE-2022-22770

The Web Server component of TIBCO Software Inc.'s TIBCO AuditSafe contains an easily exploitable vulnerability that allows an unauthenticated attacker with network access to execute API methods on the affected system. Affected releases are TIBCO Software Inc.'s TIBCO AuditSafe: versions 1.1.0 and...

TIBCO Security Advisory: February 15, 2022 - TIBCO AuditSafe -2022-22770

TIBCO AuditSafe API Authentication vulnerability Original release date: February 15, 2022 Lastrevised: --- CVE-2022-22770 Source: TIBCOSoftware Inc. Products Affected TIBCO AuditSafe versions 1.1.0 and below The following component is affected: Web Server Description The component listed above...

SUSE-RU-2021:3551-1 Recommended update for SUSE Manager 4.2.3 Release Notes

This update for SUSE Manager 4.2.3 Release Notes provides the following additions: Release notes for SUSE Manager: - Update to 4.2.3 - aarch64 support for CentOS 7/8, Oracle Linux 7/8, Rocky Linux 8, AlmaLinux 8, Amazon Linux 2 and openSUSE Leap 15.3 - Package Locking features is now available fo...

Exploitability Analysis: Smash the Ref Bug Class

In April 2020, security researcher Gil Dabah published a paper on a set of vulnerabilities he had discovered within the Win32k subsystem of the Windows operating system. These vulnerabilities demonstrated instances of a new class of bugs, dubbed “Smash the Ref.” Dabah’s research included 13 test...

SUSE-SU-2018:2551-1 Security update for cobbler

This update for cobbler fixes the following issues: Security issues fixed: - Forbid exposure of private methods in the API CVE-2018-10931, CVE-2018-1000225, bsc1104287, bsc1104189, bsc1105442 - Check access token when calling 'modifysetting' API endpoint bsc1104190, bsc1105440, CVE-2018-1000226...

CVE-2016-2164

The 1 FileService.importFileByInternalUserId and 2 FileService.importFile SOAP API methods in Apache OpenMeetings before 3.1.1 improperly use the Java URL class without checking the specified protocol handler, which allows remote attackers to read arbitrary files by attempting to upload a file...

New Relic: Stored XSS through Angular Expression Sandbox Escape

As an Admin of an account, I am able to set the Name of the Account to an Angular expression. This Angular expressions is resolved and executed on the Insights Welcome Page for anyone that is apart of the Account. Due to the ability to invite anyone even current NewRelic users to an Account, it...

Zabbix < 1.8.18rc1 / 2.0.9rc1 / 2.1.7 Multiple SQL Injections

According to its self-reported version number, the instance of Zabbix listening on the remote host is a version prior to 1.8.18rc1 / 2.0.9rc1 / 2.1.7. It is, therefore, potentially affected by multiple SQL injection vulnerabilities. The following API methods and parameters are reportedly affected...